Sunday, February 11, 2018

Is a Fax here, or is it there?

Who's got the “fax hot potato”?

There's a point at which a fax is neither here, nor there.


Simply by nature of it being a fax means it’s being delivered and for a tiny fraction of time, it’s momentarily in the ethereal space somewhere at a point after it was sent -- and before it was received. 

At the surface it may seem trivial, but the definition of "here" versus "there" matters greatly since HIPAA has a delivery standard for vendors about sending Patient Health Information (PHI) electronically - cloud based fax (CBF) vendors included. 

Plainly, and in terms of fax delivery, the definition gives the distinction of transient versus persistent data storage. Transient cloud fax delivery providers can be exempt from becoming a HIPAA Business Associate (BA), while those that temporarily store the fax, must. The devil is in the details and fax vendors must declare which it is - a transient conduit or a delivery method where PHI faxes are stored - even if for fractions of time. 


If they get it wrong significant financial penalties are at risk for wrongful classifications.

Are all cloud fax providers conduits or much more? Which need to sign a Business Associate Agreement (BAA) and which do not?


Take fresh look at the “The HIPAA Conduit Exception Rule and Transmission of PHI" in an article from the HIPAA Journal online - and decide for yourself. -mm