Many medical offices rely on fax as a secure way to share forms, health records, and other info that may contain PHI. But faxing is incredibly outdated and a pain for providers and patients alike. Thankfully, there are a number of more efficient and convenient alternatives to fax that are secure and HIPAA-compliant.
HIPAA does not require Covered Entities like medical providers to transmit PHI via fax. HIPAA does mandate that PHI remains secure both at rest and in transit. Additionally, while HIPAA’s Privacy Rule applies to all PHI, the Security Rule only applies to healthcare providers that electronically store or transmit health information (ePHI). Because traditional fax takes place over phone lines, it is exempt from the HIPAA Security rule. According to the US Department of Health & Human Services:
“The Security Rule protects a subset of information covered by the Privacy Rule, which is all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. The Security Rule calls this information “electronic protected health information” (e-PHI). The Security Rule does not apply to PHI transmitted orally or in writing.”
So faxing is not required by HIPAA, but it is a way to send PHI that does not have to comply with the Security Rule. Unfortunately, many providers don’t realize that the standards set by the Security Rule have gotten much easier to implement and are, in many cases, less hassle than insisting on fax-only PHI transmission. Encryption is one of the best ways to protect the security of ePHI and has become widely available for a wide range of online applications.
Get a Technical Consultation on HIPAA-Compliant Fax Alternatives
Electronic faxing is a short term solution for providers currently using traditional fax. You still use your recipient’s fax number, but with efax, you can send from any internet-enabled device: desktops, laptops, tablets, or smartphones. If securely configured with encrypted transmission, electronic faxing can be HIPAA compliant. Prominent providers like eFax even publish guides specifically addressing HIPAA.
Unfortunately efax still relies on the underlying fax infrastructure that more and more offices (and providers) are abandoning. For a more long term and reliable solution, it’s best to look at other modes of transmission.
Standard email is not very secure, but there are a whole host of encrypted email services now that are HIPAA compliant. In addition to end-to-end encryption, your email accounts must have adequate access controls in place, such as strong passcodes and multi-factor authentication. You will also need to sign a Business Associate Agreement (BAA) with your email provider, train your staff on your email security policies, and obtain written consent from patients to send them ePHI via email before doing so.
EMR and EHR systems are quickly becoming the standard for handling ePHI internally and externally. EMR systems securely store ePHI within practices, while EHR systems can be used to share important ePHI like lab results, imaging, and patient histories with other providers and with patients. Many EHRs allow practices to set up secure, HIPAA compliant online portals that eliminate the need for patients to fax or email forms back-and-forth with providers, like Epic’s MyChart. Some of the most common EHR vendors include Epic Systems Corporation, Oracle Cerner, MEDITECH, and Evident. Transitioning from paper records to an EMR or EHR can be a daunting task, but it is well worth the boost to productivity, communication, and patient satisfaction.
HIPAA compliance can be daunting, especially from a technological aspect. But as fax technology becomes increasingly outdated and hard to maintain, it is prudent to invest in secure, encrypted solutions for the storage and transmission of your patient’s ePHI. Contact your Digital Agent for personalized recommendations on fax alternatives and other technology solutions for your practice.
Digital Agent combines the latest technical innovations with old-fashioned service values. Modeled like a family-run business with a commitment to customer care, personalized service and attention to detail.