There are many marvels of modern medicine, but the industry’s insistence on using fax machines to communicate isn’t one of them. To its credit, the once-ubiquitous technology provided a reliable and secure method for health care providers to transmit protected health information (PHI). Perhaps more importantly, fax machines were HIPAA-approved.
HIPAA guidelines mandate that certain safeguards be put in place to ensure that documents are transmitted securely and only between authorized users. In their heyday, fax machines provided just that kind of security, and for some time were safer than electronic forms of sharing. After all, sending data over an analog phone line eliminated opportunities for interception along the way, while emails presented prime targets for hackers. But using fax machines to send PHI comes with its own set of perils: If the machine is not in a secure location, anyone can pick up a fax, even if it’s not intended for their eyes; the room for error in entering the recipient’s fax number is significant; and fax machines often fail to send their messages.
The bottom line is that fax machines are HIPAA-compliant, but their paper outputs aren’t always. Fax machines are also frustrating and time-consuming, not to mention antiquated. And if you’re a medical professional on the go, you want to send information safely wherever you are instead of chaining yourself to your company’s secure fax machine.
Luckily, as technology has evolved, so has the ability to send PHI in a variety of methods that HIPAA would smile upon. We’ve come up with several HIPAA-compliant fax alternatives for you to consider as you leave your faxing days behind you:
1. HIPAA Fax Alternative No. 1: Patient and provider portals
Secure websites—often called portals—enable you, as a health care provider, to communicate safely with your patients, billing agents, pharmacies, and others you contact regularly with PHI. Portals like these can be accessed with a secure username and password from any device with an Internet connection. Whether it’s a pharmacist logging in to access someone’s prescription information or a patient accessing lab results or sending her doctor a private message, everything’s secure and everything’s accessible. Portals also make it easy to update contact information or send and receive payments—sure, a fax machine is fine for tasks like these, but executing them directly online is a breeze and ensures peace of mind for all involved. A number of Sookasa users, like RetraceHealth, have actually integrated Sookasa and Dropbox into their patient portals behind the scenes.
2. HIPAA Fax Alternative No. 2: Secure sharing in the cloud
Another option is to employ the cloud, often an overlooked option due to misconceptions about its security. As long as what you store in the cloud is properly protected, PHI will not be revealed—even if an employee misplaces a laptop or accidentally misaddresses an email. Cloud-based programs like Dropbox make file-sharing remarkably simple: Granting someone access to a file becomes as easy as saving it, and shared folders make file transfers virtually seamless.
Sookasa also provides a secure HIPAA fax alternative. Sookasa works within Dropbox to provide the right kind of encryption, protecting PHI before it reaches the cloud. Dropbox houses the data—now encrypted and unintelligible to those who should not see it—while Sookasa holds the keys, ensuring that not even Dropbox—let alone hackers—can break through the encryption. As a HIPAA fax alternative, Sookasa works wonders for allowing health care providers to share protected information with anyone and on any device without the risk of compromised confidentiality. Sookasa allows care providers to securely collaborate on patient files through Dropbox’s shared folders functionality, and more than that, it also allows users to both send and receive files from people who don’t have Sookasa or Dropbox. Imagine the ease with which you could receive a patient intake form directly into your encrypted Sookasa folder. Encrypting information in other ways certainly diminishes the chance of a data leak in the event of a security breach—but entrusting Sookasa with the encryption virtually eliminates it.
3. HIPAA Fax Alternative No. 3: Password-protected documents
Sending documents as email attachments might seem second nature, but before pressing send, it’s imperative to double check that your documents are secure. A number of methods exist that exponentially increase the security of an email attachment, including password protection of Word documents and PDFs. Two-way protection is also an option, and establishing documents as read-only so the data therein cannot be tampered with is a good step toward building security.
4. HIPAA Fax Alternative No. 4: Encrypted emails and text messages
Emails can also be encrypted entirely, meaning that not only must documents be accessed with a password, but their contents appear jumbled to unauthorized users. When an email like this gets sent, the system encrypts the message itself while sending the recipient an unencrypted notification email. She can then click the link in the email, enter a password, and download the message. It’s a bit roundabout, and fairly clunky for patients, but it keeps hackers at bay. Several third-party text messaging systems also exist to encrypt communications and authenticate recipients.
5. HIPAA Fax Alternative No. 5: Virtual private networks
Companies whose employees often work remotely can set up a virtual private network (VPN) to allow secure access to protected files from computers and devices away from the premises. With the right software, a VPN lets you access folders, documents, and other data on your work computer from anywhere you are, eliminating the need for downloading sensitive files onto your home computer or transmitting them in unauthorized ways.
The tradeoff, of course, is that the VPN is often too restrictive; VPNs typically do not allow users to apply a different hierarchy of security for, say, less sensitive data or browsing activities. Channeling all traffic through a VPN can also significantly slow performance. But some practices and providers deem this tightening of security necessary, which makes the VPN a sound option from a security perspective.
This isn’t an exhaustive list of HIPAA fax alternatives, but these methods should underscore the point that when it comes to transmitting documents, security is paramount. Whether it’s via encryption, passwords, secure Dropbox folders, or other means, technological innovations are increasingly enabling HIPAA compliance—and fax machines can remain where they truly belong: in the past.