Learn How Cloud Fax Meets HIPAA Compliance

What Measures Are Necessary for Faxes to Meet HIPAA Regulations?

cybersecurity employee

HIPAA compliance is a requirement that everyone in U.S. healthcare takes very seriously. Compliance breaches can lead to large government fines, significant damages related to court decisions, and extensive damage to an organization’s reputation. That’s why strict HIPAA compliance measures are a foundation of Concord’s online fax solution, Concord Cloud Fax. This blog post examines HIPAA compliant fax, why HIPAA fax compliance is important and necessary, and what measures are involved in compliance.

Learn why HIPAA compliance is important and necessary for online faxing, and what measures are involved in HIPAA compliance for this essential function for sharing healthcare information – speak to a Cloud Fax specialist.

What Is HIPAA?

In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was introduced to implement national patient record privacy standards. A 1999 update guaranteed patients’ protection against misuse or disclosure of their health records. While designed to improve efficiency and reduce costs for health care organizations by encouraging digital health record adoption, the law governed how information should be safeguarded and enforced the confidentiality of Protected Health Information (PHI).

How Does HIPAA Affect Faxing?

While HIPAA does not prohibit the use of fax machines, many health care practices find it difficult to meet demands of the implemented regulations while continuing to use their traditional paper-based devices. In many ways, an online fax solution like Concord Cloud Fax enables organizations to meet HIPAA regulations much more easily and effectively than could be achieved using traditional fax machines or servers.

A HIPAA Compliance Comparison Between Online Fax and Traditional On-Premises Fax

An examination of the following HIPAA compliant fax provisions shows the challenges of HIPAA for traditional on-premises fax and how online fax has compliance advantages:

  • Fax Machine Access

    Fax machines can deliver and print incoming PHI at any time—access must be controlled. However, meeting urgent needs for patient care can be a challenge when key information is secured behind lock-and-key. Concord allows incoming faxes to be sent to a unique fax number associated with the recipient’s email address. Information in a digital form can be sent directly from the application or by using an existing integration within an EHR or other application.

  • Fax Cover Sheets

    Faxes containing PHI require a protective cover sheet stating that confidential health information is included by patient authorization, should not be passed to other parties without express consent, and should be destroyed if not received by the intended recipient. No patient data should be visible on the cover sheet. These physical requirements apply to every physical and digital fax. Concord Fax Online supports optional and enforced cover sheets by user, department, or across the organization. Cover sheets can easily be customized to include all required disclosures and can be designed to reject the entry of any PHI on the cover sheet.

  • Fax Transmission Records

    Senders of paper-based faxes must retain confirmation sheet copies for all fax transmissions with the date, time, and the recipient’s fax number, as well as transmission and transaction log summaries. Concord stores detailed records of all fax transmissions and receipts, available for search. However, actual fax images with PHI are not stored on Concord’s network.

  • Received Fax Security

    For on-premises faxing, received faxes are to be stored securely after being removed from a physical fax device. Concord Fax Online delivers received faxes immediately to the correct recipient’s email address. As soon as delivery is confirmed, the images and associated data are completely removed from the Concord platform. Required authentication for access alleviates any concern that PHI will be accidentally (or intentionally) accessed by a 3rd party. Email also facilitates easy searching and retrieval of faxes. Most healthcare practices have adopted secure back-up of all email record, providing extra security.

Other Compliance Features of Concord Online Fax

As mentioned earlier, no PHI is stored on the Concord platform, and configurations are available to immediately remove all fax images containing PHI. For communication between the Concord platform and a user’s email server, confidential information remains secure and protected. In addition to these physical security controls, Concord contractually functions as a Business Associate for health care clients and will always be able to sign a Business Associate Agreement that governs the use or disclosure of PHI. For fax transmissions of PHI, both the covered entity and the Business Associate are required to implement and follow security measures pursuant to HIPPA regulations.

Ultimately, instead of worrying about fax HIPAA compliance, a reliable and HIPAA compliant cloud fax service allows healthcare providers to focus on what is really important—patient outcomes and care. Learn more about what’s involved in making the transition to HIPAA compliant Concord Cloud Fax .

Learn why HIPAA compliance is important and necessary for online faxing, and what measures are involved in HIPAA compliance for this essential function for sharing healthcare information – speak to a Cloud Fax Specialist.

Scroll to Top