To assist the sudden improve in take a look at outcomes and medical data being transmitted in the course of the pandemic, hospitals, laboratories, and pharmacies carried out extra gadgets and distant connections into their networks. After the Workplace for Civil Rights (OCR) lifted penalties round telehealth to develop care choices amid the disaster, new platforms had been adopted that weren’t beforehand allowed by the Well being Insurance coverage Portability and Accountability Act (HIPAA).
This train of discretion utilized to purposes together with FaceTime and Skype, no matter whether or not the telehealth service administered whereas utilizing the apps was instantly associated to the coronavirus. Sadly, this additionally elevated safety dangers throughout hundreds of healthcare organizations. Since many communications apps should not HIPAA compliant, the danger of a knowledge breach occurring that compromises personally identifiable info (PII) is imminent. For instance, although Apple is a HIPAA enterprise affiliate, it isn’t prepared to signal a BAA, and due to this fact, Apple providers together with FaceTime should not HIPAA compliant.
In 2021, adopting new know-how to make sure the well being and security of sufferers shouldn’t adversely have an effect on safety and privateness. At the moment, digital and direct fax options provide the flexibleness to securely combine with in the present day’s fashionable cell purposes and third-party messaging platforms corresponding to Slack, Groups, and Microsoft Fax whereas sustaining HIPAA, SOC 2, and PCI DSS compliance.
To make sure that protected well being info (PHI) stays safe always, organizations ought to make the most of a hybrid-cloud fax community that leverages defense-in-depth methods together with end-to-end encryption and two-factor authentication. Not like conventional PTSN-based networks, digital fax know-how also can be sure that time-sensitive paperwork are delivered quick with high-resolution, near-diagnostic picture high quality.
Listed below are a very powerful options your group ought to search for to make sure telehealth safety and defend affected person knowledge:
Direct Digital Fax
Many sufferers and organizations are unaware {that a} knowledge change through electronic mail or textual content message will usually cross by way of a number of servers earlier than it reaches the ultimate level of supply. This oblique transmission technique can go away PHI and different unstructured knowledge weak to imminent threats of cyberattacks.
Using a hybrid-cloud community with direct digital faxing is the important thing to making sure communications by no means traverse an exterior phone community and that knowledge is protected in opposition to unauthorized entry. Black and White lists may also be leveraged to put additional restrictions on the change of delicate info. This enables sufferers to obtain high-quality care at house or in individual with out compromising their private info.
HITRUST CSF Certification
The HITRUST CSF certification has turn out to be the gold commonplace for compliance framework within the healthcare business because it addresses the necessities of current requirements and rules together with HIPAA, PCI, COBIT, NIST, ISO, FTC, and state legal guidelines. Whereas the HITRUST CSF can be utilized by all organizations that create, entry, retailer, or change delicate and/or regulated knowledge, it’s best for healthcare organizations due to its prescriptive framework for managing the safety necessities inherent within the Well being Insurance coverage Portability and Accountability Act.
HITRUST gives suppliers a trusted benchmark from which they will measure and handle their very own compliance whereas providing confirmed safety to their sufferers and companions. For assured safety, healthcare organizations ought to search for a fax supplier that’s HITRUST CSF licensed along with SOC 2 and PCI DSS compliant.
Finish-to-Finish Encryption
Implementing a safe change community that leverages well-defined end-to-end encryption strategies, corresponding to these outlined within the Elliptic Curve Built-in Encryption Scheme (ECIES), is essential to completely defend the switch of data between two endpoints. This hybrid encryption scheme makes use of Elliptic Curve Cryptography to generate a shared secret between friends to seed the encryption course of with distinctive keying materials whereas signing and authentication mechanisms guarantee the validity of the info in transit. Even when a third-party tried to listen in on the community communication, the knowledge itself can be indecipherable because of end-to-end encryption.
Two-factor authentication (2FA) also needs to be utilized on each machine that sends and receives PHI. Two-factor authentication can stop knowledge breaches on purposes and platforms by requesting a mixture of credentials at entry factors that solely the precise affected person, physician, billing operator, or pharmacist would know.
Total, community safety can have an opposed impact on affected person care. To safe healthcare know-how in the course of the pandemic and past, organizations should lengthen legacy gadgets, distant connections, and telehealth providers to a safe change community through the cloud. Hybrid-cloud fax know-how can present end-to-end encryption, two-factor authentication, and direct transmissions to guard the integrity of PHI whereas guaranteeing that business-critical communications are despatched with ultra-fast transmission speeds.
About Paul Banco
As CEO and co-founder of etherFAX, Paul Banco is liable for the strategic course of the corporate and leads know-how improvement, together with the patented etherFAX and etherFAX SEN mental property. In 2009, he recognized the necessity to leverage the cloud for safe doc supply and co-founded etherFAX with fellow telecom business veterans. As a cloud-based and digital resolution, etherFAX allows healthcare organizations to securely ship and obtain info from a broad vary of purposes and endpoint gadgets.