CLOUD FAX CHANGES THE GAME FOR COMPLIANCE
Why Highly Regulated Businesses Make the Switch and Integrating a Seccure Cloud Faxing Solution
Introduction: The Consequences of Poor Fax Compliance
Here are some highlights from their paper titled “Fax Market Pulse: Trends, Growth, and Opportunities.”
This enormous volume of faxing creates endless opportunities for privacy and security compliance issues, and begs the question: is there a simple way to maintain fax compliance? The answer is a resounding “yes.” The objective of this white paper is to explore the fax compliances challenges that IT professionals face, how other companies have successfully overcome them with a simple Cloud fax solution, and how you can too. First, though, let’s look at the issues your business is almost certainly facing if you’re still sending and receiving paper faxes.
Data Breaches, Regulatory Compliance and Faxing Aren’t Going AwayRecently, more than 1,100 senior security executives from around the world participated in the “Data Threat Report” covering a comprehensive set of technology methodologies. According to the report, a whopping 67% of global respondents worldwide, 71% stateside, indicated they had experienced a data breach at some point in the past, and 46% of the U.S. breaches happened in just the past year. This news is concerning, especially for those who are in the minority and have yet to experience an attack.
A CIO Insight article tells us that 72% of U.S. companies still have fax machines. Yet, as we learned with the Bank of Scotland and Mount Sinai St. Luke’s in New York, only a few poorly handled faxed documents can lead to severe compliance breaches and repercussions.
Cloud Fax to the RescueFortunately, more companies are enhancing their fax compliance with a cloud solution. IDC’s report “Fax Market Pulse: Trends, Growth, and Opportunities” clearly shows that while 60% of companies that fax are still using traditional fax machines or multifunction printers (MFPs) with fax/scan capability, the trend is clearly moving to the Cloud.
One of the greatest benefits of Cloud faxing, beyond increasing savings, productivity and reliability, is that with the right provider, it also can significantly improve compliance efforts. Let’s take a look at why eFax Corporate is the global market leader of Cloud fax, and trusted by nearly half of the Fortune 500.
All Cloud Fax Solutions are NOT Created EqualTo be clear, not just any cloud fax service will be able to help your organization achieve and maintain regulatory compliance. Federal and state financial disclosure and privacy laws place tough privacy, security and accountability rules on public and private corporations and the financial industry, while in healthcare HIPAA has become even stricter, with enforcement actions more common and costly.
eFax Corporate Security ComplianceeFax Corporate is an enterprise level, cloud-based fax-by-email solution used by many of the world’s largest corporations (as well as small and medium sized business). As such, it meets the most stringent requirements for secure document transmission, including 256-bit encryption, and certificate-based authentication, via Transport Layer Security (TLS) v1.2, in compliance with the recommendations of the National Institute of Standards and Technology (NIST).
Similarly, the Payment Card industry’s Data SecurityStandard (PCI-DSS) for safeguarding card holder data, requires that anyone performing online credit card transactions secure their websites with a minimum of TLS v1.1 as of June of 2018. After that date, all versions of SSL and even TLS 1.0 will be out of compliance.
However, the eFax Corporate product portfolio has long been ahead of the curve with the most secure and fully compliant TLS v1.2.
Industry best practices and federal standards also require that confidential and personally identifiable information (PII) and other sensitive data should be encrypted not only during transmission but also while at rest — meaning while stored and archived in a digital environment. For example, SOX mandates that all electronic records (including faxes), be retained for a period of seven years and be secure against tampering.
To that end, NIST recommends the Advanced Encryption Standard (AES) with a key strength of at least 128-bit. eFax Corporate has taken it to a higher level of encryption at 256-bit for superior protection of your stored data.
It should be noted that some fax server brands still use the old Data Encryption Standard, known as triple DES (3DES). This protocol dates at least from the 1990s and the algorithm is now on the verge of being officially deprecated by NIST. At that time, those fax server encryption modules will no longer be compliant for Storage of ePHI and other sensitive customer data.
as who sent or received a fax when and where and to whom; plus the ability to add billing codes; tag specific staff members; add job/matter or client ID numbers and much more.
In addition, for security purposes, User Settings are highly flexible, offering the ability to set multiple access levels with granular permissions and privileges for your most sensitive data.
Every fax you send or receive with eFax Corporate is automatically saved in a standard electronic format (PDF or TIFF), along with all of its meta-data such as client ID and Matter, then stored securely in the cloud where you can access it anytime for compliance.
Due to the fact that compliance and security are such critical facets of faxing today, eFax Corporate also has flexible and comprehensive role-based administration tools. This makes it simple for a Super Admin to add other Admins for specific purposes, with differing levels of access to the Admin Portal to meet specific business needs and compliance protocols. Role-based access can be extended across different departments ensure that only authorized employees have access to ePHI, as required by HIPAA.
This hierarchical administration capability offers complete control and scalability over data access, enabling Admins to create an unlimited amount of groups or subgroups, which is scalable to larger multi-location enterprises, as well as to resellers and third party providers.
Another important feature that eFax Corporate implemented to help with HIPAA and other compliance is our customizable fax cover sheet feature. There are three primary reasons why a cover sheet is important for HIPAA compliant faxing in particular:
- Protecting the fax document from view
- Providing contact info in case of an incorrect recipient
- Displaying the HIPAA disclaimer upfront.
- Date and time sent
- Name of recipient
- Recipient’s fax number
- Sender’s name and organization
- Sender’s phone number
- HIPAA fax disclaimer
The Cloud Fax Service of Choice for the Highest Regulated BusinessesTo date, the most widely used and trusted provider of enterprise-caliber cloud faxing is eFax Corporate. For more than 21 years, we have been the cloud fax service of choice for more heavily regulated businesses than any other company. If you’re not sure whether your organization falls under specific regulations, we would be happy to give you a walkthrough of how eFax Corporate’s processes will help bring your faxing protocols into alignment with that law.
- Organizations must ensure that all electronic devices and media containing PHI are disposed of securely; including non-computer devices such as copier systems and medical devices.
Issue #10: Backup and Contingency PlanningSee 45 C.F.R. §164.308(a)(7). Organizations must ensure that adequate contingency plans (including data backup and disaster recovery) are in place and would be effective when implemented in the event of an actual disaster or emergency situation.
- Leveraging the resources of cloud vendors may aid an organization with its contingency planning regarding certain applications or computer systems, but may not encompass all that is required for an effective contingency plan.
- See 164.308(a)(7)(ii)(D). As reasonable and appropriate, organizations must periodically test their contingency plans and revise such plans as necessary when the results of the contingency exercise identify deficiencies.