How can we improve?

HIPAA compliance for GFI FAXmaker.

The US market needs to have some documentation that shows FAXmaker is HIPPA complient. Can this be accomplished.

Created from a comment by Walter Scott at:
http://ideas.gfi.com/akira/dtd/15621-4178

1 vote
Sign in
Signed in as (Sign out)

We’ll send you updates on this idea

Product ManagementProduct Management shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

3 comments

Sign in
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    [Comment date: 2009-12-22]
    AFAIK HIPAA only requires transmittal of patient's personal information to be encrypted when traversing "public networks".

    1. Fax machines can't perform decryption.
    2. You'd have to wire-tap the "last mile" of the analog lines inorder to sniff the data.
    3. Sending and receiving fax machines must support decryption so you'd probably need electronic fax software on both ends.
    4. In the case of FoIP (i.e. data networks), don't know if FoIP could do encryption or if SRTP can support FoIP.

  • Product ManagementProduct Management commented  ·   ·  Flag as inappropriate

    [Comment date: 2009-10-02]
    Walt,

    You had to throw a hard bone didn't you? :)

    Apparently there's no way of certifying a product as "HIPAA compliant", check this out from http://www.hipaacertification.net:

    --BEGIN QUOTE--
    As per The Department of Health and Human Services (DHHS), which manages and is responsible for enforcing Health Insurance Portability and Accountability Act (HIPAA) Rule, there is no company entrusted to certify individual as "HIPAA Certified" or companies or products getting "official HIPAA certification".

    The evaluation standard § 164.308(a)(8) requires covered entities to perform a periodic technical and nontechnical evaluation that establishes the extent to which an entity's security policies and procedures meet the security requirements. The evaluation can be performed internally by the covered entity or by an external organization that provide evaluations or "certification" services.
    --END QUOTE--

    Needs some thought...

    One option I can think of is to look for some customer who made a HIPAA compliancy review and take it off from there. If the review was successful, extract guidelines from the review and publish them, as well as publishing a case stufy.

    If the review was unsuccessful due to any aspect of GFI FAXmaker, identify the reasons why and take it off from there...

Feedback and Knowledge Base