Transcript

HIPAA IT Pitfalls to Avoid in 2015Understanding Compliance & Exceptions

Brad Spannbauer

Director, Product Development

eFax Corporate®

[email protected]

The information provided in this presentation does not constitute, and is no substitute for, legal or other professional advice. We strongly encourage you to consult your own legal or other professional advisors for individualized guidance regarding the application of the law to your particular situations, and in connection with any compliance-related concerns.

Are you HIPAA compliant or not?

Today’s Agenda

• 7 common incorrect HIPAA assumptions

• Putting it all together:– The Conduit Exception

– The BAA: Does it transfer your responsibility?

– The Encryption requirement

• So, are you compliant or not?

• Q & A

Document Concerns

More Questions Than Answers?

HIPAA Misconception #1:

Our vendor’s service is HIPAA

compliant…

so we’re HIPAA compliant. Right?

HIPAA Misconception #2:

Our vendor signed a BAA…

so we’re covered. Right?

HIPAA Misconception #3:

We don’t use cloud services…

because they’re not secure. Right?

HIPAA Misconception #4:

Our corporate policies restrict access to

PHI… so we’re in compliance. Right?

HIPAA Misconception #5:

We use an in-house fax server, so our transmissions

are… secure behind our firewall. Right?

HIPAA Misconception #6:

Our EHR system has a well-documented audit trail…

so a document-sharing policy would be redundant.

Right?

HIPAA Misconception #7:

Our email provider offers TLS encryption…

so we’re secure sending email

attachments. Right?

Putting the Pieces Together

Fax for PHI

Putting It All Together

The Conduit Exception

Conduit Exception Scenario #1: Hosted Fax Without Archiving

The Conduit

Exception

HOSTED FAX

Conduit Exception Scenario #2: Hosted Fax With Archiving

The Conduit

Exception

HOSTED FAX

A BAA Doesn’t Transfer Responsibility to Your Vendor.

It Means You Share Responsibility.

We Recommend Sending Encrypted Notifications, Not Documents

HOSTED FAX

Consider Data Encryption to be a de facto Requirement

It’s definitely Best Practice

Data Security is Key for Patient Records

Both at Rest… and in Transit

Next Steps

• Read “7 HIPAA Compliant Assumptions”http://www.hitechanswers.net/7-hipaa-compliant-assumptions-can-trip/

• Whitepaper: “Is Cloud-based Faxing Right for You?”

• 30 day free trial offer.

Q&A

Thank you for your time.

enterprise.efax.com


Top Related