Health IT and Electronic Health Activate your FREE membership today |  Log-in

Community Blog

Sep 24 2012   9:27AM GMT

Today’s enterprise fax software drives health care PHI security and clinical productivity

Posted by: adelvecchio
EHR, EMR, fax technology, HIPAA compliance, HITECH Act, PHI

Guest post by: Alan Gonsenhauser, SVP and chief marketing officer, Biscom

Fax is the predominant form of communication for 63% of health care providers, according to the annual National Physicians Survey released in June. Faxing is everywhere in today’s health care settings and it is expected to remain so for years to come.

Faxing has long been essential to the daily sharing of information among hospitals, medical practices, pharmacies, payers, labs, government entities, and other key stakeholders. Faxing is a mission-critical function of today’s health care ecosystem and there are no signs that this dependence will change soon.

What is rapidly changing about fax are the innovative new flavors of secure, computer-based fax technologies available to hospitals and health systems that are making fax machines obsolete. These include premises-based fax servers, hosted cloud fax services, hybrid solutions, and even digital, high definition, color, IP-only fax. These new systems are replacing the current network of 50 million fax machines with enterprise fax software that integrates with a variety of corporate infrastructures and existing systems.

Premises-based, hosted cloud, and hybrid (premises-based + cloud) fax server platforms can seamlessly interface with existing telephony infrastructure (public switched telephone network [PSTN]) and/or voice over IP [VoIP] networks), and major corporate applications such as email, mainframes, enterprise resource planning (ERP), enterprise content management (ECM), and various health IT systems.

Data and software integration to corporate applications saves significant cost, drives clinical process efficiencies, bolsters protected health information (PHI) security, and assists in green initiatives to reduce carbon footprints and supplies usage. Examples include paperless invoicing and purchase order transmittal via production fax, and connection to existing mainframe. EMR, ePrescription, and email systems are further options which also eliminate paper and keep PHI protected and out of sight.

Hybrid fax systems can now provide on-demand robust business continuity and scalable resources. If the premises-based fax server fails, it’s possible to seamlessly switch over to a hosted fax cloud service model, where servers are maintained by another organization off-premises and fax functionality is provided via the Internet. The data is securely transmitted point-to-point between the on-premises servers and cloud fax servers via secure socket layer (SSL) encryption, ensuring PHI cannot be accessed.

Together, Premises-based and hosted fax cloud services form a terrific failover business continuity strategy known as hybrid fax.  Hybrid fax is a “best of both worlds” option, and increasingly popular in health care settings. Its main advantage is that neither hardware failure, telecom failure, nor Internet failure alone can interrupt fax traffic. It’s a simpler and more robust way to handle fax traffic spikes and fulfill business continuity and disaster recovery goals, meeting the 24/7/365 clinical operational requirements of today’s hospitals and health systems.

Faxing is a convenient bridge between health care entities that are automated to different degrees. Fax is both an extension of paper-based processes used most by doctors – patient records, scripts, notes – and is also the only interoperability standard in health care today, connecting paper to  Electronic Health Records (EHRs) and ePrescription systems. Fax is also effective and convenient for documents that legally require signatures. In the end, it comes down to the comfort level of doctors–who most often use fax technology because it’s familiar, ubiquitous, and more secure than email. So the chief drivers are momentum, security, and the amount of paper that is there to begin with. Simply put, fax is an accepted, legally compliant, and mission-critical part of today’s health care ecosystem.

HIPAA – A Trigger for Keeping Fax Secure In Healthcare

You can no longer send sensitive PHI information to a fax machine without risk of running afoul of security and privacy laws. The following is a high-level overview about what the government requires to keep PHI faxes secure, and a review of how today’s computer fax capabilities assist health care entities in that effort.

Any discussion about privacy and security in health care must begin with The Health Insurance Portability and Accountability Act of 1996 (HIPAA), which established regulations for the use and disclosure of an individual’s PHI held by “covered entities”–specifically health care providers, integrated delivery networks (IDNs), health insurance plans, and medical service providers.  And, of course, HIPAA compliance is crucially linked to the billions of dollars in federal financial incentives available for the demonstrated meaningful use of health care IT, a cornerstone of health care reform.

HIPAA’s key requirements for faxing PHI were designed to ensure security at the point of dispatch, during transit, and at delivery:

– Fax machines must be placed in a secure and inaccessible area, with access granted solely to authorized personnel

– Destination fax numbers must be verified before transmission, and recipients must be notified upon receipt of a fax

– Cover sheets must clearly state that the fax contains sensitive and confidential health information; is being sent with the patient’s authorization; should not be forwarded without express consent; and should be destroyed if not received by the intended recipient

– Received faxes must be stored in a secure location, and transmission log summaries must be maintained

Fortunately, today’s computer-based fax solutions have evolved to be more efficient, intelligent, and secure than yesterday’s stand-alone fax machines or multifunction peripherals (MFPs). Today’s computer fax servers help such health care “covered entities” as hospital systems, payers, and physician’s practices achieve HIPAA and HITECH compliance by:

– Automatically routing faxes containing PHI to a recipient’s fax client or email

– Sending notifications of received faxes to a user’s email with a link to a secure directory containing the fax image

– Archiving faxes to a secure location that is controlled by a fax service administrator

– Ensuring adherence to cover page, transaction log, audit trail, and job tracking protocols

– Tying it all together in a searchable, secure database

Faxing remains essential to the sharing of information within the health care industry and its technology continues to evolve as a vital communications tool. Examples of fax technology’s evolution are: premises-based fax servers, hosted cloud fax services, hybrid solutions, digital high definition color IP-only fax, and secure fax systems that combine fax with secure file transfer delivery. These new technologies are using software that integrates with the myriad of in-place enterprise infrastructures and systems to replace a network of 50 million fax machines.

About the author
Alan Gonsenhauser is SVP, chief marketing officer, Biscom. He is responsible for accelerating Biscom’s fax server, hosted cloud fax, and secure file transfer solutions for health care. Learn more at

Comment on this Post

Leave a comment:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: