Archiving & Fax
Server fax di rete per Exchange, SMTP e Lotus
- 5 - 9 utenti: USD 109.00 per utente
GFI FAXmaker and HIPAA Compliance
Introduction:
The U.S. Congress recognized the need for national patient record privacy standards in 1996 and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted. The law included provisions designed to improve efficiency and reduce costs for health care businesses by encouraging electronic transactions, but it also required new safeguards to protect the security and confidentiality of that information. In November 1999, the U.S. Department of Health and Human Services (HHS) published proposed regulations to guarantee patients new rights and protections against the misuse or disclosure of their health records.
The Act has changed the way healthcare organizations send, receive, and manage confidential information. Previous hard copy paper systems are considered insecure and a liability and therefore new alternatives for exchanging and tracking protected health information (PHI) are required.
This document outlines the requirements of HIPAA in terms of faxing PHI and how GFI Software’s GFI FAXmaker, an easy-to-use fax server, can help health organizations to comply with HIPAA’s regulations for information flow and exchange.
Fax Server technology is a secure method of communicating and is simple and affordable way to assist healthcare organizations in becoming HIPAA compliant.
HIPAA and faxing
The primary objective of HIPAA is that health organizations have the infrastructure and procedures – administrative, technical and physical – that allow them to safeguard patient health information from any kind of exposure or disclosure to unauthorized parties when this information is required to be transmitted or delivered to authorized individuals.
HIPAA does not prohibit the use of fax machines to communicate PHI; however the information is subject to strict regulations that protect the privacy and security of the information both at the point of dispatch, during transit and at the point of delivery.
The security provisions of HIPAA require “reasonable” efforts to make sure that the information delivery via fax has been sent securely and was received securely and by the person intended.
HIPAA makes a number of demands to ensure that patient health information is properly protected. These, in relation to security and privacy, include:
- All fax machines are to be placed in a secure area and not generally accessible.
- Only authorized personnel are to have access and security measures should be provided to ensure that this occurs.
- Destination numbers are verified before transmission
- Recipients are notified that they have been sent a fax.
- Include a cover-sheet clearly stating that the fax contains confidential health information, is being sent with the patient’s authorization, should not be passed on to other parties without express consent; and should be destroyed if not received by the intended recipient.
- Any patient data should be in the fax body and not in any of the data fields.
- Faxes are to be sent to secure destinations; i.e. the fax machine of the recipient must be in a secure location, accessible only by those authorized to receive the information.
- Maintain a copy of the confirmation sheet of the fax transmission, including the necessary data such as time and recipient’s number.
- Confirm fax delivery by phoning the recipient.
- Received faxes are to be stored in a secure location.
- Maintain transmission and transaction log summaries.
Why traditional faxing methods are problematic
Although HIPAA does not prohibit patient health information from being faxed to authorized recipients, manual faxing is fraught with security issues that would certainly prevent health organizations from being compliant with HIPAA strict requirements.
With manual faxing, there are a number of risks:
- Fax machines may not be located in a secure area and access to faxes may not be restricted to authorized personnel only
- Senders are required to wait by the machine until the transmission is completed, waiting for the transmission report, collect it and file. They also have to call the recipient to ensure that it has been received completely and as intended. This takes up precious time for the health professional. If the recipient is not available, important information may be delayed
- Incoming faxes need to be removed immediately from the output tray and distributed to the recipient to reduce the chance of an inappropriate use or disclosure
- Any pre-programmed fax numbers need to be validated periodically and regular fax recipients contacted regularly to ensure that the number has not changed
- The destination fax machine may be in a secure location but still accessible to a number of people
- The information in hard copy has to filed securely
- Transmission may not always be secure and reliable (especially in areas with basic telecommunication infrastructure)
- In the spirit of HIPAA, which aims to create more effective health organization practices, manual faxing is expensive – requiring multiple communications lines, hardware, maintenance costs and material (paper and toner)
Why GFI Software’s fax server GFI FAXmaker is the solution
GFI Software’s fax server GFI FAXmaker resolves all the fax-related privacy and security issues that are highlighted in a health organization’s HIPAA plan.
GFI FAXmaker makes sending and receiving faxes an efficient, simple and cost effective process. The problems with manual faxing: printing out the document, walking to the fax machine, waiting for the fax to go through, not to mention the cost of fax machine supplies and repair, are immediately resolved but more importantly GFI FAXmaker allows users to send and receive faxes directly from their email client – in most cases totally eliminating the need for a manual fax machine.
GFI FAXmaker is easy to install, requires little maintenance and integrates with existing messaging clients and customized solutions.
GFI FAXmaker integrates with your mail server, allowing users to send and receive faxes and SMS/text messages using their email client. You can even backup all faxes and search them in the same way that emails are stored and retrieved on the network. Furthermore, if email correspondence is being archived (which is a federal requirement for most sectors), all your faxes are also stored in a central, secure database.
With GFI FAXmaker you do away with the need to handle and transfer original or duplicate copies of patients’ medical records, thereby reducing the risk of losing or misplacing files as well as reducing the time to send the documentation.
Since faxes are sent and received via email and authentication on the email client is required to access the faxes, there is no concern that the patient health information will be sent to the wrong recipient or that someone else can retrieve the information without authorization.
To ensure that only the person that was fax was intended for actually sees the fax, GFI FAXmaker can automatically route incoming faxes to the user's mailbox or to a particular printer based on a DID/DDI/DTMF number or on the line on which the fax was received. Faxes can also be forwarded to a public folder or assigned to a network printer per installed fax port. This means that the fax goes through no other hands.
With server systems and database stored in secure locations and managed solely by authorized personnel only, there is not risk that emails/ faxes can be tampered with, deleted or accessed by third parties. This ensures that all patient information is secure at all times – prior to, during and after transmission.
| Privacy and Security requirements | Using GFI FAXmaker | How GFI FAXmaker meets this requirement |
|---|---|---|
| All fax machines are to be placed in a secure area and not generally accessible. |  | Both outbound and incoming faxes can be sent /received using an email client. This removes the need for a manual fax machine and therefore no special security measures need to be taken to safeguard the data or the equipment. |
| Only authorized personnel are to have access and security measures should be provided to ensure that this occurs. | | Outbound faxes can be sent via the individual’s personal email client. The documentation does not need to leave the sender’s office nor is it handled by anybody else. With incoming faxes, these can automatically be routed to the user's mailbox or to a particular printer based on a DID/DDI/DTMF number or on the line on which the fax was received. This ensures that no one else can see the documentation just received except for the intended recipient or other authorized personnel. |
| Destination numbers are verified before transmission | | By integrating with Active Directory and using the contact lists in the email client, recipients can be pre-programmed, minimizing the potential for human error. |
| Include a cover-sheet clearly stating that the fax contains confidential health information, is being sent with the patient’s authorization, should not be passed on to other parties without express consent; and should be destroyed if not received by the intended recipient. | | Cover-sheets can be created in Microsoft Word with the required disclaimers and added to new faxes at the click of a button. |
| Maintain a copy of the confirmation sheet of the fax transmission, including the necessary data such as time and recipient’s number. | | Transmission reports including miniatures of the fax can be automatically printed. |
| Received faxes are to be stored in a secure location. | | With email archiving implemented all faxes sent ore received using GFI FAXmaker are stored in a secure database, allowing easy access, searching and auditing. |
| Maintain transmission and transaction log summaries. | | With email archiving implemented all faxes sent ore received using GFI FAXmaker are stored in a secure database, allowing easy access, searching and auditing. |
Other benefits of GFI FAXmaker to help you be HIPAA compliant
Reduced Administration
GFI FAXmaker is designed to minimize administration. Infatti, poiché si integra con Active Directory, non necessita di un database di utenti fax separato. Le impostazioni relative all'utente possono essere direttamente applicate a utenti o gruppi di Windows.
Supporto di Microsoft Exchange, Lotus Domino e di altri server SMTP
GFI FAXmaker si integra con Exchange Server 2000, 2003 e 2007 tramite un normale connettore SMTP per Exchange. GFI FAXmaker può essere installato sul server Exchange oppure su un computer separato, nel qual caso non è però necessario installare alcun software sul server Exchange stesso. GFI FAXmaker si integra inoltre con Lotus Domino e altri diffusi server SMTP.
Compatibilità con il Fax over IP (FOIP)
Grazie al modulo facoltativo Brooktrout SR140 basato su host o TE-SYSTEMS' XCAPI, GFI FAXmaker si integra con l'IP PBX (centralino operante via internet) aziendale esistente, supportando quindi funzionalità FOIP senza ricorrere ad apposite apparecchiature. Con i servizi FOIP è possibile inviare facilmente fax via internet, integrandosi contemporaneamente con l'infrastruttura IP esistente.
Compatibilità con server Lotus Notes, SMTP e POP3
GFI FAXmaker si integra con Lotus Notes e con qualunque server SMTP e POP3, tramite i protocolli SMTP o POP3. Può essere installato sullo stesso server di posta o su un computer separato. Nel caso di Lotus Notes, è supportato l'indirizzamento @FAX.
