eFax Corporate Recorded Webinars

Hello and welcome to today’s Webinar, “Maximize Your MFPs (or multifuction printers) With Cloud Faxing – Is Your Business Ready?

 

I’m Michael Flavin, Sr. Product Manager with eFax Corporate®, and I’m joined by Brad Spannbauer, Director, Product Development, also from eFax Corporate®.

 

Today we’re going to cover a few topics, starting with why faxing is still necessary for millions of businesses, even in our modern, Internet era. Then we’ll discuss and dispel some of the major misconceptions about faxing, email and MFPs.

 

After that we’ll talk through a few uses, to show you how integrating MFPs with fax can benefit businesses. And then we will introduce you to the eFax Corporate MFP faxing feature, and show you why it makes sense for your business.

 

And finally, we’ll turn the discussion over to you, and your questions, with our Q&A section.

So… Multifunction Printers (MFPs) are often overlooked as opportunities to improve the efficiencies and workflows of a business’s workforce.

 

Once they’re installed, MFPs are utilized for most of their intended uses – printing, copying, and scanning to email or shared server files…but what about faxing right from “the glass”?

 

First, let’s discuss why faxing is still relevant today – and will be for the foreseeable future. Then we’ll discuss how you can integrate your fax capability into the MFPs you’ve already invested in, to extend the capabilities of your MFPs to the cloud. And finally we’ll get into why that’s a smart decision.

 

Now, I know what some of you are thinking: Isn’t fax just another outdated technology we no longer need? Is it still even necessary?

 

It is for these guys! Industries like healthcare, legal, real estate, financial services and manufacturing all rely on faxing, sometimes every day, to operate their businesses. Many other industries do as well. We’ll discuss why in a moment.

But first, consider these stats.

 

According to a CIO Magazine article from just a couple of years ago, nearly three quarters of US businesses still have traditional fax machines.

 

And a recent MSN News feature cited research indicating there are roughly 17 million fax machines operating today.

 

Interestingly, 17 million is also the number of MFPs sold in 2014, according to a report from research firm IDC.

 

By the way, these MFP makers shown here represented the top 5 brands for 2014.

 

But let’s get back to fax, which is still an important component of most businesses’ overall communication infrastructures, for many reasons.

 

There are business needs. For example, what if delivery requires a confirmation receipt?

 

There are compliance needs. What if a fax transmission is more aligned than other communication methods with your industry’s privacy regulations?

 

There’s also often the need for document traceability. What if you need a clear and complete audit trail of every transmission?

 

And of course there are market demands What if your customers or partners demand a fax?

 

And finally…

 

Security Requirements. What if your document contains sensitive data and needs additional layers of security only a secure fax can provide?

 

So, we’ve established that fax is still relevant, even necessary, to many industries. And we’ve established that faxing as a communication protocol is not going away anytime soon.

 

The questions now are…

 

How old are your fax servers? At 3 years, may be time to look at retiring.

 

Where does it hurt? Rebooting servers often? Having regular technical or outage issues?

 

Business Model and SLAs: Does your provider sell ‘hybrid’ and on-premise fax servers? Why would they sell you both? Is this in your best interest?

 

Features: What features does the provider offer? Mobile apps? Lifetime storage online, with easy search capability? Do the features meet your org’s needs?

 

Financial considerations: Have you done a cost/benefit analysis of Traditional vs. Cloud Faxing?

 

It’s easier than you might think to eliminate fax machines, fax servers, telco lines, fax cards and the IT headaches associated with supporting aged or end-of-life fax infrastructure…

 

In fact, it can even be quite seamless and painless, with new technology that lets you integrate your MFPs, ERM, EHR, CMS, CRM, SRM directly with a cloud Fax API service.

 

The best way to explain how this works is to quickly run through some common misconceptions about fax, email and MFPs.

 

Many people believe they can eliminate all fax capability and replace it with scanning and emailing.

 

But this leaves the business open to several issues. First, there’s no centralized process for tracking and auditing documents scanned and then emailed.

 

Also, as we stated earlier, what if your customer demands communicating by fax? And what does this scan-to-email mean for compliance with privacy rules?

 

Many organizations have also been burned by the VoIP and FoIP migration misconception.

They assumed that moving to these IP-based technologies for their communications would allow fax to follow along. But VoIP and FoIP are notoriously unreliable when it comes to faxing. They often drop packets and simply fail to transmit fax documents.

 

And what about the notion that email is more secure than fax?

 

It certainly can be, but organizations need to build in that security themselves — such as using advanced protocols like Transport Layer Security for transmission and then at least as strong encryption protocols for the emails while at rest, in storage. A secure faxing protocol — such as the cloud-fax system from eFax — can be more secure than email.

 

Finally, many people assume that the scan-to-email solution is their only option to transmit a document straight from the MFP device — because, they believe, you can’t fax from an MFP.

 

Not so! Turns out with the right cloud fax solution, you can integrate your faxing with virtually any Multifunction Printer or Multifunction Device — no hardware required, no client software required, no setup, no maintenance. And no more IT headaches!

 

So let’s talk about that last point. Yes, you can deploy a cloud fax solution that lets you take advantage of the one function you might have assumed impossible with your existing Multifunction Printers: you can fax directly from them.

 

And here’s how fast and easy it is to extend the capabilities of your MFPs to include cloud faxing.

An eFax account and your existing MFPs are all you need.

 

Our first scenario, this is typical of the setup in a small office, say a small legal practice or real estate office where a desktop or Consumer MFP is being used, often shared by the office. In most cases, the MFP has an email address assigned to it by the manufacturer, with emails routed through a cloud email service managed by the vendor. Usually messages sent to the MFP’s email address will be printed automatically.

 

To set up the integration, just add the MFP’s email address as both a Send and Receive Address on one of the office eFax user accounts. Once added to an account, faxes sent to the user’s fax number will be emailed to the printer and will print automatically. When sending, use the “scan to email” function to generate an email message, then address the outgoing email as normal when using eFax: faxnumber@efaxsend.com. 

 

This is easy to set up, easy to use, and has almost no administrative overhead – you’re just using an existing account. Because it’s all tied to one account, though, you lose reporting on individual usage and have only a minimal audit trail. Using the vendor’s email server limits your security options – TLS encryption may not be supported.

 

The second scenario involves the use of a larger MFP, usually one of many located within a larger office or across an enterprise. These devices are often integrated more tightly into the organization’s network. In most cases, these MFPs will have an email address assigned by the network admin and will leverage the organization’s email infrastructure. The device may also have access to network shares for storing files. Messages sent to the MFD’s email address can be printed automatically or written to a storage directory. The MFD is not configured to require individual user authentication – anyone in the office can walk up and scan, copy, or print.

 

To set up the integration, create an eFax user account for the device, using its email address for sending and receiving. Faxes sent to the MFD’s fax number will be emailed to the printer for automatic printing or storage. When sending, use the “scan to email” function on the MFP, then address the outgoing email as normal when using eFax: faxnumber@efaxsend.com.

 

This configuration is easy to set up and easy to maintain, and allows any employee in the office to send a fax without having an eFax account. You can assign a custom cover page to each printer account. And by using your email server, you can implement tighter security protocols like TLS encryption.

 

However, like the desktop solution, this configuration doesn’t provide delivery confirmation receipts to individual senders, nor does it offer granular reporting or usage tracking.

 

In the third scenario, the MFP has an even tighter integration into the organization’s network. In addition to an email address on the organization’s email server, the MFP will also be tied to the Active Directory or LDAP server for user authentication. The MFP is then configured to require individual user authentication – users in the office must log in on the device before they can scan, copy, or print.

 

To set up the integration, create an eFax user account for every person in the office who’ll be using fax services. Faxes sent to the users’ fax numbers will be emailed to each user for viewing.

 

When sending, users log in to the MFP and use the “scan to email” function on the MFD, then address the outgoing email as normal when using eFax: faxnumber@efaxsend.com. Unlike the previous scenarios, the emails appear to come from the user themselves, not from the printer, and are thus tied to each individual’s eFax account.

 

Since individual users are identified, this scenario allows for the greatest degree of reporting and tracking accuracy, and it provides a very clear audit trail. Each user receives their own delivery confirmation receipt and can have their own custom cover page.

 

The gains in reporting come at the expense of administrative overhead – for this configuration to work, every user in the organization must have their own properly configured eFax account.

 

Our final scenario is an Enterprise level integration with eFax Corporate. This solution is designed for organizations that want to allow any user to send a fax with detailed usage tracking and delivery confirmations, but without the requirement of an eFax account for each user.

 

To set this up, create an eFax account for each MFP in the organization, making sure to use the device’s email address. To send a fax, use the scan to email function, but instead of the standard address – faxnumber@efaxsend.com – your users will include additional parameters in the recipient address. These parameters allow users to specify an email address for the delivery confirmation, select a custom cover page, or supply a client matter or departmental billing code.

 

After faxing, the delivery confirmation is emailed directly to the sender, while the email address and billing code are stored in the usage logs, allowing granular reporting, usage tracking, and an enhanced audit trail. With this feature, we’ve reduced the administrative overhead, while giving every user in the organization a customizable outbound fax solution.  

