Moving your office from fax to encrypted email
Physician’s offices are under increasing pressure to produce a more efficient, compliant, and secure workflow to handle all aspects of patient communications. Industry risks, government regulations, and staffing costs drive the savvy Office Manager to continually scout out better processes for communicating critical information and building a trusting relationship with patients.
The advantages of moving from a mix of digital and analog processes to an all-digital workflow are numerous. One aspect of a digital workflow—moving from fax to encrypted email for records transmission—has three immediate advantages: reduced expense, increased compliance, and improved security.
Efficiencies – less costs and more productivity.
The fax process is no longer the most efficient workflow for transmitting documents. Unlike encrypted email, faxing lowers the image quality of documents being sent, wastes paper, and requires a person to physically process the documents. The conventional fax machine presents an array of hassles as well, such as lack of receipt verification, paper jams, setup costs, routine maintenance, and simply having to shuffle around the documents that are produced throughout the course of each day. At the end of the process something has to be done with the paper that is produced; it’s either scanned and destroyed (not particularly eco-friendly) or filed away.
In an attempt to alleviate the physical inefficiencies of the fax process, some offices use virtual faxes. These rely on computer software and scanners to replace the physical costs of paper, ink, fax machine, and staff time. However, the most common uses of virtual faxes are unsecure, failing to meet industry-standards for encryption, authentication, and certification during the virtual fax transmission.
Compliance – HIPAA/HITECH regulations and best practices.
Government regulation has always been part of the “cost of doing business” for the modern physician’s office. The U.S. Department of Health and Human Services (HHS) was appointed by the U.S. Congress to issue regulations requiring breach notifications for unsecured protected health information (PHI). Only encryption and destruction are approved methods to render PHI secure. Because of this, basic access controls and firewalls are not enough to secure PHI, whether one is talking about a traditional fax, virtual fax, or email process.
Although the privacy rules do not require PHI encryption, it is addressable. Regulations allow that if PHI is secured (encrypted), then any data breach does not have to be disclosed since no harm will come to an individual if the lost or stolen data cannot be linked to a particular person. In other words, encryption of data goes beyond what is required by the regulation and therefore renders the offense and penalties of no consequence should a data breach occur.
Keeping PHI secure in transit over electronic networks is also critical to comply with the HHS regulations. Appropriate steps must be taken to ensure that PHI sent through email or other networks remain secure. Encryption of email messages is an easy way to ensure the security of PHI in transit, as well as at rest. Note that traditional fax transmissions do not technically meet this level of security since the fax signal is not encrypted and could be intercepted while in transit.
Offices that correspond with business associates may find transmitting PHI information via encrypted email is more advantageous for an efficient work flow. Offices that currently contact their business associates via phone or fax can improve the audit trail procedures needed for compliance by utilizing the encrypted email process. In the time it takes to dial the number via phone or fax to a business associate, an encrypted email could have been completed. There would be no question if a voice mail message was received or a fax was delivered to the business associate. Time management, audit trail reports, security and compliance of the information transmitted would all be satisfied in one encrypted email.
Security – encryption and confidence.
The fax process is unsecure, as is regular email transmission. During the early days of email use in office environments, and particularly after the introduction of HIPAA in 1996, there was a flight away from email use because the security implications weren’t fully understood and couldn’t be guaranteed. Modern encrypted email is not the same technology as what existed 1996. Secure email today can guarantee safe transmission through encryption of the data, authentication of the recipient, and certification that the transmission was not changed.
The underlying goal for any security practices within an office is to engender confidence between the physician and the patient—it’s a clear, though often unrecognized, extension of the physician’s bedside care. Additional advantages, such as decreased liability, privacy protection, HIPAA compliance, and patient choice are important side effects, but not the end itself to modernizing the workflow from fax to secure email.
CREDITS
story
by JEAN A. FROESCHLE-EXUM
About the author: Jean A. Froeschle-Exum is a HIPAA/HITECH compliance expert and an officer at JST Financial LLC.