hipaa compliant faxing in a byod world

HIPAA-compliant Faxing…in a BYOD World TrendsMisconceptionsBest Practices HIPAA-compliant Faxing

The Speakers

Michael FlavinSenior Product Marketing ManagereFax Corporate®, part of j2 Cloud Services

Brad SpannbauerDirector, Product DevelopmenteFax Corporate®, Part of j2 Cloud Services

HIPAA Concerns with BYOD — and Common Misconceptions

Faxing in Healthcare Today

Q&A

Industry Trends: BYOD in Healthcare

Compliant Mobile Faxing with eFax Corporate® and eFax Secure™

BYOD Best-Practices for Protecting ePHI

Agenda

World Leader in Digital Faxing 4

Michael FlavinSr. Product Marketing Managerj2 Cloud Services

Michael PearsonCISSP

81%

of physicians now use their personal mobile devices to access ePHI.

Source:

World Leader in Digital Faxing

60%

of doctors say they avoid at least one adverse drug error a week by using medical apps.

Source:

50%

report these apps save them 20 minutes a day — for a busy primary-care physician, a chance to see 2 more patients a day.

Lost devices

Hacked devices

Jail-broken devices

Stolen devices

Unauthorized access

But BYOD Carries Real Risks for Healthcare Firms


40%of all HIPAA violations involve lost or stolen mobile devices.

Source:


Source:

88%of health firms let staff use personal devices to connect to the enterprise network — but fewer than half of these firms are confident that their staff’s devices are secure.


Healthcare providers are increasingly relying on medical apps in their practices.


HIPAA Concerns in a BYOD Environment

Source: HealthIToutcomes

What if your staff’s devices don’t have built-in security or anti-malware protection?

What if your staff uses their devices to access ePHI without encryption on a public network?

What if they lose a device containing ePHI?

What happens to a device’s data if an employee leaves or is terminated?

An employee uses access through apps to improperly World Leader in Digital Faxing

BYOD Poses Real Security and HIPAA IssuesWith ePHI and BYOD Access via Apps


HIPAA PRIVACY RULE:Requires covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of

protected health information (PHI), in any form.

HIPAA SECURITY RULE:The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards

for protecting e-PHI.

No specific guidance on BYOD, but the onus is on the covered entity to anticipate and protect impermissible,

unauthorized use of ePHI…


But Are These BYOD AppsHIPAA Compliant?

Source: www.hhs.gov


What Rules Apply to BYOD and Apps?Data Encryption Protocols

TECHNICAL SAFEGUARD RULES FOR DATA ENCRYPTION:

45 CFR Section 164.312(a)(2)(iv):

Which one?

“A covered entity or business associate must…

Implement a mechanism to encrypt and decrypt electronic protected health information.”

TECHNICAL SAFEGUARD RULES FOR DATA ENCRYPTION:

45 CFR Section 164.312(a)(2)(iv):

“A covered entity or business associate must…

Implement security measures to ensure that electronically transmitted electronic protected health

information is not improperly modified without detection until disposed of.”

What measures?

Another Critical Question:Are Your Data Encryption Protocols

Compliant?

Bottom LineRules of HIPAA that can help protect ePHI

accessed on apps via BYOD devices

• Access Control – CFR 164.308(a)(4) (Information Access Mgmt)

• Transmission Security – 45 CFR 164.312(e)(2)(i)

• Data Encryption – 45 CFR 164.312(a)(2)(iv)

• Audit Control – 45 CFR 164.312(b)

5 Common Misconceptions About BYOD and HIPAA Compliance

We use leading medical apps to check ePHI on our smart phones, and those apps are probably HIPAA compliant.1.If an employee leaves a mobile device at a coffee house or restaurant, the covered entity is not liable. 2.We ask our staff to password-protect the mobile devices they use for work purposes. We’re HIPAA compliant.3.Our corporate policy is to make every effort to protect patient information— even on mobile devices — and that puts in compliance with HIPAA.

4.

We’re compliant for sure, because the vendor that handles our data storage signed a BAA.5.


