Ten tips for fax safety

As we discussed in the last two posts in this series, you can see how even mundane office equipment can pose a serious security risk. Part of the security battle here is simply understanding the issue, because the technology already exists to help you erase your fax or copier hard drive. So, are you safeguarding against what amounts to pure error?

As it turns out, there are several steps you and your staff can take to reduce the risk of misdirected faxes:

1. Whenever possible, refrain from sending sensitive PII or PHI via fax. This may seem obvious, but it is important to outline for employees (or remind them about) what types of information should never be sent via fax. For example, some medical facilities make it a policy to never send the most sensitive PHI (such as HIV/AIDS results) via fax.
2. Make sure the fax machine (or any computer used to fax documents) is located in a secured area that requires a password or security access card if possible.
3. Consider ways to de-identify customer/patient information (such as utilizing ID numbers) before faxing confidential paperwork.
4. Include a cover sheet with a standard disclaimer with every fax.
5. Establish a system to confirm and test fax numbers.
6. Perform routine checks to ensure that all numbers are up-to-date (including pre-programmed fax numbers).
7. Whenever appropriate, follow up with the recipient organization to ensure that they are taking proper precautions to safeguard the material sent to them via fax.
8. If a customer or patient requests their information be faxed to them, make certain that staff correctly identifies the individual and obtains appropriate consent before sending.
9. Once the fax is sent, follow-up directly with the individual recipient to ensure it was received.
10. Establish procedures to respond in the event that a fax containing PII or PHI is sent to the wrong number.

by Charlotte Rose, CIPP
Senior Investigator, Kroll Fraud Solutions

Tags: best practices, data security, data security tips, fax, patient data, PHI, PII, protecting information, sensitive personal information

Categories: Consumer ID Security, Data Breach, Data Security Issues.