Fax / Resources / Datasheets / HIPAA Compliant
HIPAA Compliant Cloud Faxing
4,463
Active investigations against covered entities resolved in 2013 by HIPAA’s enforcement arm, the Office of Civil Rights. 3,470 were resolved with “Corrective Action”.2
1,800%
The spike in data breaches of individual records of ePHI and PHI from 2008 to 2013, with up to 90 million records exposed this year alone.3
$1,500,000
The maximum fine a Covered Entity could face for a multiple willful neglect violationsviolations in a single calendar year.4
61%
The percentage of healthcare organizations surveyed by eFax Corporate cite fax as one of the two top approaches to exchanging critical information to non-employees.5
Healthcare providers, insurance companies and other covered entities trust eFax Corporate® to transmit their most sensitive documents.
eFax Corporate® can help your organization with HIPAA-compliant cloud faxing solutions.
“Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.”1 This is especially true given the risk of breach and exposure of ePHI over the Internet for covered entities today.
Do you know if your current fax infrastructure is in full compliance with HIPAA? With the Federal Act’s hundreds of pages of regulations, ongoing revisions, expansions and “clarifications,” keeping abreast of the regulations is complicated. eFax Corporate secure fax can help.
Increased HIPAA Enforcement Demands a Focus on Compliance.
As the regulations have solidified and experience has been gained, the Office of Civil Rights (OCR) and Centers for Medicare and Medicaid Services (CMS) have increased their enforcement, investigating more covered entities each year — and in many cases have enforced fines for breach violations.
In a 2012 report by Gartner Group — “As HIPAA Regulations Get Teeth, Healthcare Firms Feel the Bite” — analysts recommend covered entities “adjust security budgets and accommodate HIPAA regulatory compliance as part of normal and customary risk management,” due largely to “a significant increase in HIPAA enforcement.”
eFax Corporate®, complemented by eFax Secure™ delivers a fully HIPAA-compliant cloud fax solution.
Highly Secure Data Centers
Our Tier III and Tier IV colocations maintain current SSAE16 or SOC2 Certifications to help keep your faxes protected - and compliant - 24/7.
Transmission Tracking
Tracking faxes with unique patient identifiers helps meet HIPAA requirements.
Flexible Integration Options
XML APIs, SAP, and Salesforce integrations with optional TLS.
Document Management
Document control and online fax archiving meets HIPAA’s auditability demands.
TLS Encryption in transit
TLS Encryption of data in transit with AES 256-bit Encryption of data at rest.7
Business Associate Agreement
Business Associate Agreements available as required by HIPAA.
HIPAA Requires | eFax Corporate Delivers |
---|---|
Access Control: Requires covered entities to “Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in § 164.308(a)(4)[Information Access Management].” | The eFax Corporate online fax solution includes unique user identification, administrator privileges to grant and remove access, next generation (256-bit AES) encryption and other protocols to limit access to your organization’s authorized personnel only. Inbound documents may be sent to only the intended recipient’s email, limiting exposure and disclosure risks associated with faxing to a physical fax machine. |
Transmission Security: The Transmission Security Standard, 45 CFR § 164.312(e)(2)(i) requires that a covered entity must “Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.” | eFax Corporate®, combined with the highly-secure Transport Security Layer (TLS) protocol, creates a Virtual Private Network for your document transmissions to ensure your ePHI (and other business faxes) are never vulnerable at any point in transmission. |
Data Encryption: Where implementation is a reasonable and appropriate safeguard for the covered entity, the covered entity must: “Implement a mechanism to encrypt and decrypt electronic protected health information.” 45 CFR § 164.312(a)(2)(iv). | Adding the optional eFax Secure™ feature keeps your faxes encrypted at all times — both in transit and at rest. Storage of documents uses AES 256-bit encryption and robust in-transit TLS encryption. All data is secured and stored at our geographically redundant, Tier III and Tier IV colocations, which themselves are protected by multiple security layers 24/7/365. |
Audit Control: “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.” 45 CFR § 164.312(b). | eFax Corporate® employs multiple levels of audit control — from secure and automatic archiving of all faxes sent or received through eFax Corporate® for the life of your organization’s account, to transmission tracking with unique patient identifiers. |
Helpful Resources:
HHS HIPAA Enforcement Highlights: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/highlights/indexnumbers.html
Gartner Group Report: https://www.gartner.com/doc/2193917/hipaa-regulations-teeth-healthcare-firms
Regulatory Compliance: https://enterprise.efax.com/online-fax-services/regulatory-compliance
eFax Secure: https://enterprise.efax.com/online-fax-services/secure-fax
- Department of Health and Human Services. HIPAA Security Series Papers. http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf
- Department of Health and Human Services. Enforcement Results by Year. http://www.hhs.gov/ocr/privacy/hipaa/enforcement/data/historicalnumbers.html
- Washington Examiner. Brookings: Healthcare hacks up 1,800%, penalties on firms weak http://www.washingtonexaminer.com/brookings-healthcare-hacks-up-1800-penalties-on-firms-weak/article/2560199
- Department of Health and Human Services. HITECH Act Enforcement Interim Final Rule. https://www.hhs.gov/hipaa/for-professionals/security/index.html
- eFax Corporate® Healthcare IT Pulse Survey https://enterprise.efax.com/blog/healthcare-it-pulse-infographic-survey-results
- Department of Health and Human Services. Enforcement Results by Year. http://www.hhs.gov/ocr/privacy/hipaa/enforcement/data/historicalnumbers.html
- Optional eFax Secure™ provides highly encrypted TLS secure transmission (VPN) of data in transit with AES 256-bit encryption of data at rest.
- Department of Health and Human Services. HIPAA Security Series Papers. https://www.hhs.gov/hipaa/for-professionals/security/index.html