HIPAA Law: Ensuring Secure Transmission of Patient Health Information Through Fax
- Fax systems, which support email encryption, should be installed. The protected health information system should be encrypted before it is faxed. This will protect the information from unauthorized access, because only receiver has the key to decrypt the message back into original form.
- The fax machine should be configured in such a way that no copy of received fax is saved.
- The Fax machine should have inbuilt copying system, which can print as many as copies needed. This eliminates the need of external document copier like, Photostat machine and prevents exposure of the confidential patient health information to unauthorized persons.
- The fax machine should be placed in a secure place and accessed by only authorized personnel. On receipt of the fax, the message should be delivered straightaway to the intended recipient.
- The fax numbers which are used regularly should be properly saved, and the speed dialing option should be used to prevent misdialing of the numbers.
- There should be a sound policy in place, which manages efficiently the storage, duplication and disposal of the faxed protected health information, as per HIPAA law. The policy should also be able to address effectively, the wrong delivery of the PHI.
- Before faxing to a new recipient, the number should be checked by sending a test message. This will ensure dispatch of crucial PHI to the intended receiver only.
HIPAA compliant fax machine should be used and have special encryption features, which allows the sender to encrypt the protected health information and send it as an email through the net. The PHI is encrypted into sequence of codes and transmitted to the fax machine of receiver also connected to the internet. The receiver has a key which decodes the encrypted email and prints back the information in the original form. Thus the message is faxed in a safe and secure manner over the net. These precautions help the health organizations to store and exchange the protected health information of the patient as per HIPAA law.