HIPAA IT Pitfalls to Avoid in 2015 Understanding Compliance & Exceptions Brad Spannbauer Director, Product Development eFax Corporate® [email protected]
HIPAA IT Pitfalls to Avoid in 2015 - eFax Corporate
Jul 18, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
HIPAA IT Pitfalls to Avoid in 2015Understanding Compliance & Exceptions
Brad Spannbauer
Director, Product Development
eFax Corporate®
The information provided in this presentation does not constitute, and is no substitute for, legal or other professional advice. We strongly encourage you to consult your own legal or other professional advisors for individualized guidance regarding the application of the law to your particular situations, and in connection with any compliance-related concerns.
Are you HIPAA compliant or not?
Today’s Agenda
• 7 common incorrect HIPAA assumptions
• Putting it all together:– The Conduit Exception
– The BAA: Does it transfer your responsibility?
– The Encryption requirement
• So, are you compliant or not?
• Q & A
Document Concerns
More Questions Than Answers?
HIPAA Misconception #1:
Our vendor’s service is HIPAA
compliant…
so we’re HIPAA compliant. Right?
HIPAA Misconception #2:
Our vendor signed a BAA…
so we’re covered. Right?
HIPAA Misconception #3:
We don’t use cloud services…
because they’re not secure. Right?
HIPAA Misconception #4:
Our corporate policies restrict access to
PHI… so we’re in compliance. Right?
HIPAA Misconception #5:
We use an in-house fax server, so our transmissions
are… secure behind our firewall. Right?
HIPAA Misconception #6:
Our EHR system has a well-documented audit trail…
so a document-sharing policy would be redundant.
Right?
HIPAA Misconception #7:
Our email provider offers TLS encryption…
so we’re secure sending email
attachments. Right?
Putting the Pieces Together
Fax for PHI
Putting It All Together
The Conduit Exception
Conduit Exception Scenario #1: Hosted Fax Without Archiving
The Conduit
Exception
HOSTED FAX
Conduit Exception Scenario #2: Hosted Fax With Archiving
The Conduit
Exception
HOSTED FAX
A BAA Doesn’t Transfer Responsibility to Your Vendor.
It Means You Share Responsibility.
We Recommend Sending Encrypted Notifications, Not Documents
HOSTED FAX
Consider Data Encryption to be a de facto Requirement
It’s definitely Best Practice
Data Security is Key for Patient Records
Both at Rest… and in Transit
Next Steps
• Read “7 HIPAA Compliant Assumptions”http://www.hitechanswers.net/7-hipaa-compliant-assumptions-can-trip/
• Whitepaper: “Is Cloud-based Faxing Right for You?”
• 30 day free trial offer.
Q&A
Related Documents
