GFI FaxMaker and HIPAA compliance

Similar documents
Evaluation guide. Online Demo Evaluation Guide

Evaluation Guide. The purpose of this document is to help evaluating users install and configure GFI EventsManager.

GFI Product Comparison. GFI MailEssentials vs Sophos PureMessage

GFI Product Comparison. GFI EventsManager 2013 vs. WhatsUp EventLog Management Suite

Why one virus engine is not enough

GFI Product Manual. Client Manual

Managing security in a devicedriven Windows environment

GFI Product Manual. Client Manual

GFI product comparison: GFI LanGuard 12 vs Microsoft Windows Intune (February 2015 Release)

User Guide. Learn how to archive items with GFI Archiver.

GFI Product Manual. Evaluation Guide Part 1: Quick Install

GFI Product comparison. vs. Archiver

GFI Product comparison. vs. Archiver

GFI Product comparison. vs. Archiver

FAX DEVICE INSTALLATION MANUAL

OpenText Fax Servers and Microsoft Office 365

GFI Product Manual. Evaluation Guide

Upgrading from VIPRE Security for Exchange to GFI MailEssentials

The Unseen Leak: Faxing in the era of SOX, Gramm-Leach Bliley/PIPEDA and HIPAA

GFI product comparison: GFI MailEssentials vs. LogicNow - Control

Therapy Provider Portal. User Guide

Document Cloud (including Adobe Sign) Additional Terms of Use. Last updated June 5, Replaces all prior versions.

1.2 Participant means a third party who interacts with the Services as a result of that party s relationship with or connection to you.

CryptoEx: Applications for Encryption and Digital Signature

HIPAA Compliance & Privacy What You Need to Know Now

Archive Legislation: archiving in the United Kingdom. The key laws that affect your business

HIPAA AND SECURITY. For Healthcare Organizations

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance

Five Ways to Improve Electronic Patient Record Handling for HIPAA/HITECH with Managed File Transfer

efax Corporate for Independent Agent Offices

Quick Installation Guide. Learn how to quickly set up GFI WebMonitor for trial.

Companion Guide Institutional Billing 837I

Storage and Retrieval - Systematic Indexing in Document Pool

GFI FAXmaker for Exchange/SMTP 12. Manual. By GFI Software

Guide: HIPPA Compliance. Corporate HIPAA Compliance Guide. Privacy, productivity and remote access. gotomypc.com

A strong team: DocuWare and Microsoft Outlook

Enterprise Vault Setting up SMTP Archiving 12.3

The simplified guide to. HIPAA compliance

Daniel MeterLink Software v1.40

Virtua Health, Inc. is a 501 (c) (3) non-profit corporation located in Marlton, New Jersey ( Virtua ).

Data Leakage Prevention. - Protection of Outbound Communication -

HIPAA Regulatory Compliance

E-Share: Secure Large File Sharing

Symantec Encryption Management Server and Symantec Data Loss Prevention. Integration Guide

Nokia Intellisync Mobile Suite Client Guide. Palm OS Platform

HIPAA / HITECH Overview of Capabilities and Protected Health Information

Tracking and Reporting

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

Data Backup and Contingency Planning Procedure

NetIQ Identity Manager Notification Guide. Febraury 2018

Netwrix Auditor for SQL Server

MiContact Center Business Important Product Information for Customer GDPR Compliance Initiatives

CALSTRS ONLINE AGREEMENT TERMS AND CONDITIONS

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Symantec Enterprise Vault

WASHINGTON UNIVERSITY HIPAA Privacy Policy # 7. Appropriate Methods of Communicating Protected Health Information

Symantec Enterprise Vault

HIPAA Federal Security Rule H I P A A

HIPAA Compliance and OBS Online Backup

Oracle Database Vault

OpenText RightFax Bar Code Routing

PATIENT ACCESS REQUEST FOR MEDICAL RECORDS

Companion Guide Benefit Enrollment and Maintenance 834

The information and content in this document is provided for informational purposes only and is provided "as is" with no warranties of any kind,

ecare Vault, Inc. Privacy Policy

Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC

1 Introduction How fax receiving works How fax sending works 7

With this enhancement, you can:

How Managed File Transfer Addresses HIPAA Requirements for ephi

Message Manager Administrator Guide

BlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0 Maintenance Release: 1. Release Notes

GFI product comparison: GFI MailEssentials vs. McAfee Security for Servers

E-Share: Secure Large File Sharing

Datasheet. Only Workspaces delivers the features users want and the control that IT needs.

How to Ensure Continuous Compliance?

Atmosphere Fax Network Architecture Whitepaper

Mobile Application Privacy Policy

NMHC HIPAA Security Training Version

What is HIPPA/PCI? Understanding HIPAA. Understanding PCI DSS

Efficient fax messaging using Microsoft Office with Microsoft Exchange 2003 & 2007

Veritas Enterprise Vault PST Migration 12.2

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

Putting It All Together:

HIPAA Controls. Powered by Auditor Mapping.

