Practice Management Alert

HIPAA Question of the Month:

Protect Your Electronic Faxes From HIPAA Liability

Step up your security to prevent unauthorized disclosures of e-PHI

HIPAA violations can lurk in the most unexpected places - such as e-mails, faxes and phone calls. You can ensure HIPAA compliance by keeping on top of the communication methods in your billing office. Check out this expert HIPAA Q&A: Question: Our office recently switched to receiving faxes electronically. What is the best way to secure the e-PHI being sent and received? 
 
Answer: Once a fax becomes electronic, it is considered electronic personal health information, or e-PHI, says Frank Bresz, senior manager of Security & Technology Solutions at Ernst & Young in Pittsburgh. Therefore, you must develop "proper access controls so that only authorized users can see that document," he says.
 
Best practice: "Store faxes on a central server" that allows everyone to see who should receive each fax, Bresz says. Remember: You must protect outbound faxes, too. Establish a validation procedure so that if a patient asks you to fax her something, you can determine that it is an authentic request, Bresz says. Update Your HIPAA Compliance Plan The bottom line: "You don't want someone to just call up and obtain confidential information," Bresz says. Make sure you have procedures in place to ensure that you send faxes to the right place. And when you receive an e-fax, be sure it has the same protections as the rest of your e-PHI, he says.
You’ve reached your limit of free articles. Already a subscriber? Log in.
Not a subscriber? Subscribe today to continue reading this article. Plus, you’ll get:
  • Simple explanations of current healthcare regulations and payer programs
  • Real-world reporting scenarios solved by our expert coders
  • Industry news, such as MAC and RAC activities, the OIG Work Plan, and CERT reports
  • Instant access to every article ever published in Revenue Cycle Insider
  • 6 annual AAPC-approved CEUs
  • The latest updates for CPT®, ICD-10-CM, HCPCS Level II, NCCI edits, modifiers, compliance, technology, practice management, and more

Other Articles in this issue of

Practice Management Alert

View All