HIPAA Compliant Cloud Faxing

Healthcare providers, insurance companies and other covered entities trust eFax Corporate^® to transmit their most sensitive documents.

eFax Corporate^® can help your organization with HIPAA-compliant cloud faxing solutions.

Safeguarding your patients’ electronic protected health information (ePHI) is the law. However, when it comes to complying with the Security Rule (part of HIPAA) and implementation of technical safeguards, no specific requirement as to the technology solution a covered entity must implement to protect ePHI is identified. Rather, the Security Rule codifies that a covered entity must “Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.”¹ This is especially true given the risk of breach and exposure of ePHI over the Internet for covered entities today.

Do you know if your current fax infrastructure is in full compliance with HIPAA? With the Federal Act’s hundreds of pages of regulations, ongoing revisions, expansions and “clarifications,” keeping abreast of the regulations is complicated. eFax Corporate secure fax can help.

4,463

Active investigations against covered entities resolved in 2013 by HIPAA’s enforcement arm, the Office of Civil Rights. 3,470 were resolved with “Corrective Action”.²

1,800%

The spike in data breaches of individual records of ePHI and PHI from 2008 to 2013, with up to 90 million records exposed this year alone.³

$1,500,000

The maximum fine a Covered Entity could face for a multiple willful neglect violationsviolations in a single calendar year.⁴

61%

The percentage of healthcare organizations surveyed by eFax Corporate cite fax as one of the two top approaches to exchanging critical information to non-employees.⁵

Increased HIPAA Enforcement Demands a Focus on Compliance.

As the regulations have solidified and experience has been gained, the Office of Civil Rights (OCR) and Centers for Medicare and Medicaid Services (CMS) have increased their enforcement, investigating more covered entities each year — and in many cases have enforced fines for breach violations.

In a 2012 report by Gartner Group — “As HIPAA Regulations Get Teeth, Healthcare Firms Feel the Bite” — analysts recommend covered entities “adjust security budgets and accommodate HIPAA regulatory compliance as part of normal and customary risk management,” due largely to “a significant increase in HIPAA enforcement.”

Enforcement Results by Year.⁶

eFax Corporate^®, complemented by eFax Secure^™ delivers a fully HIPAA-compliant cloud fax solution.

Highly Secure Data Centers

Our Tier III and Tier IV colocations maintain current SSAE16 or SOC2 Certifications to help keep your faxes protected - and compliant - 24/7.

Transmission Tracking

Tracking faxes with unique patient identifiers helps meet HIPAA requirements.

Flexible Integration Options

XML APIs, SAP, and Salesforce integrations with optional TLS.

TLS Encryption in transit

TLS Encryption of data in transit with AES 256-bit Encryption of data at rest.⁷

Document Management

Document control and online fax archiving meets HIPAA’s auditability demands.

Business Associate Agreement

Business Associate Agreements available as required by HIPAA.

HIPAA Requires	eFax Corporate Delivers
Access Control: Requires covered entities to “Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in § 164.308(a)(4)[Information Access Management].”	The eFax Corporate online fax solution includes unique user identification, administrator privileges to grant and remove access, next generation (256-bit AES) encryption and other protocols to limit access to your organization’s authorized personnel only. Inbound documents may be sent to only the intended recipient’s email, limiting exposure and disclosure risks associated with faxing to a physical fax machine.
Transmission Security: The Transmission Security Standard, 45 CFR § 164.312(e)(2)(i) requires that a covered entity must “Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.”	eFax Corporate^®, combined with the highly-secure Transport Security Layer (TLS) protocol, creates a Virtual Private Network for your document transmissions to ensure your ePHI (and other business faxes) are never vulnerable at any point in transmission.
Data Encryption: Where implementation is a reasonable and appropriate safeguard for the covered entity, the covered entity must: “Implement a mechanism to encrypt and decrypt electronic protected health information.” 45 CFR § 164.312(a)(2)(iv).	Adding the optional eFax Secure™ feature keeps your faxes encrypted at all times — both in transit and at rest. Storage of documents uses AES 256-bit encryption and robust in-transit TLS encryption. All data is secured and stored at our geographically redundant, Tier III and Tier IV colocations, which themselves are protected by multiple security layers 24/7/365.
Audit Control: “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.” 45 CFR § 164.312(b).	eFax Corporate® employs multiple levels of audit control — from secure and automatic archiving of all faxes sent or received through eFax Corporate® for the life of your organization’s account, to transmission tracking with unique patient identifiers.

Department of Health and Human Services. HIPAA Security Series Papers.⁸

Helpful Resources:

HIPAA: http://www.hhs.gov/ocr/privacy/index.html

HHS HIPAA Enforcement Highlights: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/highlights/indexnumbers.html

Gartner Group Report: https://www.gartner.com/doc/2193917/hipaa-regulations-teeth-healthcare-firms

Regulatory Compliance: https://enterprise.efax.com/online-fax-services/regulatory-compliance

eFax Secure: https://enterprise.efax.com/online-fax-services/secure-fax

Department of Health and Human Services. HIPAA Security Series Papers. http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf
Department of Health and Human Services. Enforcement Results by Year. http://www.hhs.gov/ocr/privacy/hipaa/enforcement/data/historicalnumbers.html
Washington Examiner. Brookings: Healthcare hacks up 1,800%, penalties on firms weak http://www.washingtonexaminer.com/brookings-healthcare-hacks-up-1800-penalties-on-firms-weak/article/2560199
Department of Health and Human Services. HITECH Act Enforcement Interim Final Rule. https://www.hhs.gov/hipaa/for-professionals/security/index.html
eFax Corporate® Healthcare IT Pulse Survey https://enterprise.efax.com/blogs/healthcare-it-pulse-infographic-survey-results
Department of Health and Human Services. Enforcement Results by Year. http://www.hhs.gov/ocr/privacy/hipaa/enforcement/data/historicalnumbers.html
Optional eFax Secure™ provides highly encrypted TLS secure transmission (VPN) of data in transit with AES 256-bit encryption of data at rest.
Department of Health and Human Services. HIPAA Security Series Papers. https://www.hhs.gov/hipaa/for-professionals/security/index.html