Virtual Fax

HIPAA Compliance Checklist: Everything You Need to Know

HIPAA Compliance Checklist

You may be wondering why HIPAA is that important and like to have HIPAA compliance checklist to ensure that your medical document transfers comply with HIPAA.  

Did you know that hacking is one of the main reasons why patient data is leaked? Particularly, it accounts for 74% of leaks, and according to a HIPAA study, the number of medical data leaks increased by 25% in 2020. The combination of rapid digitization, remote work and online medical care that has emerged since the COVID-19 pandemic has increased the use of cloud technologies for sending confidential healthcare documentation such as virtual faxes, which has made the industry more vulnerable to cyber-attacks.   

That is why in this article we show you everything you need to know about HIPAA and provide you with recommendations and compliance requirements to ensure that the solutions you use for sending confidential healthcare documentation fulfill them.

What is HIPAA?  

The Health Insurance Portability and Accountability Act (HIPAA), enacted in 1996 by the U.S. Congress, protects medical and identifying information such as patient medical records or insurance policy information used or disclosed by entities such as health plans, health information clearinghouses, and any health care provider, in any form, whether electronic, paper or voice. 

Some facts you should know about HIPAA  

Did you know that breaching HIPAA, in addition to monetary penalties, can land a company on OCR’s (Office for Civil Rights) “The Wall of Shame” public list for two years?      

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is responsible for enforcing HIPAA privacy and security rules and is charged with conducting inspections, reviewing complaints, and conducting educational activity. 

But let’s get to the worst-case situation: non-compliance.      

In the event of HIPAA non-compliance, these agencies will ensure that the entity takes corrective action, including appearing on the OCR public register and depending on the extent of the violation of the law, payment of fines or criminal penalties for the most serious cases. 

What are the penalties for HIPAA non-compliance?  

You should know that there are 4 levels of penalties depending on the HIPAA breach that takes place.  

  • First level: Unknowing (penalties between $100 and $50,000).  
  • Second level: Reasonable cause unrelated to deliberate neglect (penalties between $1,000 and $50,000).  
  • Third level: Deliberate neglect corrected within 30 days (penalties between $10,000 and $50,000).  
  • Fourth level: Deliberate neglect not corrected within 30 days (penalties of $50,000). 

HIPAA compliance checklist for documentation submission 

Although HIPAA does not specifically mention fax regulations, it is essential for healthcare organizations to ensure the protection of patient information and, therefore, to have confidential document delivery technology solutions that ensure the protection of patients’ medical data by following security methods such as encrypted document exchange, encryption at rest, secure socket layer protocol and user authentication. 

Here are some of the requirements and recommendations to consider when choosing a document submission solution such as virtual fax:  

  • Have the possibility of adding a cover page to ensure the confidentiality of the data you send.  
  • Existence of a signed Business Associate Agreement (BAA).  
  • Implementation with the necessary and appropriate security and encryption for the protection of data in transit and at rest.   
  • Provide user authorization protection, access controls, and secure user authentication.  
  • Provide secure socket layer protocols.  
  • Ensure compliance with the privacy rule that patients have the right to access their health-related information, ensuring the secure storage and full traceability for easy retrieval.   
  • It is recommended that there is additional security on the servers where the data is hosted.  
  • Additional security on the servers where the data is hosted is recommended. 
  • Full and ongoing training on HIPAA and its compliance is recommended. 

Solutions for sending confidential documents in the cloud such as eComFax meet the above requirements and recommendations, ensuring compliance with confidential data privacy laws such as HIPAA through a secure and traceable solution that guarantees not only compliance with regulations but also ensures the total privacy of customer information. 

To learn more about our eComFax communications hub, click here.

May 4, 2022

Author: Laura Álvarez