Fully hosted cloud fax solutions support healthcare security needs

Note: This article, the first in a three-part series highlighting fully hosted cloud-based faxing solutions, will explore the security benefits associated with fully hosted fax. The second piece will look at how cloud-based fax improves reliability and disaster recovery, and the third piece will provide considerations for strategic system upgrades from a paper-based faxing system.

Let’s face it: Fax is still a way of life in healthcare. One report has estimated that 70% of providers still communicate via fax, with public health and senior care relying heavily on fax. With so many faxes crisscrossing healthcare networks, security and HIPAA compliance rise to the top of considerations when choosing a cloud fax solution. Organizations face both technical and operational hurdles to sharing information directly within electronic health record (EHR) systems. Meanwhile, few entities are comfortable sharing protected health information (PHI) using email, which according to Deloitte is the origin of more than 90% of all phishing attacks.

The right fax infrastructure, on the other hand, can provide a safe and reliable way to share sensitive information. That’s why healthcare—along with the legal, financial services, and real estate industries—continue to use fax in an era of email and instant messaging.

However, the right infrastructure is critical. Organizations must be wary of connecting legacy fax machines or all-in-one devices to a corporate network, as research has shown that attackers only need a fax number to hack into a poorly secured device and gain access to an entire network. What’s more, even if organizations have invested in a secure fax platform, their fax storage solution may not be.

Security benefits of cloud faxing

The latest research from IBM indicates that the cost of mitigating a healthcare data breach has topped $10 million. In an industry with ever-tightening margins, few health systems can afford to take such a hit. As organizations evaluate IT assets to determine whether they meet their cybersecurity needs, they cannot ignore fax.

Modern enterprise fax solutions transmit documents using digital platforms instead of old-fashioned fax machines connected to analog phone lines that cannot be placed behind corporate firewalls. Users can keep their fax numbers, but they’ll receive documents on their computer or mobile device. Taking the fax machine out of the equation removes a cybersecurity vulnerability; it also allows fax to live on as the Federal Communications Commission mandates the replacement of analog copper telephone lines.

Enterprise fax solutions tend to come in one of three forms: Private cloud, hosted cloud, and hybrid cloud.

Private cloud, whether hosted directly on fax servers or on virtual machines, gives healthcare IT departments direct control over centralized fax infrastructure. However, many fax servers aren’t equipped to encrypt data, putting them at odds with the requirements of both HIPAA and the Gramm-Leach-Bliley Act. In addition, servers need to be housed in an area with strict security and access controls, which contributes to additional overhead costs.

Hybrid cloud provides the advantage of improved redundancy and availability, given an organization’s access to hosted cloud solutions. Unfortunately, this, also comes with added costs, as organizations must support both internal and external hosting of fax services. More importantly, it increases the risk of non-compliance due to “chain of custody” concerns as documents move from onsite to offsite servers, as each transaction requires encryption.

Fully hosted cloud solutions relieve organizations of the costs and complexities of managing onsite fax infrastructure. Due to their scale, they’re capable of supporting data center infrastructure (Tier III or Tier IV according to the Uptime Institute’s classifications) beyond what a health system can do onsite. Leading solutions also demonstrate their commitment to security by signing HIPAA Business Associate Agreements (BAAs), obtaining HITRUST CSF certification, and leveraging the latest industry standards for message encryption—currently TLS 1.2 encryption for transmitting digital faxes and AES 256-bit encryption for storing them. Fax servers hosted internally can’t provide that level of protection.

HITRUST CSF is no simple stamp. It blends multiple standards and authoritative sources into a single security and privacy framework, which it developed in collaboration with top data protection experts. Fully hosted cloud fax providers must undergo readiness and validated assessments by a HITRUST-authorized third party to determine risk management level and HIPAA compliance, as well as defined and adequate corrective action plans. Earning HITRUST CSF (common security framework) certification provides assurance of security and compliance.

With cybersecurity top of mind for today’s healthcare organizations, it’s critical to ensure that faxing doesn’t give attackers an easy point of entry. Private and hybrid cloud fax infrastructure offer clear advantages over traditional landline fax machines, but a fully hosted solution combines best-in-class security with the cost and infrastructure savings that organizations have come to expect from the cloud.

eFax Corporate is the world’s #1 online fax service and the leader in HIPAA-compliant, HITRUST CSF Certified, digital fax technology. We are part of J2 Global, Inc. (NASDAQ: JCOM) — a leading cloud services company with 24 consecutive fiscal years of revenue growth and over 3,100 employees in 50+ offices around the world.