Laura Luisotti

by | Aug 7, 2018

HIPAA compliance and Fax Server. Why care.

Want more awesome content? Sign up for our newsletter.

HIPAA: protect your patients’ data

HIPAA, the Health Insurance Portability and Accountability Act, it’s an American law enacted by the United States Congress to set the standard for sensitive patient data protection, as part of an effort to reduce health-care costs, optimize resources and protect patient data by encouraging the use of electronic data interchange in the US health-care system.
Bill Clinton signed it with his own hand, back in 1996.

Together with HITECH – the Health Information Technology for Economic and Clinical Health Act, implemented in 2009 to expand HIPAA legislation – the Act encourages the widespread use of electronic health records to protect sensitive patient data and improve efficiency and effectiveness of the nation’s health-care system. It also aims to make it easier for US workers to maintain health insurance coverage when they change or lose their jobs and to reduce health care fraud and abuse.

At a practical level, in addition to promoting the almost exclusive use of electronic medical records rather than paper, HIPAA contains measures to ensure the security and privacy of Protected Health Information (PHI) when it is transferred, received, handled, or shared.

These personal and sensitive data include a wide range of health and health-related information that enables personal identification, such as insurance data, billing information, diagnoses, clinical data, laboratory tests, scans and results of clinical examinations.

HIPAA subjects

So, whether you are

  • hospitals
  • healthcare providers
  • employer-sponsored health plans
  • research centers
  • insurance companies dealing with patients
  • or even business companies that deal with PH

you should care about HIPAA.

Now, let me tell you how we’ve made the tools you use every day compliant, starting with the IP Fax Server.


In short

What is it?
HIPAA it’s an American law that sets the standard for protecting sensitive patient data.

Who does it affect?
US companies managing all sort of PHI.



How StoneFax ensures compliance with HIPAA


Ok, you might say; so far so good. I want to protect my patients’ data and comply with the rules.
But how can I keep doing my job and make sure that the tools I use every day are HIPAA compliant?

Well, you’re in luck: this is precisely what Imagicle took care of during the last Summer Release 2018, implementing a set of advanced capabilities for the applications in scope, Stonefax and Call Recording, still among the most useful and popular solutions in this field.

StoneFax, a completely software-based IP Fax Server, guarantees data security enabling a high-reliability architecture to be implemented.

You can send and receive faxes directly from your computer, via e-mail or web interface, by printing a document or using the new gadget for Jabber. You can also manage faxes using your smartphone or tablet, and if some of your colleagues are stuck in the past, they can continue sending and receiving faxes via the network multifunction printer.

Imagicle IP Fax server

Imagicle IP Fax server

 

Now, since faxes can concern anything, including sensitive health data, they definitely fall under the directives of the HIPAA regulations.

That’s why we must take into account some precautions, such as:

ok imagicle Provide role-based access
In Stonefax, data access is differently protected depending on the use you make of it: access to the web interface, for example, is only allowed for users with authentication credentials. Depending on the role, therefore, it is possible to access different types of information.
ok imagicle Guarantee a flexible data retention
Again, to make data management and protection easy and fast, Stonefax allows you to easily set the retention period of faxes to ensure that the data are kept as long as it’s necessary.
ok imagicle Pay attention to data processing rights
Sometimes, the data subject can ask the data controller to confirm that he’s processing his data, perhaps to request a change. StoneFax allows you to guarantee these rights through the web interface, from which you can quickly search all incoming or outgoing faxes.
ok imagicle Store the data with the proper encryption and prepare for every contingency
Finally, in addition to supporting High Reliability in Active-Active mode, with the optional Imagicle cluster module, StoneFax automatically stores all incoming and outgoing fax documents in Imagicle ApplicationSuite Virtual machine’s hard drive as TIFF files, applying BitLocker-based data encryption to fulfill HIPAA regulations. Which, in simple terms, means that the archive of sent/received faxes is kept secure on the server/virtual machine where StoneFax runs.
ok imagicle

Audit all incoming and outgoing faxes
And, since we’re hopeless perfectionists, starting from the Winter Release ’19 the admin will also be able to download, in CSV format, the complete audit trail of the activities performed from the list of incoming and outgoing faxes, in order to keep track of and know the date and time of any action carried out on the data. Therefore, it will be possible to know if any fax information has been deleted or exported and who carried out these operations.


In short

StoneFax, the IP Fax Server from Imagicle ApplicationSuite, ensures HIPAA compliance thanks to role-based access, data encryption, self-synchronized databases and audit trail.



So, is it a good idea to continue using the traditional fax machine?

 

Well, it depends on what you mean by “good idea.” 😁
HIPAA doesn’t directly prohibit the use of fax machines to communicate PHI. Undoubtedly, though, we must consider what’s reported in the HIPAA Safeguard Principle, according to which: “Individually identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure.”

If we now think about how a traditional fax machine works, we immediately notice that respecting this principle and protect the privacy and security of the information at the point of dispatch, transit, delivery, and storage can be really complicated, since:

  • Fax machines may not be located in a secure area, and access to faxes may not be restricted to authorized personnel only.
  • Fax machines may save copies of received faxes, so that additional copies of the sensitive material can be printed by those who have access to the fax.
  • Incoming faxes may not be removed immediately from the output tray, thus incurring in the eventuality of inappropriate use or disclosure.
  • Documents printed on paper after being faxed could be placed in an unsafe location.

Choosing a fax software solution not only reduces the hassles of manual faxing – printing out the document, walking to the fax machine, waiting for the fax to go through, not to mention the cost of fax machine supplies and repair – but it allows you to perform the same functions and many more without worrying about security issues when handling sensitive data.
It’s really the best of both worlds.


In short

Traditional faxing is affected by several security issues that may prevent health organizations from being HIPAA compliant. Choosing a fax software solution can help save time and money and meet safety standards.



#stayimagicle and #savesometrees 😜

 

Summer 2018

Don’t miss the next post on Summer Release 2018. We’ll be talking about how we made our Call Recording solution HIPAA compliant through role-based security, encryption, audit trail, and configurable retention policy.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *