One of the most common questions we get related to our service is “Is your fax service HIPAA compliant?” That’s a great question with no easy answer. I think the better question to ask is “Is my practice compliant?” In order to answer this, it’s important to understand what exactly HIPAA compliance means, who governs it, and how that translates to choosing products and services, including an appropriate internet fax solution.
The Health Insurance Portability and Accountability Act (HIPAA) is actually broken up into 3 Rules:
- HIPAA Privacy Rule – This protects the privacy of individually identifiable health information
- HIPAA Security Rule – This helps set national standards regarding the security of electronic protected health information.
- HIPAA Breach Notification Rule – Requires covered entities and business associates to provide notification following a breach of unsecured protected health information.
To read more about these rules please visit the US Department of Health and Human services site.
So to be HIPAA “compliant”, you have to understand these rules and how to implement best practices regarding anyone who comes into contact with patient sensitive information (ePHI) as well as deploy products and services that will help accomplish this. A good overall strategy will include administrative, physical, and technical (that’s us!) safeguards.
Read our Whitepaper: Four Misconceptions Regarding HIPAA Compliance and the Cloud
I see a lot of services out there with HIPAA compliant badges and claims. Something to keep in mind is there is no product out there that will instantly make you HIPAA compliant. Those badges are not given out by the government. These rules are enforced by the Office for Civil Rights and breach of these rules can result in some serious civil and even criminal penalties. So you don’t want to make any assumptions when it comes to adherence to these rules. To see the full list of fines and penalties click HERE.
So when a company touting a product or service is telling you they are HIPAA compliant, you should only take that to mean they know what HIPAA is and their solution has security measures to help address that. You should still find out more about these features to A. make sure they are up to date with the latest standards (HIPAA rules are constantly changing with evolving technology) and B. the solution fits well with your overall approach to address these issues.
You also want to ask if they are willing to sign a BAA (Business Associate Agreement). This is a simple document that puts down in writing the companies accountability to maintain certain security standards related to safeguarding of sensitive data.
So back to the main question, which has hopefully changed from “Is your service HIPAA compliant?” to “What does Documo do to help with my security strategy for HIPAA?”
GREAT QUESTION! :)
We take the security seriously and love servicing customers in the healthcare industry. Our internet fax solution is built with HIPAA compliance in mind and we have several security safeguards in place to maintain the integrity of your data and our network. Some of these features include:
- Encrypted document exchange
- Secure Socket Layer (SSL) protocol
- User authentication
- Server management security. Our employees do not have direct access to production equipment and all servers are hoursed in state-of-the-art data centers with 24/7 security.
- Application servers, web servers, networking components, and SSL accelerators are configured to maximize uptime and reliability.
- Data is securely backed up on a regular basis
- Documo employs advanced perimeter defense. Our network perimeter is protected by multiple firewalls and is monitored by intrusion detection systems at all times. We choose our vendors for these products carefully and only go with industry-leading solutions.
This list only highlights some of the things we do to address security for our customers. This is not an exhaustive list of security features. We are constantly improving and updating our infrastructure and making sure we are up to date with the latest in security measures and technological advancements.
Hopefully that helps answer some questions regarding HIPAA and our solution. If you have more questions or would like to provide us any feedback or suggestions, please Contact Us! We’d love to hear from you!