 

With eFax Corporate®, you are able to leverage your MFP in a number of ways:

 

Fax directly from the glass; also annotate and add electronic signature

 

Maintain complete audit for all faxes, easily accessible online

 

Enjoy complete faxing capability directly from the MFP. This includes using distribution lists, custom cover sheets, return receipts, etc.

 

Can also use eFax Corporate to fax from any Internet-connected device and even tools like MS Word and Adobe

 

eFax Corporate® has these benefits for faxing from your MFPs:

 

Sunset fax machines and servers

 

Increase efficiency in staff workflows

 

Increase fax security

 

Enhance compliance & reporting

 

Reduce IT headaches of fax infrastructure

 

Convenience

 

… and enjoy peace of mind.

 

Now let’s discuss a use case of an actual eFax Corporate customer, a healthcare provider, whose business depends on sending approval requests to their patients’ insurance companies, most of which demand these requests be sent by fax.

 

The firm needed a more secure and less cumbersome method for sending these faxes – and to help ensure they’d meet with HIPAA and another federal regulatory standards for transmitting ePHI or other sensitive personal data.

 

The company implemented our fax API, eFax Developer – and created a secure fax process from the cloud. The company can now fax from anywhere — computers, smartphones, and also directly from their multifunction printers — in a way that’s secure, reliable and HIPAA compliant.

 

And here’s a real-world case study of a law firm that has many locations — and maintained fax servers and fax machines onsite at several of them.

 

The firm already had several Multifunction Printers at these locations as well, so by deploying eFax Corporate®, they were able to retire their fax machines, servers and related telco lines. And the firm’s lawyers didn’t lose any of their fax capability, which is a vitally important part of their business.

 

One final example of an eFax Corporate customer — this time in the financial services industry.

 

This firm was able to save on follow-up calls to clients to ensure they received their faxes, which the firm often had trouble delivering with their desktop fax machines.

 

All because our MFP faxing feature sent employees delivery confirmations by email, and then stored all of this usage detail online so any authorized employee of the firm could check anytime on faxes delivered successfully.

 

Did you know you can improve your organization’s compliance by moving to cloud-based faxing with eFax Corporate?

 

Yes, our enterprise cloud fax service, designed with the decades of real-world experience to help businesses comply with federal regulations like HIPAA and SOX, can help you address the many compliance related to:

 

Using desktop fax machines and fax servers

 

Your employees using mobile devices, or “end points,” to fax sensitive corporate data

 

Encryption protocol issues – such as determining whether SSL or TLS are the right protocols to employ?

Keeping your fax documents protected at rest and in transit

 

So, why eFax Corporate? Several reasons:

 

No hardware, software or dedicated fax lines to buy, install, maintain, or upgrade.

 

Choose a number from 4,600 cities worldwide.

 

Scalability is a snap, with virtually unlimited capacity and bandwidth-on-demand.

 

The network is multi-redundant, for enhanced security and reliability.

 

There are continual technology upgrades and 24/7 system support.

 

Another key differentiator about eFax Corporate® is that faxing is our core business.

 

eFax Corporate® has a geographically dispersed, global network with Tier III and Tier IV colocations, providing a 99.5% uptime, rapid delivery times and unparalleled transmission security.

 

Now let’s turn the conversation over to you, and address your questions.

Hello and welcome to today’s Webinar, “Maximize Your MFPs (or multifuction printers) With Cloud Faxing – Is Your Business Ready? Part 2.”

 

This is the second part of two-part series. If you joined us for Part 1, thank you again. If you were not able to attend the previous webinar, as we mentioned on the registration page you’ll receive a link to watch Part I on demand.

 

I’m Michael Flavin, Sr. Product Manager with eFax Corporate®. Our Brad Spannbauer could not be here today, but we are privileged to be joined by Peter Ely, Leader, Channels, Enterprise Marketing, also part of j2 Global®. Thanks for joining Peter!

 

For our agenda today, we’ll answer the questions,  How does eFax Corporate® integrate with the MFP, and how to get it?

 

Next we’ll discuss what these features can do for your organization – in creating a single, integrated system for all of your document transmissions

 

We’ll also discuss how integration of your MFPs with eFax Corporate® can create streamlined and efficient workflows and eliminate unnecessary fax infrastructure

 

Then we’ll review some Use Cases with businesses== segments that rely heavily on fax as part of their business, such as legal and insurance

 

We’ll then discuss how integrating your fax processes with eFax Corporate® can enhance compliance

 

And finally, we’ll review why eFax Corporate® is a solid candidate for outsourcing to the cloud

 

We’ll conclude with a Q&A, where we turn the discussion over to your questions.