Critical HIPAA Privacy & Security Crossover Areas

Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act

Technical factsheet Cloud Backup

Emsi Privacy Shield Policy

U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC)

Mimecast Datasheet. Mimecast. Achieving best practice enterprise management with next generation Mimecast technology

TERMS OF USE Terms You Your CMT Underlying Agreement CMT Network Subscribers Services Workforce User Authorization to Access and Use Services.

efolder White Paper: HIPAA Compliance

WHITE PAPER- Managed Services Security Practices

Dialogic Brooktrout Fax Service Provider Software

User Guide. We protect more people from more online threats than anyone in the world.

PCO Data Protection and Privacy Policy

Workday s Robust Privacy Program

BCDC 2E, 2012 (On-line Bidding Document for Stipulated Price Bidding)

LifeWays Operating Procedures

Security Information & Policies

Transcription:

GFI White Paper GFI FaxMaker and HIPAA compliance This document outlines the requirements of HIPAA in terms of faxing protected health information and how GFI Software s GFI FaxMaker, an easy-to-use fax server, can help health organizations to comply with HIPAA s regulations for information flow and exchange.

Contents Introduction 3 HIPAA and Faxing 3 Why traditional faxing methods are problematic? 4 Why GFI Software s fax server GFI FaxMaker is the solution? 4 Checklist 5 Other benefits of GFI FaxMaker to help you be HIPAA compliant 6 About GFI 7 GFI FaxMaker and HIPAA compliance 2

Fax server technology is a secure method of communicating and is simple and affordable way to assist healthcare organizations in becoming HIPAA compliant. Introduction The U.S. Congress recognized the need for national patient record privacy standards in 1996 and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted. The law included provisions designed to improve efficiency and reduce costs for health care businesses by encouraging electronic transactions, but it also required new safeguards to protect the security and confidentiality of that information. In November 1999, the U.S. Department of Health and Human Services (HHS) published proposed regulations to guarantee patients new rights and protections against the misuse or disclosure of their health records. The Act has changed the way healthcare organizations send, receive, and manage confidential information. Previous hard copy paper systems are considered insecure and a liability and therefore new alternatives for exchanging and tracking protected health information (PHI) are required. HIPAA and Faxing The primary objective of HIPAA is that health organizations have the infrastructure and procedures administrative, technical and physical that allow them to safeguard patient health information from any kind of exposure or disclosure to unauthorized parties when this information is required to be transmitted or delivered to authorized individuals. HIPAA does not prohibit the use of fax machines to communicate PHI; however the information is subject to strict regulations that protect the privacy and security of the information both at the point of dispatch, during transit and at the point of delivery. The security provisions of HIPAA require reasonable efforts to make sure that the information delivery via fax has been sent securely and was received securely and by the person intended. HIPAA makes a number of demands to ensure that patient health information is properly protected. These, in relation to security and privacy, include: All fax machines are to be placed in a secure area and not generally accessible. Only authorized personnel are to have access and security measures should be provided to ensure that this occurs. Destination numbers are verified before transmission Recipients are notified that they have been sent a fax. Include a cover-sheet clearly stating that the fax contains confidential health information, is being sent with the patient s authorization, should not be passed on to other parties without express consent; and should be destroyed if not received by the intended recipient. Any patient data should be in the fax body and not in any of the data fields. Faxes are to be sent to secure destinations; i.e., the fax machine of the recipient must be in a secure location, accessible only by those authorized to receive the information. Maintain a copy of the confirmation sheet of the fax transmission, including the necessary data such as time and recipient s number. Confirm fax delivery by phoning the recipient. Received faxes are to be stored in a secure location. Maintain transmission and transaction log summaries. GFI FaxMaker and HIPAA compliance 3