Recapito automatico dei fax/Smistamento fax in entrata
GFI FAXmaker è in grado di smistare i fax in arrivo nella casella di posta dell'utente o verso una stampante specifica, in modo automatico, in base al numero DID, DDI o DTMF oppure in base alla linea che ha ricevuto il fax. I fax possono anche essere inoltrati a una cartella pubblica oppure assegnati a una stampante di rete per ogni porta fax installata.
Archiviazione dei fax su GFI MailArchiver™, SQL o altre soluzioni di archiviazione
GFI FAXmaker consente di archiviare tutti i fax su GFI MailArchiver, su un database SQL o in un indirizzo e-mail. GFI MailArchiver è una soluzione di archiviazione della posta elettronica che memorizza tutte le e-mail in un database SQL e consente agli utenti di cercare e rperire facilmente e-mail e fax già trasmessi. Grazie al modulo OCR, è inoltre possibile cercare i fax in base a un testo specifico all'interno del fax.
Lettura OCR e inoltro facoltativi
Il modulo facoltativo OCR può essere adoperato per convertire in testo leggibile tutti i fax in arrivo, avvalendosi della tecnologia di riconoscimento ottico dei caratteri (Optical Character Recognition o OCR) per poi smistare il fax all'utente corretto mediante parole chiave. Per esempio, è possibile smistare il fax per nome o cognome o per funzione lavorativa. Se GFI FAXmaker non riesce ad abbinare un destinatario, smista automaticamente il fax al destinatario predefinito o al router, funzione particolarmente pratica se si prevede di archiviarli, poiché in questo modo è più facile cercare un determinato fax.
Invio di fax da qualsiasi applicazione
Per trasmettere un fax, gli utenti lo inviano alla stampante GFI FAXmaker dal relativo menu del loro elaboratore di testi, ovvero creano un nuovo messaggio nel client di posta elettronica (per esempio, Outlook o Outlook Web Access). L'utente seleziona quindi i destinatari del fax dalla rubrica di Outlook oppure inserisce direttamente il numero del fax. Dopo aver fatto clic sul pulsante Invia, il fax viene inviato e l'utente riceve un rapporto di trasmissione nella propria cartella della Posta in arrivo.
Ricezione di un fax via e-mail o in formato PDF
GFI FAXmaker recapita i fax nella cartella di Posta in arrivo dell'utente nei formati TIF (fax) o Adobe PDF. In questo modo gli utenti possono verificare la ricezione di fax da qualsiasi parte del mondo, servendosi di un normale client di posta elettronica (ad esempio, Outlook) o di un client di posta elettronica basato sul web (ad esempio, Outlook Web Access). La ricezione dei fax in formato PDF implica che il fax può essere inoltrato con facilità e permette inoltre una semplice integrazione con i sistemi di archiviazione dei documenti o con i software e le procedure di workflow.
Supporto dei contatti di Outlook
Non è necessario avere una rubrica fax separata: è sufficiente selezionare il destinatario Fax (Uff.) dall'elenco dei Contatti di Outlook o nell'Elenco indirizzi globale, né è necessario duplicare le voci degli indirizzi.
Possibilità di allegare documenti Office, PDF, HTML e altri file
Gli utenti possono allegare documenti Microsoft Office, PDF, HTML e altri file ai loro fax. Tali allegati vengono convertiti in formato fax sul server fax. Inoltre, è possibile avvalersi del comando Invia a destinatario posta, disponibile in Microsoft Office e altre applicazioni, per inviare rapidamente un documento come fax.
Integrazione applicazioni e stampa unione automatiche con NetPrintQueue2FAX
La funzione NetPrintQueue2FAX di GFI FAXmaker permette di incorporare un numero di fax in un documento e di stamparlo sul fax da quasi tutte le applicazioni e da qualsiasi punto della rete, senza dover inserire il numero di fax separatamente. Questa funzione risulta particolarmente pratica con le applicazioni contabili: si può trasmettere una fattura via fax con la semplice integrazione del numero di fax nel documento: non è richiesta alcuna integrazione o sviluppo dell'applicazione.
Fax circolari con la funzione di stampa unione di Microsoft Office
Avvalendosi della funzione di stampa unione di Microsoft Word o della suite di prodotti Office, è possibile inviare fax circolari personalizzati. Poiché Microsoft Office supporta ODBC, l'elenco dei destinatari può essere acquisito da qualsiasi database, compresi Microsoft SQL Server, Microsoft Access e molti altri.