10 BYOD Best-Practices for Protecting ePHI

Create clear, concise and comprehensive policies regarding ePHI — and disseminate companywide.1.Create a list of allowed devices (and/or operating systems) your enterprise will allow staff to use for work and to access ePHI.

2.Make sure your ePHI data is secure “at rest” as well as in-transit.

3.Install and regularly update virus-protection, anti-malware software on all of your staffs’ mobile devices that access or store ePHI.

4.Train all healthcare providers and other staff in the secure and compliant use of ePHI on any device in any location.5.

Source:


10 BYOD Best-Practices for Protecting ePHI

Employ the highest levels of encryption possible for all ePHI transmitted, shared or stored anywhere.6.Demand staff implement password protection for all mobile devices that access ePHI.7.Deploy next-gen security technologies such as IDS/IPS, virtualization and application firewalls.8.Implement biometrics, such as fingerprint readers, on portable devices that access ePHI.9.Implement Mobile Device Management — including tracking and remote wiping of any device lost or stolen.

10.

Source:


Mobile Device Management: The Basics

MDM is a process allowing IT to manage and protect mobile devices— both company owned and personal — used across the

enterprise.


Mobile Device Management: Six Best Practices to Enhance Your Mobile Device (BYOD)

Usage and Enhance HIPAA Compliance

Create a dynamic inventory of mobile devices.1.Distribute and enforce password and encryption policies.2.Adopt a tracking/deactivation/remote swipe system.3.Implement a DLP program.4.Maintain separation of personal & professional data on BYODs.

5.Balance employee productivity with IT Control.6.

HIPAA-compliant BYOD (Mobile Device) Faxing Use Cases

Brad SpannbauerDirector, Product DevelopmenteFax Corporate®, Part of j2 Cloud Services

61%of healthcare firms cite fax as one of two top approaches to exchanging critical information.


Healthcare Survey

Faxing: Still a Major Communication Protocol in Healthcare

42%believe online fax is the most effective communication technology for HIPAA compliance.


Healthcare Survey


37%cite fax technology as the most undervalued when it comes to security and business needs.


Healthcare Survey


HIPAA-Compliant Mobile Faxingwith eFax Corporate® and eFax Secure™

Physician faxing image from mobile device to insurance company(Yep — HIPAA Compliant!)

Insurance company faxing approval for surgery(HIPAA Compliant)

Med staff faxing authorization to pharmacy(HIPAA Compliant)

How eFax Corporate Measures Up As Your HIPAA-Compliant Online Fax Solution

Business Associate Agreement

SecurityProtocols

Compliance & Auditability

Redundancy& DR

Business Associate Agreements

Reporting for Compliance and Audit

Redundant Data Centers with DR

Strong Encryption – at-rest and in-motion

Internet

Unparalleled Cloud Fax Infrastructure

30+ Worldwide Colocations

PSTN – SIP Trunk on Redundant Internet Fiber Circuits

TLS Outbound

Secure TLS Inbound

Built on N+1 Network, Systems and Hardware

Business Continuity

Disaster Recovery

24/7/365 Monitoring

24/7/365 Tech Support

Southeast

Southwest

Southwest

Canada

Northwest

Europe

eFax Corporate:a Leader in Cloud Services

eFax Corporate is Part of Publicly-Traded j2 Global (Nasdaq; JCOM)

Market Capitalization: $3.2 Billion

More than 12 million customers worldwide

Growing in revenue for over 17 consecutive years

Unique Intellectual Property (IP) of 40+ cloud-service companies

Deepest online-fax Intellectual Property portfolio

Numerous US and foreign patents

Patents pending across a host of cloud-based communication technologies


U.S. Sales(888) 532-9265

UK Sales+44 (0) 8707113811

www.enterprise.efax.com

Q&A

hipaa compliant faxing in a byod world

Technology

digital faxing hipaa

hipaacompliant faxing

healthcare firms world

byod apps hipaa compliant

byod environment source

hipaa security rule

hipaa violations

covered entity