Why traditional faxing methods are problematic? Although HIPAA does not prohibit patient health information from being faxed to authorized recipients, manual faxing is fraught with security issues that would certainly prevent health organizations from being compliant with HIPAA strict requirements. With manual faxing, there are a number of risks: Fax machines may not be located in a secure area and access to faxes may not be restricted to authorized personnel only. Senders are required to wait by the machine until the transmission is completed, waiting for the transmission report, collect it and file. They also have to call the recipient to ensure that it has been received completely and as intended. This takes up precious time for the health professional. If the recipient is not available, important information may be delayed. Incoming faxes need to be removed immediately from the output tray and distributed to the recipient to reduce the chance of an inappropriate use or disclosure. Any pre-programmed fax numbers need to be validated periodically and regular fax recipients contacted regularly to ensure that the number has not changed. The destination fax machine may be in a secure location but may still be accessible to a number of people. The information in hard copy has to filed securely. Transmission may not always be secure and reliable (especially in areas with basic telecommunication infrastructure). In the spirit of HIPAA, which aims to create more effective health organization practices, manual faxing is expensive requiring multiple communications lines, hardware, maintenance costs and material (paper and toner). Why GFI Software s fax server GFI FaxMaker is the solution? GFI Software s fax server software, GFI FaxMaker resolves all the fax-related privacy and security issues that are highlighted in a health organization s HIPAA plan. GFI FaxMaker makes sending and receiving faxes an efficient, simple and cost-effective process. The problems with manual faxing printing out the document, walking to the fax machine, waiting for the fax to go through, not to mention the cost of fax machine supplies and repair are immediately resolved; but more importantly GFI FaxMaker allows users to send and receive faxes directly from their email client in most cases totally eliminating the need for a manual fax machine. GFI FaxMaker is easy to install, requires little maintenance and integrates with existing messaging clients and customized solutions. GFI FaxMaker integrates with your mail server, allowing users to send and receive faxes and SMS/text messages using their email client or a health records application, an option that is often preferred by health organizations. You can even back up all faxes and search them in the same way that emails are stored and retrieved on the network. Furthermore, if email correspondence is being archived (which is a federal requirement for most sectors), all your faxes are also stored in a central, secure database. With GFI FaxMaker you do away with the need to handle and transfer original or duplicate copies of patients medical records, thereby reducing the risk of losing or misplacing files as well as reducing the time to send the documentation. Since faxes are sent and received via email and authentication on the email client is required to access the faxes, there is no concern that the patient health information will be sent to the wrong recipient or that someone else can retrieve the information without authorization. For additional security, health organizations can use a health records application that bypasses the email client if there are concerns. To ensure that only GFI FaxMaker and HIPAA compliance 4

the person that the fax was intended for actually sees the fax, GFI FaxMaker can automatically route incoming faxes to the user s mailbox or to a particular printer based on a DID/DDI/DTMF number or on the line on which the fax was received. Faxes can also be forwarded to a public folder or assigned to a network printer per installed fax port. This means that the fax goes through no other hands. With server systems and database stored in secure locations and managed solely by authorized personnel only, there is not risk that emails/faxes can be tampered with, deleted or accessed by third parties. This ensures that all patient information is secure at all times prior to, during and after transmission. Checklist Privacy and security requirements All fax machines are to be placed in a secure area and not generally accessible. Only authorized personnel are to have access and security measures should be provided to ensure that this occurs. Destination numbers are verified before transmission. Include a cover-sheet clearly stating that the fax contains confidential health information, is being sent with the patient s authorization, should not be passed on to other parties without express consent; and should be destroyed if not received by the intended recipient. Using GFI FaxMaker How GFI FaxMaker meets this requirement Both outbound and incoming faxes can be sent/ received using an email client or, preferably, a third-party health records application. This removes the need for a manual fax machine and therefore no special security measures need to be taken to safeguard the data or the equipment. Outbound faxes can be sent via the individual s personal email client or, a much better option, a third party medical records application. The documentation does not need to leave the sender s office nor is it handled by anybody else. With incoming faxes, these can automatically be routed to the user s mailbox or to a particular printer based on a DID/DDI/DTMF number or on the line on which the fax was received. This ensures that no one else can see the documentation just received except for the intended recipient or other authorized personnel. By integrating with Active Directory and using the contact lists in the email client, recipients can be pre-programmed, minimizing the potential for human error. Another option that is preferred by healthcare organizations is to integrate with a thirdparty medical records software and use its built-in contact list. Fax server software, GFI FaxMaker, allows for the creation of cover pages by user or group. This enables administrators to control the formatting and content of the cover page and have the approved cover page added automatically to outbound faxes. GFI FaxMaker and HIPAA compliance 5

