As a result of the growing demand for xifax Internet Fax Services in the medical
industry, many organizations are seeking information about HIPAA compliance and how it relates to implementing xifax. This information is presented in the following three sections:

HIPAA Compliance: Fax Machines and IT
xifax Internet Fax Services
xifax Security and HIPAA

Organizations that have questions about their specific needs and implementation plans are
encouraged to contact an Authorized xifax Solutions Provider or Solutions Integrator.

HIPAA Compliance: Fax Machines and IT
Today many patient records, documents and transactions are delivered and exchanged using fax systems while physician’s offices, clinics and hospitals launch and support their HIPAA initiatives.

The HIPAA rules, both established and anticipated, provide a catalyst for medical organizations
to increase their use of IT for handling their protected health care information. But IT systems can only reach so far. For numerous reasons, the need to exchange the bulk of this information via fax is a reality. One of the fundamental drivers behind the creation of HIPAA itself was the need for many different organizations and people to share a single patient’s information.
The need to exchange information between care providers means that regardless of what
internal IT investments and improvements are made by a medical organization, they can not
eliminate the need to share some data with other care givers via fax technology. Depending on
the types of information being exchanged and the types of organizations they are sharing it with, many medical organizations have enough faxing volume and activity to merit improvements in how they send, receive, log and store faxes.

IT Systems/Features – HIPAA Advantages Faxing – HIPAA Disadvantages
PC’s and workstations have user login and password systems. Everyone in a medical office has physical access to one or more fax machines. All popular PCs and operating systems are
designed to blank screens and lock for re-login when there is no recent use.
Many received faxes remain on the fax machine or in a holding tray for long
periods of time. Information is stored digitally behind robust IT security systems and policies. Information is stored on paper creating the need for expensive storage improvements along with inefficient and cumbersome policies and processes.

--------------------------------------------------------------------------------

xifax Internet Fax Services
By enabling users to send and receive faxes to and from anywhere in the world from their PC or
workstation just as easily as they send and receive email, xifax Internet Fax Services
deliver convenient mouse-click and keyboard access to faxing. By enabling organizations to log,
store, and manage their fax records, xifax Internet Fax Services combines the power and convenience of IT systems with the need to support and manage fax as a means of exchanging information. With xifax Internet Fax Services, medical organizations use the many inherent HIPAA advantages of IT systems while eliminating the HIPAA disadvantages associated with faxing.

--------------------------------------------------------------------------------

xifax Security and HIPAA
Organizations with HIPAA compliant email systems gain significant HIPAA compliance advantages for faxing while also enjoying the many other xifax customer benefits. Deploying xifax requires virtually no up-front investment or user training. And unlike traditional fax methods, xifax solutions do not require ordering, installing and managing servers, fax machines, and phone lines. The exchange of information via the public internet is not yet considered to be fully HIPAA compliant but there are effective methods to deploy xifax and using the internet for connectivity. The most effective way for organizations to deploy a HIPAA-compliant xifax implementation is by connecting to xifax via a Virtual Private Network. Using this method leverages the low costs of the internet infrastructure while ensuring that emails containing in-bound or out-bound faxes travel only through a secure and encrypted virtual tunnel.

Alternatively, xifax can be deployed by integrating it with the Microsoft Fax Client that is part of Windows 2000 and higher. Using this implementation method eliminates the need for a VPN
connection but all in-bound and out-bound faxes are secure because they are encrypted using SSL (Secure Socket Layer).

Organizations seeking information about xifax Internet Fax Services should contact their xifax Solutions Provider/Integrator or xifax sales at sales@xifax.net.