 

As we discussed in Part 1 of this webinar series, Multifunction Printers (MFPs) are a great way to increase productivity and improve workflow from an existing asset. Because most IT organizations aren’t fully maximizing their MFPs, we see these improvements as low-hanging fruit – because these features can be deployed quickly and cost-effectively, without adding any additional hardware.

 

We discussed in Part 1 the many reasons that fax is still a necessary business technology, and will be for years to come.

 

But I wanted to give a quick, 1-minute review of those reasons — because there’s a common misconception in business that fax is on its way out. Briefly, here’s why businesses still need fax capability…

 

There are business needs. For example, what if delivery requires a confirmation receipt?

 

There are compliance needs. What if communication modes your business is using, such as email, are not in alignment or puts your business at risk with industry privacy regulations such as HIPAA, GLBA?

 

There’s often the need for document traceability. What if you need a clear and complete audit trail of every transmission?

 

And there are often market demands. What if your customers or partners demand a fax, or need to send one to your organization?

 

And finally…

 

There are Security Requirements. What if your document contains sensitive data and needs additional layers of security only a secure fax can provide?

 

17 million MFPs were sold in 2014, according to a report from research firm IDC. By the way, these MFP makers shown here represented the top 5 brands for 2014.

 

Okay, so let’s get into the specifics of eFax Corporate’s MFP Fax Direct feature, and how it can help you improve employee workflows, boost staff productivity — and, perhaps just as important, relieve you of some of the IT headaches associated with your current faxing process.

 

We’ll get into some specifics of how eFax Corporate®’s MFP feature can help you optimize workflows and increase the ROI from your existing MFPs, but for now… just a quick overview.

Our MFP faxing feature essentially lets your staff fax right from the “glass” of your existing MFPs.

 

It’s simple. You place a paper fax onto your printer and use the printer’s control panel to send it. eFax Corporate® converts the fax to an electronic file — PDF, TIFF or other format — and sends it to your recipient’s fax number, where it appears as a standard fax.

 

eFax Corporate® logs all relevant details of this transmission, emails you a delivery confirmation, and you then have the option to securely store the digital fax itself and the usage log in your eFax Corporate® cloud, so your organization has access to it anytime for auditing or compliance purposes.

 

And in case you’re wondering just how simple it can be to eliminate your fax machines, fax servers, telco lines and all of the IT hassles that go with them, here’s a visual explanation of what happens when you use eFax Corporate® with your MFP.

 

You go from this… a complicated IT network of in-house managed fax machines and fax servers…

 

To this… a fully hosted cloud fax model where all management and upkeep of your fax infrastructure is outsourced to a team of professionals.

 

It’s easy to integrate your MFPs into your eFax Corporate® cloud faxing service — and eliminate your legacy fax hardware.

 

In essence: creating a single, integrated system for all of your fax and document transmissions, while eliminating significant IT overhead and pain points of maintenance, support, fax machines, fax server, telephone lines – things that can bog a business down.

 

So, the question we get from a lot of IT managers, CIOs, or business owners: how much work is the integration or migration to cloud faxing and faxing from your MFP?

 

Well - here’s how fast and easy it is to extend the capabilities of your MFPs to include cloud faxing.

 

So, the question we get from a lot of IT managers, CIOs, or business owners: how much work is the integration or migration to cloud faxing and the MFP Fax Direct Feature?

Well - here’s how fast and easy it is to extend the capabilities of your MFPs to include cloud faxing.

 

STEP 1: Set up eFax Corporate cloud fax account.

 

STEP 2: Make sure your office MFP is Internet-connected or ready.

 

STEP 3: Make sure your MFP can send or receive email, either with its own email address or using an external address.

 

And that’s it! As soon as you set up your eFax Corporate® account, your staff can start sending paper faxes right from your MFPs.

 

What a lot of companies we talk to didn’t realize is that moving to a cloud fax model enables faxing from ANY end point – as long as it has internet connectivity and you’ve setup an account, you can send and receive faxes electronically as emails. Training is easy because if users can send email they can send a fax and again, when sending those wet ink signatures or business requires paper fax, send from their MFP.

 

Let’s review the standard scenarios for integrating cloud fax capability with an organization’s existing MFPs. You can use this walkthrough to find the scenario most appropriate to your company’s needs and circumstances.

 

Our first scenario, this is typical of the setup in a small office, say a small legal practice or real estate office where a desktop or consumer type MFP is being used, often shared by the office. In most cases, the MFP has an email address assigned to it by the manufacturer, with emails routed through a cloud email service managed by the vendor. Usually messages sent to the MFP’s email address will be printed automatically.

 

To set up the integration, just add the MFP’s email address as both a Send and Receive Address on one of the office eFax user accounts. Once added to an account, faxes sent to the user’s fax number will be emailed to the printer and will print automatically. When sending, use the “scan to email” function to generate an email message, then address the outgoing email as normal when using eFax: faxnumber@efaxsend.com. 

 

This is easy to set up, easy to use, and has almost no administrative overhead – you’re just using an existing account. Because it’s all tied to one account, though, you lose reporting on individual usage and have only a minimal audit trail. Using the vendor’s email server limits your security options – TLS encryption may not be supported.

 

The second scenario involves the use of a larger MFD, usually one of many located within a larger office or across an enterprise. These devices are often integrated more tightly into the organization’s network. In most cases, these MFDs will have an email address assigned by the network admin and will leverage the organization’s email infrastructure. The device may also have access to network shares for storing files. Messages sent *to* the MFD’s email address can be printed automatically or written to a storage directory. The MFD is not configured to require individual user authentication – anyone in the office can walk up and scan, copy, or print.

 

To set up the integration, create an eFax user account for the device, using its email address for sending and receiving. Faxes sent to the MFD’s fax number will be emailed to the printer for automatic printing or storage to a SAN for example. When sending, use the “scan to email” function on the MFD, then address the outgoing email as normal when using eFax: faxnumber@efaxsend.com.

 

This configuration is easy to set up and easy to maintain, and allows any employee in the office to send a fax without having an eFax account. You can assign a custom cover page to each printer account. And by using your email server, you can implement tighter security protocols like TLS encryption.

 

However, like the desktop solution, this configuration doesn’t provide delivery confirmation receipts to individual senders, nor does it offer granular reporting or usage tracking. 

 

In the third scenario, the MFD has an even tighter integration into the organization’s network. In addition to an email address on the organization’s email server, the MFD will also be tied to the Active Directory or LDAP server for user authentication. The MFD is then configured to require individual user authentication – users in the office must log in on the device before they can scan, copy, or print.

 

To set up the integration, create an eFax user account for every person in the office who’ll be using fax services. Faxes sent to the users’ fax numbers will be emailed to each user for viewing.

 

When sending, users log in to the MFD and use the “scan to email” function on the MFD, then address the outgoing email as normal when using eFax: faxnumber@efaxsend.com. Unlike the previous scenarios, the emails appear to come from the user themselves, not from the printer, and are thus tied to each individual’s eFax account.

 

Since individual users are identified, this scenario allows for the greatest degree of reporting and tracking accuracy, and it provides a very clear audit trail. Each user receives their own delivery confirmation receipt and can have their own custom cover page.

 

The gains in reporting come at the expense of administrative overhead – for this configuration to work, every user in the organization must have their own properly configured eFax account.

 

Our final scenario is designed for organizations that want to allow any user to send a fax with detailed usage tracking and delivery confirmations, but without the requirement of an eFax account for each user. (e.g. AD or LDAP).

 

To set this up, create an eFax account for each MFP in the organization, making sure to use the device’s email address. To send a fax, use the scan to email function, but instead of the standard address – faxnumber@efaxsend.com – your users will include additional parameters in the recipient address. These parameters allow users to specify their OWN email address for the delivery confirmation (they can enter their own email address), select a custom cover page, or supply a client matter or departmental billing code.

 

This is a great use case for employees who do a lot of faxing because many MFPs allow for programmable hot keys – or programming this SMTP info into memory as a memorized address – more about that in a moment.

 

So, after faxing, the delivery confirmation is emailed directly to the sender, while the email address and billing code are stored in the usage logs, allowing granular reporting, usage tracking, and an enhanced audit trail. With this feature, we’ve reduced the administrative overhead, while giving every user in the organization a customizable fax solution.  

 

Now let’s walk through some use cases.

First, we’ll apply some actual use cases and delve a bit more deeply into the ‘how’ of configuring an MFP to integrate with the eFax® Corporate. We will use the enterprise example Michael mentioned , giving you overview of how to configure your MFP so that your users can fax directly from the MFP glass AND can also take advantage of customizing options – things like custom cover pages, return receipts, client matter or billing codes, amongst others.

 

Next we’ll review two specific examples - how businesses in the legal and insurance industries have used this feature to solve some of the business workflow inefficiencies associated with fax.

 

As mentioned, integrating your fax process with cloud faxing through eFax Corporate® is a great way to simplify your business workflow — creating a one-step process —  by faxing directly from the MFP glass.

 

For example, in healthcare – the need to send ePHI to pharmacies or insurance companies for further action. This must include ePHI disclosure page (cover sheet). The MFP configuration can be setup so this is done with a single push of a button process (set up by a Sys Admin), and includes a custom cover page and Confirmation receipt automatically — a step that’s critical for HIPAA compliance and great for audit trails — and better patient care.

 

Let’s walk through a sample configuration given Michael’s example.

 

As discussed earlier, you’ll first need to setup an eFax® account; have an MFP that’s network-ready, and use the existing email of the device – or assign an email to it. With your eFax Corporate® account, from your Admin Portal simply setup this printer as a ‘user’.  If needed, our great support staff can help you with this setup for all of your organizations' devices.

This is also where you can upload custom cover pages for use from the MFPs with the one time help of the administrator.

 

Note: mandatory fields are the + sign

Admin must set the users and the MFP.

 

In the Enterprise integration scenario, using the Enterprise Integration, anyone can walk up and send a fax. It just depends on what’s best for your organization.

 

For number s that will be sent to frequently, you’ll want to enter this info into the MFP user interface. This is an example screen – other MFPs will have a different UI or flow, but your IT support or administrators can add this in for your organization.

 

In this case, you’re leveraging the MFPs ‘fax to email’ functionality.

 

Once the fax number is added to the MFP’s address book and shown as “hot buttons” on the printer control panel any user can walk up and send a fax directly from the glass.  As shown in the entry in green, this address entry can include the triggers for including a custom cover page and return receipt address — so it only has to be entered once as you initially configure the MFP.

 

In this scenario, the administrator programmed in the fax number@efax send, also added in a custom cover page called ‘WGCP1’ (which stands for work group copier 1) , and  the return address  michael@efaxsend.com. 

 

So this user is setup to send this from the address book of the MFP – faxing directly to the cloud with the touch of a button.

 

Now let’s consider how some typical organizations in the business world are using the MFP Fax Direct feature.

 

By example, we work with half of the law firms in “The American Lawyer (ALM’s) top 100, who rely heavily on our portfolio to send faxes worldwide.

 

This particular customer uses eFax Corporate® with optional TLS encryption enabled to send documents on behalf of their clients to the courts.

 

Let’s drill down a little bit….

 

One of our top 100 law-firm customers has 19 locations, and wanted to solve for automation of the process so that administrative assistants or paralegals could send documents to the same court with a touch of a button, accompanied by a custom cover page, a confirmation receipt (to ensure timely filings of appeals) and done so in a highly secure manner to protect client confidentiality.

 

In this case, the firm programmed in what you see in the green

1. cn=cover page name (District Court #9 Appeals) which toggles ‘on’ cover page (cp) automatically.

And

 

2) ra=john :admin to trigger the return address confirmation receipt

 

With this, once the firm has scanned in and sent the fax document via MFP, the audit trail will be easily traceable along with the confirmation receipt – a critical piece to law practice operations. Administrators have the option to copy the return receipt to a share folder or storage area network for future retrieval as well.

 

In the insurance industry, many of our clients rely heavily on faxing for authorizations, medical claims or transmission of other protected health information. This involves the critical elements of security, compliance and confirmation/audit trails.

 

In this example we’re looking at one of our insurance clients that uses fax to send authorizations to their associated Providers for surgeries.

 

This particular insurance firm sends ePHI – known as electronic protected health information and protected under HIPAA - to a given surgery center, multiple times each day.

 

Their goal was to automate this process and enhance security, as their original mode of communications may not have been aligned with HIPAA.

 

Typical examples of misalignments, not for this Client but in general are faxes without specific PHI disclosures on the cover page, or faxes lying in the open exposed to PHI breach

 

These both may trigger reportable events under HIPAA.

Requirements

 

THE GOAL:

Automate the process of sending signed hardcopy authorizations to surgery center each day — ideally with “the touch of a button.”

 

THE REQUIREMENTS:

Each fax will contain patient PHI

Each fax will contain ePHI disclosure

Each fax needs a custom cover page

Transmission must be encrypted — per HIPAA!

 

THE SOLUTION:

Using eFax Corporate, and with the optional TLS configured, the Insurance Administrator is able to send many fax authorizations to the surgery center every day by simply dropping them on the MFP, scanning them, and then utilizing the memorized MFP fax address configured to do this – a great time saver which also helps enhance compliance.

 

Here, a custom cover page was generated, disclosing the ePHI that’s being transmitted to the receiver; a confirmation receipt is set to be sent to the sender, and a copy is also sent to the secure folder on their exchange server, managed by their systems administrator.

 

In summary – businesses and enterprises can enjoy the benefit of a single, integrated system for all fax documents…

 

…with the added perk of eliminating unneeded and dated fax infrastructure – commonly a pain point for IT staff or business owners.

We also discussed how new customers and existing clients are pleased to get more use out of their existing MFP investments, while improving workflows and compliance!

 

All by moving to a cloud fax solution with eFax Corporate.

 

Now I’ll hand it back over to Michael to wrap up.

 

Businesses in virtually every industry, particularly those that need to send highly sensitive material by fax or that are heavily regulated by data privacy laws, choose eFax Corporate® as their Secure Compliant Online Fax Solution. They do so for the following reasons:

 

Compliance and audit capabilities.

 

Scalability of their fax infrastructure — up or down, as often as they need.

 

Redundancy and disaster recovery.

 

Volume requirements.

 

Security protocols.

 

Another key differentiator: Faxing is our core business. eFax Corporate has a geographically dispersed, global network with Tier III and Tier IV colocations, providing a 99.5% uptime, rapid delivery times and unparalleled transmission security.

 

Now let’s turn the discussion over to you and answer your questions.

Transmission of sensitive, electronic protected healthcare information (PHI and ePHI) is a critical activity for healthcare providers, especially with increasingly stringent HIPAA regulations, and the ever present threat of cyber-attacks. Adding to this challenge, Health IT thought leaders and practice managers are increasingly burdened with managing multiple platforms for transmission of PHI/ePHI - from BYOD and Fax to email and messaging.

• What are the common communication methods used to transmit PHI
• What is considered a secure transmission
• What are some common misconceptions about security and transmission of PHI
• What the HIPAA Standard on Encryption and Integrity of Transmission is
• Several compliance pitfalls to avoid in 2016
• How a cloud fax model can enhance security and compliance with HIPAA

Healthcare covered entities and their Business Associates now need to prepare for two threats; the growing threat of cyber-attacks, and the ramp-up of the HIPAA Compliance Phase 2 Audits by the Office of Civil Rights of the Department of Health & Human Services (OCR-HHS).

Healthcare Business Associates in particular need to be aware that the program to extend the audit program to BAs got underway in the fall of 2016.

The fact is, healthcare is a prize target of cyber-criminals. No one is immune from this threat. And the government is taking the threat to the privacy and security of patient information very seriously. Any provider who does not make all reasonable efforts to protect confidential patient information could find themselves the subject of an audit investigation.

Those that have assumed that traditional methods such as fax were a safe way to communicate protected healthcare information (PHI) may be in for a surprise, because the OCR receives numerous complaints about breaches of privacy involving traditional fax processes. And sending patient information over unsecure email is a clear violation of HIPAA privacy and security regulations.

• The latest updates on the HHS-OCR HIPAA Compliance Audit Program
• Practical strategies, tips and techniques for implementing the HIPAA Security Rule
• Whether or not cloud services really compliant, plus the latest guidance from HHS
• The difference between TLS and SSL Encryption and why you should care
• The surprising things the OCR regulators had to say about Fax 
• How to ensure HIPAA-compliant faxing with eFax Corporate

Meet the Speakers Michael Flavin Sr. Product Marketing Manager j2 Cloud Services Michael Pearson Chief Information Security Consultant Health Security Solutions

Michael Flavin Sr. Product Marketing Manager j2 Cloud Services Michael Pearson CISSP

Cyber Hacking in Healthcare: Snapshot HHS Office for Civil Rights 1,199 incidents 41.5 million individuals FBI warnings to industry: “The FBI has observed malicious actors targeting healthcare related systems…for the purpose of obtaining Protected Healthcare Information (PHI)” Top 5 Health Data Breaches in 2014 7.4 million individuals affected Data Breaches Year to date 90+ million individuals affected Huge change in scope 1,800%! increase from 2008-2013

Sources of a Breach ORGANIZED CRIMINAL WELL-MEANING INSIDER MALICIOUS INSIDER

Stages of a Breach
CAPTURE Access data on unprotected systems Install root kits to capture network data
DISCOVERY Map organization’s systems Automatically find confidential data  
INCURSION Attacker breaks in via targeted malware, improper credentials or SQL injection EXFILTRATION Confidential data sent to hacker team in the clear, wrapped in encrypted packets or in zipped files with passwords  

Six Best Practices for Securing ePHI Using the SANS Security Model and HIPAA Compliance
• SANS Security Model provides a good framework for protecting, storing and transmitting ePHI – focus on security!
• HIPAA Compliance does NOT equal a plan secure PHI
• IT Executives must balance security, data protection and training with conduct of regular business

SANS Security Model Defensive Wall 1: Proactive Software Assurance - Application Security Skills Assessment & Certification

ANS Security Model Defensive Wall 2: Blocking Attacks: Network Based - IDS/IPS, FW, MSS

SANS Security Model Defensive Wall 3: Blocking Attacks: Host Based - Endpoint Security, NAC

SANS Security Model Defensive Wall 4: Eliminating Security Vulnerabilities - Vulnerability Management, Patch Management, Penetration testing.

SANS Security Model Defensive Wall 5: Safely Supporting Authorized Users - Encryption, VPN, DLP

SANS Security Model Defensive Wall 6: Tools to Manage Security and Maximize Effectiveness  Log Management, SIEM, Training, Forensics Firewalls Are Not Enough NIDS Monitoring NIDS Monitoring

- Botnet C&C Detection NIDS Monitoring - Watchlist Detection NIDS Monitoring NIDS Monitoring - Botnet C&C Detection NIDS Monitoring - Watchlist Detection Firewall Logs Associated with IDS Alerts NIDS Monitoring NIDS Monitoring
- Botnet C&C Detection NIDS Monitoring
- Watchlist Detection Firewall Logs Associated with IDS Alerts Firewall Logs
- Scan Detection Firewall Logs
- Botnet C&C Detection Firewall Logs
- Backdoor Detection Firewall Logs
- Anomaly Detection Firewall Logs
- Watchlist Detection NIDS Monitoring NIDS Monitoring
- Botnet C&C Detection NIDS Monitoring
- Watchlist Detection Firewall Logs Associated with IDS Alerts Firewall Logs
- Scan Detection Firewall Logs
- Botnet C&C Detection Firewall Logs
- Backdoor Detection Firewall Logs
- Anomaly Detection Firewall Logs
- Watchlist Detection HIDS Alerts OS / Application / Database Logs Endpoint Protection Alerts Average: NIDS Monitoring ~32% Good: NIDS Monitoring + Core Firewall Monitoring ~50% Better: NIDS Monitoring + Firewall Advanced Analysis ~80% Best: NIDS Monitoring + Firewall Advanced Analysis + HIDS + LMS + MEP Approaching 100%

What are the Threats? Technology Impacting. - Security Architecture – Firewalls, Anti-Virus - Unpatched Client Side Software and Applications - Advanced Malware and Ransomware - Accessing Malicious Website

What are the Threats? Technology Impacting. - Poor Configuration Management - Cloud Computing/Storage - Unencrypted ePHI and Removable Media - Mobile Devices, aka BYOD - Botnets - Phishing

What are the Threats? Business Impacting. - Marketplace Reputation and Customer Loyalty - Liability - Legal costs - Credit assistance for customers - Training, call center triage - Fraudulent charges - Stock price, earnings, etc. - IT Resources

Most Common Pitfalls - Risk Assessment - Lack of Accurate Data Inventory/Controls - Audit logs (critical for compliance and root cause) - Humans - “Accidents happen” - Social Engineering and - Security Awareness Training

Most Common Pitfalls - Missing Policies and Procedures - Incident Response Team and Plan & Audit Trail

Most Common Pitfalls - Password Security (may overlap with 3rd Party vendors) - 40% have a password from the top 100 - 79% have a password from the top 500 - 91% have a password from the top 1000

Why do Compliance Mandates get More Complicated? Compliance - Security - Compliance is the output of post-mortem – Some organization did not secure their data, and now everyone else must deploy solutions, software, policies, and guidelines - Compliance will always be a step behind the latest threat

  Faxing in Healthcare Today - Trends - Faxing is still a widely used, especially in highly regulated industries such as healthcare, finance, legal (1) - Trend is toward cloud faxing from on premise faxing - Cloud faxing offers a secure, reliable way to send ePHI and to covered entities or business associates, enhancing HIPAA Compliance

Email, Secure Browser, Mobile App & eFax Messenger User Interfaces TLS Encrypted in Transit Hosted Fax Service Encrypted Fax Storage via eFax Secure (optional) PSTN Telco Service Inbound/ Outbound Faxes  The world’s #1 online fax company – and the industry’s most experienced hosted fax service - The most widely deployed online fax service for the Fortune 500 - Trusted by more major healthcare, legal, financial and other highly-regulated firms than any other online fax provider to transmit sensitive documents

Product Spotlight: eFax Secure™ - Secure: TLS encrypted transmission and storage of ePHI data to enhance security and HIPAA compliance – encryption at rest and motion - Reduce costs – eliminate cost of physical fax servers, phone lines, and enhance compliance with routing to specific user’s email - Improve your overall communications with our highly redundant network delivering 99.5% up-time SLAs and unparalleled transmission security - Tier III or IV colocations for servers with high redundancy and fail over capabilities

Helpful Links - SANS Security Model - DHS HIPAA Security 101 for Covered Entities - DHS HIPAA Security: Physical Safeguards -enterprise.eFax.com - Recorded slides of this presentation - Whitepaper: “Is Cloud-based Faxing Right for You?”

Q&A - Visit us at enterprise.eFax.com - Visit us at HIMSS Booth #7756 - Email: - Michael Flavin:  - Mike Pearson: mike@healthsecuritysolutions.com