Privacy and security requirements Maintain a copy of the confirmation sheet of the fax transmission, including the necessary data such as time and recipient s number. Received faxes are to be stored in a secure location. Maintain transmission and transaction log summaries. Using GFI FaxMaker How GFI FaxMaker meets this requirement Transmission reports including miniatures of the fax can be automatically printed. With email archiving implemented, all faxes sent or received using GFI FaxMaker are stored in a secure database, allowing easy access, searching and auditing. With email archiving implemented, all faxes sent or received using GFI FaxMaker are stored in a secure database, allowing easy access, searching and auditing. Other benefits of GFI FaxMaker to help you be HIPAA compliant Reduced administration GFI FaxMaker is designed to minimize administration. It integrates with Active Directory eliminating the need for a separate fax user database. User-related settings can be applied to Windows users or groups directly. Supports Microsoft Exchange, Lotus Domino and other SMTP Servers GFI FaxMaker integrates with Exchange Server 2000/2003/2007 via a standard Exchange SMTP connector. GFI FaxMaker can be installed on the Exchange Server or on a separate machine, in which case no software has to be installed on the Exchange Server itself. GFI FaxMaker also integrates with Lotus Domino and other popular SMTP servers. Fax over IP (FoIP) support With the optional Brooktrout SR140 host based module or TE-SYSTEMS XCAPI, GFI FaxMaker integrates with your existing IP PBX to offer Fax over IP (FoIP) without any additional hardware requirements. With FOIP you can easily send faxes over the Internet, integrating with the existing IP infrastructure. Supports Lotus Notes & SMTP/POP3 Servers GFI FaxMaker integrates via the SMTP/POP3 protocol with Lotus Notes and any SMTP/POP3 server. It can be installed on the mail server itself or on a separate machine. For Lotus Notes, @FAX addressing is supported. Automated fax delivery/inbound fax routing GFI FaxMaker can automatically route incoming faxes to the user s mailbox or to a particular printer based on a DID/DDI/DTMF number or on the line on which the fax was received. Faxes can also be forwarded to a public folder or assigned to a network printer per installed fax port. Archive faxes to GFI MailArchiver, to SQL, or other archiving solution GFI FaxMaker allows you to archive all faxes to GFI MailArchiver, an SQL database or to an email address. GFI MailArchiver is an email archiving solution that stores all mail in an SQL database, allowing for easy search and retrieve. With the OCR module, faxes can also be searched based specific text within the fax. Optional OCR reading and routing The optional OCR module can be used to convert all incoming faxes to a readable text using Optical Character Recognition (OCR) technology and then route the fax to the correct user by keyword. For example you can route by first or last name or by job function. If GFI FaxMaker cannot match a recipient, it will automatically route the fax to the default recipient or router. Especially handy if you plan to archive, since it makes searching for a particular fax much easier. GFI FaxMaker and HIPAA compliance 6

Send a fax from any application To send a fax, users print from their word processor to the GFI FaxMaker printer, or create a new message in their email client (for example, Outlook or Outlook Web Access). The user then selects the recipient(s) of the fax from the Outlook Contacts list (address book) or enters the fax number directly. After clicking on the Send button, the fax is sent and the user receives a transmission report in his or her inbox. Receive a fax by email in fax or PDF format GFI FaxMaker delivers faxes to the user s inbox in TIF (fax) format or as an Adobe PDF file. This enables users to check faxes from anywhere in the world, using either a normal desktop email client (for example, Outlook) or a web-based email client (for example, Outlook Web Access). Receiving faxes in PDF format means the fax can be easily forwarded and it also allows for easy integration with document archiving systems or workflow procedures. Supports Outlook contacts There is no need to keep a separate fax address book, just select the recipient s Business Fax entry from the Outlook Contacts list or the Global Address Book. No need to duplicate address entries. Attach Office documents, PDF, HTML and other files Users can attach Microsoft Office, PDF, HTML and other files to their fax. These are rendered to fax format on the fax server. The Send to Mail Recipient command, available in Microsoft Office and other applications, can be used to quickly send any document as a fax. Automatic application integration and mail merges with NetPrintQueue2FAX GFI FaxMaker s NetPrintQueue2FAX feature allows you to embed a fax number in a document and print to fax from almost any application, anywhere in the network, without having to enter the fax number separately. Especially handy for accounting applications, an invoice can be faxed simply by embedding the fax number; no application integration or development is required. Fax broadcasting using Microsoft Office mail merge Using the mail merge facility of Microsoft Word or of the Office Suite of products, you can send personalized fax broadcasts. Because Microsoft Office supports ODBC, the recipient list can be retrieved from any data source, including Microsoft SQL Server, Microsoft Access and many more. About GFI GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises (SMEs) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com. GFI FaxMaker and HIPAA compliance 7

USA, CANADA AND CENTRAL AND SOUTH AMERICA 15300 Weston Parkway, Suite 104, Cary, NC 27513, USA Telephone: +1 (888) 243-4329 Fax: +1 (919) 379-3402 ussales@gfi.com UK AND REPUBLIC OF IRELAND Magna House, 18-32 London Road, Staines, Middlesex, TW18 4BP, UK Telephone: +44 (0) 870 770 5370 Fax: +44 (0) 870 770 5377 sales@gfi.co.uk EUROPE, MIDDLE EAST AND AFRICA GFI House, San Andrea Street, San Gwann, SGN 1612, Malta Telephone: +356 2205 2000 Fax: +356 2138 2419 sales@gfi.com AUSTRALIA AND NEW ZEALAND 83 King William Road, Unley 5061, South Australia Telephone: +61 8 8273 3000 Fax: +61 8 8273 3099 sales@gfiap.com Disclaimer 2011. GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided as is with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, outof-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback