risk of faxing patient report

by Mrs. Michelle Lynch PhD 8 min read

Faxing: The HIPAA Risk That Hides in Plain Sight

5 hours ago  · A risk of faxing medical records, l ike texting them, is that there’s no guarantee the individual on the other end will be authorized to view them. Fortunately, because p eople don’t carry fax machines around in thieir pockets like cell phones, the risk is lower. >> Go To The Portal


The benefits that come from transmitting patients' records more rapidly using technology must be balanced against patient privacy. This article considers the use of faxes to transmit information. Faxes are possibly the most vulnerable mode of transmission available and involve a high risk of error and unauthorized disclosure.

Sending paper faxes using physical fax machines can lead to: Unauthorised document access in instances where paper is left on top of the fax tray. Accidental sharing of confidential data if a fax number is misdialed on the keypad. The risk of theft or manipulation of data by third parties.Nov 23, 2018

Full Answer

What happens when I receive a fax from a patient?

Once a recipient receives your fax, you’ll receive an email notification. Your service provider will store your faxes in a secure online portal. Conversely, you’ll also receive a notification when you receive faxes. When you receive one, you can log on to your service provider’s portal and download patient information securely.

Who should you report misdirected faxes to?

Any impermissible disclosure of patient information should be reported to your privacy officer (or you, if you’re the privacy officer). Make sure your team knows their responsibility to report possible breaches. To see whether or not the misdirected fax was a breach, the privacy officer needs to conduct a breach risk assessment.

Is faxing patient information a HIPAA violation?

The law protects patient information and establishes the framework for sharing patient data safely. To learn more about faxing within the law, keep reading. You can still face HIPAA penalties, even when you expose patient information by mistake.

Is a fax to the wrong recipient a privacy breach?

As a healthcare organization, you must comply with the HIPAA Privacy Rule, which means sending a fax to the wrong recipient could be a breach. Is a Misdirected Fax a Privacy Breach?

image

Is it safe to fax personal information?

Yes, faxing personal information is safe. Whether you're using a traditional fax machine or an online faxing service like eFax, you can count on your sensitive documents being safely delivered to the intended recipient.

What is fax risk?

Data sent through analogue lines cannot be encrypted — the technology just does not allow for it. This means anyone who can access your line can hijack the information. The result is that fax machine communications become very susceptible to local attacks and direct data theft.

Is sending a fax a HIPAA violation?

As a healthcare organization, you must comply with the HIPAA Privacy Rule, which means sending a fax to the wrong recipient could be a breach.

What is the disadvantage of using fax as a form of communication?

Fax machines doesn't support multitasking feature. Which means that they cannot send and receive faxes at the same time. Moreover, they don't have the capability to send multiple faxes simultaneously. For an example, if a fax document needs to sent to 20 recipients the process must be done individually.

Why is fax insecure?

Fax documents are sent without any form of security or encryption. This means that while in transit, they are susceptible to access. Anyone who can access the phone line you are using to transmit files can very easily steal the information you send.

Is faxing more secure than email?

While email has been widely embraced in the digital era for its speed and convenience, sending a fax is more secure. Emails pass through digital firewalls, servers, and virus checkers. Thus, they're copied and can be compromised during the process.

Can you put patient information on a fax cover sheet?

A HIPAA fax cover sheet disclaimer. A HIPAA fax cover sheet disclaimer is a message addressed to the fax recipient, that states that the faxed information is confidential. The disclaimer also should state that the transmission may contain protected health information.

What is required to fax protected health information?

Patient information should only be faxed to fulfill a treatment, payment or healthcare operations obligation or a specifically authorized request (see COMP. 103 Use and Disclosure of Protected Health Information).

What are key things to remember about sending faxing health information?

Use HIPAA Fax Disclaimer Date and time of fax transmission. Receiver fax name and number. Sender fax number, name, and organization. Name of the patient whose information is being sent.

What are the benefits of faxing a document?

The Benefits of Fax MachinesAcquiring Hard Copies - Nothing beats having a hard copy of file delivered over. ... Faxes are Fast - Faxes are delivered immediately to around the globe. ... Relative Lower Cost - At present, fax machines tend to be fairly inexpensive and quite a few are part of multifunction devices.More items...•

What is fax and its advantages?

It is one of the latest device for sending written information and message from one place to another when both the places have the fax machines. Advantages of Fax. Advantages of fax are following: Speedy Transmission: Fax enables transmission of message, data, diagram, sketches and drawing with exceptionally high speed ...

Which of these is an advantage of fax?

Faxing has reliability advantages over postal messages as well because mailings risk damage or loss. Faxes sent to the right number are guaranteed to appear on your recipient's fax machine immediately.

Who should report a misdirected fax?

Any impermissible disclosure of patient information should be reported to your privacy officer (or you, if you’re the privacy officer). Make sure your team knows their responsibility to report possible breaches. To see whether or not the misdirected fax was a breach, the privacy officer needs to conduct a breach risk assessment.

