medpro.com - I only use fax to transmit patient information

About Us » Glossary » I only use fax to transmit patient information

I Use Only Fax for Transmission of Patient So HIPAA Doesn't Apply to Me - Right?

Kathleen M. Roman,
Risk Management Education Leader

Debate continues as to whether or not providers who use only telephone, voice, and facsimile technology are required to comply with HIPAA when transmitting confidential patient information. It is likely that all healthcare providers will ultimately be forced to comply. There are several reasons for this speculation.

First, the government is convinced that the quality and efficiency of healthcare services will be improved if related transactions are conducted electronically; the Bush Administration continues to push for all-electronic data systems. Providers who are not HIPAA compliant are unable to participate in any programs in which the government pays for health-related services.

Second, payors are increasingly requiring electronic communications. Providers who do not participate are finding that submissions are more frequently rejected and take much longer to be processed. However, in many parts of the country, medical and dental providers who lack electronic capacity are simply finding themselves squeezed out of the marketplace as payors refuse paper transmissions.

Third, existing case law has not yet clarified whether security breaches arising out of the use of facsimile technology can be excused. Faxes are commonplace throughout the healthcare industry. They are used for their convenience rather than for their ability to protect the privacy of the information they contain. There are numerous ways in which the confidentiality of these documents can be breached. They may be sent to the wrong number and, just as often, they may be received in error from an unknown party. The location of fax equipment may expose information to the view of unauthorized persons. In some healthcare organizations, responsibility for faxing material may be delegated to members of the team who have less training and who may not fully understand the importance of the materials they are being asked to transmit or to process once received.

From a risk management perspective, it is important that the faxing processes used in medical and dental offices should be reviewed for potential privacy and security risks. Once identified, these risks should be addressed in a formal approach that includes policy and procedure development, staff training, and signed confidentiality agreements. By doing so, even those doctors who do not feel obligated to comply with the entire set of HIPAA regulations, may still be able to contend that they were serious about protecting their patients' Personal Health Information (PHI) should a complaint be lodged.