Hipaa Compliant Efax And The Role Of The Ba Agreement With Covered Entities Like A Fax Platform Clea

By Author: Kevin McQueen
Total Articles: 1
Comment this article

If you're reading this article, you are likely looking for a HIPAA compliant fax solution for your healthcare related practice. This article is intended for a non technical user as a quick safeguard. One very important consideration regarding HIPAA compliant online faxing is the definition of 'Covered Entity'. According to the US Department of Health and Human Services the following definition applies (http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/index.html), "This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa." So one must consider the entire document lifecycle from 'sending' to 'receiving' . The Privacy law says that certain technical safeguards must be taken for the PHI to be considered secure, below is the overview from the HHS.gov.

Technical Safeguards

Access Control. A covered entity must implement technical policies and procedures that allow only authorized persons to access electronic protected health information (e-PHI).24

...
... /p>

Audit Controls. A covered entity must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI.25

Integrity Controls. A covered entity must implement policies and procedures to ensure that e-PHI is not improperly altered or destroyed. Electronic measures must be put in place to confirm that e-PHI has not been improperly altered or destroyed.26

Transmission Security. A covered entity must implement technical security measures that guard against unauthorized access to e-PHI that is being transmitted over an electronic network.27

Although there are many interpretations and ways technically to send secure online fax, whether over VPN or via SFTP, understanding the path and the security protocols put in place for HIPAA compliant faxing can be complex for a small provider. The safest way to ensure compliance for the non technical provider is to simply get the fax service provider to sign a BAA and then ensure that the path of the document does not traverse the internet without being encrypted. So the leg from the fax service provider to an email address should have some method of encryption, whether it is the pipe or the document. Once this step is complete, you are ready to receive efax with PHI.

Kevin McQueen

Principal

FaxSolutions.us

Authorized Easylink Sales Agent

http://www.faxsolutions.us

678-581-2740 office

404-392-6838 mobile

faxtoplogo


For more information about hipaa-compliant-internet-fax please move on http://www.faxsolutions.us/hipaa-compliant-internet-fax.php