What does it mean when a fax is sent to the wrong recipient?

If the fax contained a patient’s protected health information (PHI), then sending it to the wrong recipient means you’ve disclosed the PHI to someone who isn’t authorized to see it . According to HIPAA, the fax in this case is an impermissible disclosure (i.e. not allowed by the Privacy Rule). You should assume any impermissible disclosure ...

What is a fax from a clinic?

The fax included a billing summary with the patient’s full name, date of service, and a diagnosis code. When you contacted the office, they said they’d suspected it was sensitive information, though they didn’t understand the data, and shredded the document within moments of receiving it.

Is a misdirected fax harmful?

Besides frustrating, a misdirected fax can also be harmful. As a healthcare organization, you must comply with the HIPAA Privacy Rule, which means sending a fax to the wrong recipient could be a breach.

Do faxes have a high risk of error?

Faxes have a high risk of error inherent in their transmission. The destination is entered as a numeric string which is much more error prone than entering words. Some sources estimate that up to 30% of faxes do not meet their correct destinations. ( Source:AllBusiness.com)

Is faxing a good way to transmit sensitive information?

Faxes are not a good way to transmit sensitive data. In spite of this, faxes are still widely used to transmit patient information. Alternatives do exist, especially through the use of more secure encrypted electronic transmission. Where more secure transmission methods exists, there is little excuse for the continued use of faxes. People worry about the privacy of electronic records, but faxes are much worse

What is online faxing?

Online faxing is a hosted service. With hosted service, there’s no need to buy fax servers or special equipment. The technology uses internet protocol to send and receive fax communications online. Instead of purchasing a machine to send faxes, you’d use your online fax number to send and receive faxes securely.

What happens if you violate HIPAA?

If you find yourself at the business end of HIPAA violations, your organization could face serious penalties. HIPAA rules require that you must keep patient information safe—even when sending faxes. The law protects patient information and establishes the framework for sharing patient data safely.

How much is the penalty for non compliance with HIPAA?

If the state attorney files charges against your organization, you can face fines of up to $25,000 per violation category each year. However, if the Office of Civil Rights (OIC) issues a violation, you can pay even higher fines. In this instance, you could face up ...

Do you have to document HIPAA compliance?

You must also document your HIPAA compliance efforts to avoid penalties. Most often, organizations realize they have breached HIPAA compliance during an internal audit. However, employees who violate HIPAA regulations will often report a breach. They do this to lessen the resulting penalties.

Can HIPAA be violated by faxing?

HIPAA Violations and Faxing. In general, HIPAA law states that organizations should only reveal relevant patient information. In effect, providing unnecessary information can also lead to HIPAA violations. However, there other violations under HIPAA law. For example, your organization could receive a HIPAA fine for failing to manage risk.

Can you get fined for not complying with HIPAA?

For instance, you may receive a fine if you don’t have HIPAA compliant agreements with third-party vendors. You might also face a fine for mishandling or accidentally sending information that falls under HIPAA law. You must also document your HIPAA compliance efforts to avoid penalties.

Can organizations be fined for not having safeguards in place?

Organizations can also face fines for not having safeguards in place to ensure the safety of patient information. You can also face a penalty for failing to enforce information access controls. Furthermore, you can face a fine for not monitoring patient information access.

Why is a HIPAA cover sheet important?

A HIPAA fax cover sheet is an important piece of document that aims to protect the information being transmitted. It’s the first page sent to ensure that only the authorized person or recipient can receive the record or file.

Do you check the number of your recipient before faxing medical records?

The only time faxing medical records is a HIPAA violation is when you send it to the wrong person. For this reason, it is vital that you check the number of your recipient before sending the fax. Moreover, if you can, call the intended recipient ahead of time to make sure that he or she will be there when you fax the documents.

Is it necessary to keep fax logs?

A great feature new-age fax services have is the ability to keep logs and records of documents with the corresponding transmission information. This handy feature can be used as a safe faxing practice.

Does your business or company have a faxing policy in place?

Whether there is a designated person who is charged with faxing medical records or anyone in your organization can do it, it is ideal to have a set of faxing policies in place. The policy should cover the basic faxing etiquette to contingency plans in case someone faxes a piece of sensitive information to the wrong and unauthorized person.

Do you have a designated area for your fax machines?

If you are still using a traditional fax machine to transmit documents, a very simple way to keep yourself HIPAA compliant especially when sending patient informations to authorized recipients is to find a secured designated area for the machine.

Do you periodically schedule your fax machine for preventive maintenance?

As with any other equipment, a fax machine requires maintenance to ensure optimum performance. Although they are pretty safe and secure, if not properly maintained, they can be faulty, which might cause certain problems for you and your business.

Is there a more convenient way of faxing?

If maintenance is too much work for you, why not switch to online fax services? Aside from saving yourself the hassle of having to deal with a machine, faxing medical records or legal documents can be done using your computer, mobile phone, or your trusted tablets.

image