Does any of this apply to you?
- Faxes going to the wrong recipient, or a wrong number
- Sent or received faxes left on the fax machine
- No cover page with a confidentiality notice
Instant digital communication is a dream come true for healthcare professionals, but it can also be a nightmare. While we’re still in a no-man’s-land between fully digitized medical records and old school paper faxes, there’s a lot of room for error that could cost your organization.
Feeding paper Personal Health Information (PHI) into a standard fax machine puts you at risk of violating HIPAA regulations. First off, that dedicated phone line for your fax machine is not secure. There’s no way for you to know who is collecting sensitive information being printed out on the other end. Add to that the daily rush of your office and a transposed phone number, and you create the possibility of unintentionally sending the data somewhere you didn’t intend.
HIPAA’s privacy rule requires providers to show that reasonable safeguards were in place when PHI is shared, and traditional fax machines can be problematic in this regard if you can’t show that your safeguards were in fact reasonable.
Violations happen when sending a fax to a new number that is not in the speed dial or memory of the machine.
Renal and Urology News reported in 2013 that an HIV-positive patient asked his doctor’s office to have his medical records sent to his new urologist. The pressed-for-time office manager instead entered the fax number of his employer. It resulted in an investigation by the Office of Civil Rights, many difficult apologies and a time-consuming training program for all the employees of the practice.
So, what should you do if you are still tied to your old paper fax machine? Here’s what we recommend.
- Never let the fax machine outfeed hold even one fax. There should be no opportunity for someone to walk by the machine and see what’s in the tray unless they are the stated recipient of the document. You might also consider moving the machine to a secure location where one person is tasked with discreetly distributing sensitive information.
- Always use cover pages that will obscure the PHI underneath. This is actually a HIPAA requirement and includes a mandate to use an approved confidentiality statement. It should also include the date and time, name of the recipient, destination fax number, and the sender’s name, organization, and phone number.
- Maintain an accurate record of who handles each fax. Pretend that an audit could happen at any time! Fines for noncompliance can result from neglecting secure fax procedures.
- Deep six your old fax machine altogether and switch to a HIPAA-compliant cloud-based service that can send and receive documents through an internet connection. Encryption can secure PHI while it’s stored online, and a good fax application like our hFax platform can provide every detail about each fax including who had it on their screen and for how long.
Centralis Health is ready to help you secure your PHI procedures, most of all, simplify it! Contact us to find out more about our hFax solution that has already revolutionized the daily operations of our many relieved clients.
** What’s HIPAA? It’s an abbreviation for the Health Insurance Portability and Accountability Act of 1996, passed by the US Congress as federal law. It provides for several benefits to the health consumer, including the ability to keep insurance coverage when they lose or change jobs that provide benefits, making it more difficult to commit health care fraud and abuse, setting national standards for how information is coded and communicated between providers and billing agencies, and requiring confidentiality for any personal health information.
It applies to entities such as doctor’s offices, insurers, hospitals and their business associates like information technology providers, billers and other agencies that handle PHI.
Pingback: Faxing HIPAA Data: Methods to Safeguarding Sensitive Data