By Jeff Solis, senior product marketing manager, eFax Corporate.
The survival of highly regulated industries such as healthcare depend on secure information exchange.
Healthcare organizations, or “covered entities,” as they’re known, exchange large volumes of sensitive data daily: billing and medical records, prescriptions and refill requests, lab requisitions, clinical field trial results, patient clinical data, plus insurance claims, denials, appeals, and invoices.
Traditional analog fax, relic that it is, still transmits over the public telephone network, and remains difficult, if not impossible to intercept. For this reason, it is regarded as a more secure form of communication than email. In fact, a report on the health industry’s use of fax machines showed 75 percent of medical communication in the United States takes place via fax. Recent high-profile incidents of massive cyber-attacks exposing the personal details of millions of customers and patients reinforce the view that email remains a highly vulnerable means of business communication.
However, fax remains a viable means of exchanging protected healthcare information (PHI) for other reasons too. A recent IDC study noted that 25% of large businesses surveyed prefer fax over email because they believe it reduces their risk of violating data privacy regulations. An additional 28% prefer fax because it makes document tracking easier and sends alerts as to the success or failure of a transmission.
Then there’s the regulatory factor. Federal regulators who enforce healthcare data-privacy rules have exempted fax (and phone calls) from certain aspects of the HIPAA Security Rules. This has led to the widespread perception that fax is more compliant than other types of electronic communication for the transmission of PHI.
So fax persists. But the world has changed, and so have old notions about fax reliability. In fact, the issue has taken on greater importance with the Centers for Medicare & Medicaid Services Administrator Seema Verma challenging software developers to make physicians’ offices fax-free by 2020.
The Trouble with Legacy Fax
If you still use a fax machine, multifunction printer, or rely upon on-premises fax servers to transmit your faxes, then you support legacy fax.
This is a huge problem! Why? Because legacy fax can fail in ways that threaten an organization’s data security, and if in today’s data-driven world covered entities can’t keep the PHI of patients free from unauthorized exposure, they’d better, well, cover their entities as HIPAA violations are expensive and can torpedo your reputation, even your livelihood.
- If you fax PHI to an unauthorized recipient, you have just committed a HIPAA Privacy Rule violation. It doesn’t matter if it was done by mistake.
- Documents containing PHI left unattended on fax machines are vulnerable to unauthorized viewers – another HIPAA privacy violation.
- And if you don’t have a written policy that specifies a set of procedures to secure faxed PHI at both ends, you are not in compliance. This is a big violation.
But the problems of legacy fax go beyond security and compliance failures. If a company’s fax process lacks the redundancy and resiliency to survive adversity, employees find themselves unable to fax until problems are resolved. In a healthcare environment, this means being effectively shut down.
So in any conversation about fax reliability, the subject quickly turns to redundancy: A system lacking multiple fail-safe layers of protection is not only less secure, but also less compliant, and less capable of conducting business as usual.
That’s where the basic architecture of a good cloud fax system gets it right. And comes at no extra cost.
Faxing for the 21st Century
A well-designed cloud fax service is superior to an on-premises product as it is more efficient, survivable, and secure. Cloud faxing can be incorporated into regular workflows, providing a secure solution that’s encrypted for HIPAA compliance. Documents can be collected as part of a patient record, eliminating steps required to scan paper records and match them to the correct patient in the EMR.
It also gives employees the means to fax from anywhere, as they can be sent from a computer, tablet or smartphone through a secure mobile app. If a higher level of security is required, cloud faxing can store documents in a secure server with 256-bit encryption. Users log in to the server to view faxes.
Cloud fax is also more cost-effective as you pay only for the fax capacity you need, and no longer have to maintain legacy hardware or software. What’s more, cloud fax is easier on the IT team, as all maintenance issues become the provider’s responsibility.
The integrity of healthcare data is now held as sacrosanct. If it is not delivered correctly, dependably, and completely, the consequence to organizations and individuals can be catastrophic.
The problems with legacy faxed communication are numerous, including patient privacy and potential HIPAA concerns related to unattended paper records or inadvertent dialing. That’s why more providers should consider turning to cloud fax – the only viable option for a modern healthcare organization looking for a reliable, secure, and HIPAA compliant communication solution.