On Path to Electronic Health Information Exchange — Through an Unexpected Method

  • Small
  • Medium
  • Large
Despite efforts toward electronic health information exchange, faxing remains ubiquitous in today's healthcare settings and has long been essential to the daily sharing of secure information between hospitals, medical practices, pharmacies, payors, labs, government entities and other key stakeholders. According to the annual National Physicians Survey released in June this year, fax still remains the predominant form of communication for 63 percent of healthcare providers, and is expected to remain so well into the future. Faxing is a convenient bridge between healthcare entities that are automated or electronic to different degrees.

As the most predominant form of communication among providers, it is important that fax communications are HIPAA compliant. Gone are the days when you could simply send sensitive patient Protected Health Information to a fax machine without risk of running afoul of security and privacy laws. What is changing about fax — and rapidly — are the innovative new flavors of secure, computer-based technologies available to hospitals and health systems that are quickly making traditional fax machines obsolete.

Several new flavors of fax now exist, providing healthcare organizations with big benefits while integrating seamlessly with existing infrastructure and enterprise applications. Fax options such as premises-based, hosted cloud and hybrid (premises + cloud) fax server platforms can save significant costs, drive clinical process efficiencies, help protect PHI security and assist in green initiatives to save power and lower carbon footprints.

Hybrid fax is a "best of both worlds" option, and is increasingly popular in healthcare settings. It provides more robust business continuity and scalable resources, on demand. If the premises-based fax server fails, it will seamlessly switch over to a hosted fax cloud service model, with SSL encryption, ensuring PHI cannot be accessed. Neither hardware failure, telecom failure, nor Internet failure alone can interrupt fax traffic. It's a simpler and more robust way for healthcare organizations to handle fax traffic spikes, and fulfill business continuity and disaster recovery goals, especially when facing  24/7/365 clinical operational requirements.  

HIPAA: A trigger for keeping patient information secure

Following is a high-level overview about what the government requires to keep faxes containing PHI secure, a review of today's computer-assisted fax capabilities and a case study that shows how computer-based faxing has transformed one hospital's workflow while meeting government security and privacy regulations and conferring the benefits of collaboration, cost savings and improved clinical efficiency.

Any discussion about privacy and security in healthcare must begin with The Health Insurance Portability and Accountability Act of 1996, which established regulations for the use and disclosure of an individual's PHI held by "covered entities" — specifically healthcare providers, integrated delivery networks, health insurance plans and medical service providers. And, of course, HIPAA compliance is crucially linked to the billions of dollars in federal financial incentives available for the demonstrated "meaningful use" of healthcare IT, a cornerstone of the Patient Protection and Affordable Care Act.

HIPAA's key requirements for faxing PHI were designed to ensure security at the point of dispatch, during transit and at delivery. They include:

  • Fax machines must be placed in a secure and inaccessible area, with access granted solely to authorized personnel.
  • Destination fax numbers must be verified before transmission, and recipients must be notified upon receipt of a fax.
  • Cover sheets must clearly state that the fax contains sensitive and confidential health information; is being sent with the patient's authorization; should not be forwarded without express consent; and should be destroyed if not received by the intended recipient.
  • Received faxes must be stored in a secure location, and transmission log summaries must be maintained.

Fortunately, today's computer-based fax solutions have evolved to a point that is far more efficient, intelligent and secure than yesterday's stand-alone fax machines or multi-function peripherals. Today's computer fax servers help healthcare "covered entities" such as hospital systems, payors and practices achieve HIPAA and HITECH compliance by:

  • Automatically routing faxes containing PHI to a recipient's fax client or email
  • Sending notifications of received faxes to a user's email with a link to a secure directory containing the fax image
  • Archiving faxes to a secure location that is controlled by a fax service administrator
  • Ensuring adherence to cover page, transaction log, audit trail and job tracking protocols
  • Tying it all together in a searchable, secure database

Improving workflow at St. Anthony's Medical Center

An example of one health IDN that has implemented a medical test ordering and scheduling workflow is St. Anthony's Medical Center in St. Louis.

With more than 4,000 employees, St. Anthony's Medical Center provides a range of inpatient and outpatient medical, surgical, diagnostic, emergency and behavioral health services to more than 225,000 patients annually. A key element of St. Anthony's operations consists of coordinating physician orders for such services as MRIs, X-rays and CAT scans, within the main medical campus and a number of off-campus locations. In the past, an order was faxed to the appropriate destination, where, upon arrival, the patient was matched with his or her order, the test conducted and the results uploaded to their medical record system. Unfortunately, a great deal of confusion and frustration resulted when orders were faxed to the wrong destination. With legacy fax machines, human error was inevitable when handling a volume of 25,000 fax pages per month. Neither the sender nor recipient could verify an order's status and audit trails were impossible. St. Anthony's was also in danger of violating HIPAA regulations by sending sensitive patient information to the wrong places. The medical center needed a solution that was auditable, simpler, more effective and more economical.

St. Anthony's acquired a fax server, providing electronic faxing to all personnel. The fax server resulted in paper usage reduction and assistance with HIPAA compliance. Then St. Anthony's deployed the intelligent routing of faxes based on content — vastly simplifying the ordering process. Physicians could now set up appointments for any test at any location by sending a fax to a single fax number, consolidated from the 18 fax numbers they were using previously. St. Anthony's went from getting many complaints about lost faxes, to surprise at how simple the process became.

To simplify tracking and auditing, St. Anthony's deployed an enterprise workflow application. This powerful tool extracts data from faxes via OCR or barcodes and identifies the fax through such metadata as time sent, sender's number and fax length. Any worker can search using a variety of criteria (date, time, location, patient's name) and instantly view images of the original document. A whole new level of accountability was created.

Sherry Chilton, director of admissions for St. Anthony's Medical Center noted, "We haven't had any missed orders since the implementation."

After an initial roll out to 18 departments, the fax solution has spread to more than 40 departments.  Physicians and case managers are using the system to communicate directly with insurance companies via desktop faxing. "Satisfaction levels for physicians, patients and service providers have improved dramatically," said Ms. Chilton. "A lot of our savings are 'soft,' but user complaints have plummeted, and to me that’s priceless!"

Alan Gonsenhauser is senior vice president and chief marketing officer for Biscom. He is responsible for accelerating Biscom's healthcare fax server, hosted cloud fax and secure file transfer businesses. Learn more at www.biscom.com.

More Articles on HIPAA:

9 Ways Hospitals Should Prepare for HIPAA Audits
5 Ways Hospitals Can Improve Information Security
HIPAA/HITECH Risk Assessments: Are the Standards Being Met?

Copyright © 2022 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars