Every year in the US over 1.6 Billion USD is lost due to breaches or interception of information not protected by corporations, Government and private industry. The threat is real and growing as the cost of quality software tools and hardware is constantly going down. Faxes for a long time have been considered secure but you should evaluate the risk in your organization.
Faxes are sent via telephone and other methods such as wireless and through computers and the Internet. These faxes can and are intercepted sometimes by persons not authorized to see this information. The goal of this tip is to remind organizations that the fax standard has been posted and that there are freeware programs available to reconstruct fax images from recordings, sniffing software that can detect faxes and pull them off of VOIP networks and then the mishandling of printed faxes after they are received.
Your organization should have a clear policy on the use of fax machines. Medical entities should be especially concerned when sending PHI or PII covered under HIPAA or CMS. These documents may not be handled correctly after they are received or may be intercepted enroute. Here are some tips to protect your organization.
- Ensure cover sheets on all faxes include a disclaimer
- Ensure that you verify the person you are sending the fax to receives the fax by voice or other method.
- Mark and label fax data appropriately if it contains sensitive information
- Use secure fax or other methods when sending patient information to ensure your not violating rules
- Email is just as fast or faster than the fax machine, use encryption and send documents securely through an encrypted service
- Have regular TSCM checks of your communications facilities to ensure your not inadvertantly sending faxed information to the wrong party
- Verify the fax number before sending information. Fax numbers change and you don't want to disclose information to the wrong party
- Remember the fax information is sent via encoded audio, use secure 2 way communications when you absolutely have to send faxes