Question: Our office recently switched to receiving faxes electronically. What is the best way to secure the e-PHI being sent and received? Answer: Once a fax becomes electronic, it is considered e-PHI, reminds Frank Bresz, senior manager of Security & Technology Solutions at Ernst & Young in Pittsburgh, PA. Therefore, you must develop "proper access controls so that only authorized users can see that document," he says. Best practice: "Store faxes on a central server where users have the ability to know who the fax was destined for," Bresz suggests. Remember: You must protect outbound faxes, too. Tip: Establish a validation procedure so that if a patient asks you to fax her something, you can determine that it is an authentic request, Bresz recommends. The Bottom Line: "What you don't want is someone to just call up and obtain confidential information," Bresz says. Make sure that you have procedures in place to ensure that you send faxes to the right place. And when an e-fax is received, be sure it has the same protections as the rest of your e-PHI, he asserts