HIPAA Question of the Month:
Protect Your Electronic Faxes From HIPAA Liability
Published on Sun Sep 19, 2004
Step up your security to prevent unauthorized disclosures of e-PHI
HIPAA violations can lurk in the most unexpected places - such as e-mails, faxes and phone calls. You can ensure HIPAA compliance by keeping on top of the communication methods in your billing office. Check out this expert HIPAA Q&A: Question: Our office recently switched to receiving faxes electronically. What is the best way to secure the e-PHI being sent and received?
Answer: Once a fax becomes electronic, it is considered electronic personal health information, or e-PHI, says Frank Bresz, senior manager of Security & Technology Solutions at Ernst & Young in Pittsburgh. Therefore, you must develop "proper access controls so that only authorized users can see that document," he says.
Best practice: "Store faxes on a central server" that allows everyone to see who should receive each fax, Bresz says. Remember: You must protect outbound faxes, too. Establish a validation procedure so that if a patient asks you to fax her something, you can determine that it is an authentic request, Bresz says. Update Your HIPAA Compliance Plan The bottom line: "You don't want someone to just call up and obtain confidential information," Bresz says. Make sure you have procedures in place to ensure that you send faxes to the right place. And when you receive an e-fax, be sure it has the same protections as the rest of your e-PHI, he says.