HIPAA compliance is a major concern for every organization that services patients and customers in the healthcare industry, and rightfully so. Choosing the right fax server plays a large role in how easily and effectively an organization maintains compliance with HIPAA statutes.
A Record Year for HIPAA
The Office for Civil Rights (OCR) concluded 2018 with an all-time record high for HIPAA enforcement. The department settled 10 total cases and secured one judgment for a total of $28.7 million, and these were just cases that went to the courts. They do not include the companies who were fined for breaches in compliance and regulatory violations (these fines can range from $100 to $50,000 per violation or per record). The OCR keeps a running tally of all open breach reports on their website.
It’s critical for organizations to understand how healthcare fax solutions help them maintain HIPAA compliance and avoid paying heavy fines and settlements, and it all begins with a basic understanding of HIPPA regulations and penalties.
The Four Tiers of HIPAA Penalties
Ignorance of the underlying breaches and regulations is not an excuse for organizations. Even if they are unaware of the issue, they are not absolved in the eyes of regulatory bodies. HIPAA penalties are divided into four tiers that increase in severity based on how the breach in compliance occurred and whether or not the covered entity (the organization regulated by HIPAA) knew about the breach. The tiers are:
1st Tier: the organization didn’t know about the violation and could not reasonably have known it would and did occur.
2nd Tier: the organization “knew, or by exercising reasonable diligence would have known” of the violation, even though they didn’t act with willful neglect.
3rd Tier: the organization “acted with willful neglect,” but resolved the issue within 30 days.
4th Tier: the organization “acted with willful neglect” and did not correct the issue within a timely manner.
Guidelines for HIPAA Compliance
The guidelines for HIPAA compliance are long (you can learn more about them on the HHS website), but the U.S. Department of Health and Human Services breaks down their guidelines into two major categories:
- Physical safeguards
- Technical safeguards
*Note: this is only a short summary of some of the major guidelines set forth by HHS. They are not reflective of everything an organization must do to maintain compliance.
How Fax Servers Help with Compliance
Using an onsite fax server does not guarantee HIPAA compliance, but when installed and used properly, it can help an organization maintain compliance via major guidelines.
HIPAA requires that organizations “must limit physical access to its facilities while ensuring that authorized access is allowed” and “specify proper use of and access to workstations and electronic media.” Fax servers that are hosted within an organization meet these requirements because the organization can keep them secure and specifically dictate who has access to them.
HIPAA requires four technical safeguards organizations must employ:
- Access Control: technical policies and procedures that enable only authorized persons to access electronic protected health information (e-PHI).
- Audit Controls: hardware, software, and/or procedural mechanisms that record and examine access and other activity in information systems that contain or use e-PHI.
- Integrity Controls: policies and procedures and electronic measures that ensure e-PHI isn’t improperly altered or destroyed.
- Transmission Security: technical security measures that guard against unauthorized access to e-PHI that is being transmitted over an electronic network (like fax).
Fax servers enable organizations to control who can access e-PHI as well as the flow of the documentation internally and outside the organization. By integrating a fax server with healthcare document storage systems, organizations can send and receive documents without ever having to print them out or hand them over to people who are not authorized to view them. A properly configured fax server will help maintain the integrity of documents as they are sent to external locations. They also leave a digital paper trail, allowing organization to maintain proper auditing trails required by HIPAA regulations.
Learn More About Fax HIPAA Compliance
The Fax Guys work with healthcare organizations of all sizes. We can help you set up and configure a fax server that helps your organization maintain compliance with HIPAA regulations. Contact our team today to learn more.