Healthcare providers must abide by regulations put into place under the Affordable Care Act. They must ensure all electronic personal health information is secured and in compliance with federal guidelines. To do so, they must remain diligent and plan how these records will be handled.
People often assume a healthcare provider will receive a certificate or designation if they are compliant. However, that isn’t the case. It simply means they adhere to specific guidelines and practices when it comes to the handling of personal patient information. For this reason, many providers choose to use mFax’s HIPAA-compliant fax service.
What is a Business Associate Agreement?
The United States Department of Health and Human Services (HHS) defines any person that handles activities or functions for a covered entity as a business associate. They work with personal health information. A fax company working with HIPAA-protected content offers a business associate agreement (BAA), so the healthcare provider knows they are in compliance with all guidelines. While HHS offers general guidelines for BAAs, providers need to review each fax provider’s BAA, as the provider may have additional stipulations that must be met.
Indemnity and liability clauses are becoming more commonplace, so these BAAs are increasing in complexity. In fact, more people are now choosing to walk away from an agreement because of provider overreach. Healthcare providers want indemnity clauses kept separate from BAAs. Covered entities would like to see these agreements closely mimic those issued by HHS.
The agreements continue to become more contentious. All parties understand the importance of protecting personal health information, so additional disagreements might arise in the future.
Security and Encryption
HIPAA communications must meet certain standards when it comes to security and encryption. While HHS has issued minimum requirements, a healthcare provider might want to see additional measures implemented. The fax vendor is required to have an API that handles TLS-encrypted connections. Furthermore, the API endpoint is required to support TLS 1.2 or higher.
The developer tools in Chrome will provide information regarding the API endpoint. When the API address appears in the browser, right-click and then choose inspect. A security tab should appear that provides information about the connection settings. It also shares information about the TLS version.
Using Email to Send Faxes
Wouldn’t it be easier to send faxes using email? Many people feel they could eliminate a step by using their email provider. However, any organization that must comply with HIPAA guidelines needs to take care when using email. While an email provider may list security measures in place, this doesn’t mean they will comply with HIPAA. It falls on the healthcare provider to ensure they do.
Sending personal health information through email leaves it exposed to cybercriminals or open to anyone on the internet. Anyone who uses email has probably had their account hacked at least once. Each email travels over various networks before arriving at the destination. At any point in this journey, it could be intercepted and fall into the wrong hands.
When comparing cloud fax providers, make certain they have measures in place to protect any information sent electronically. Learn which measures they use to protect this information and the healthcare providers. No healthcare provider wants to be penalized or heavily fined because they chose the wrong fax partner. Sadly, this happens more than people realize.
Leave a Reply