Compliance:Breaking down the misconceptions, and how an advanced fax solution can help

Contents

01

02

03

04

05

06

07

08

Introduction

Defining Compliance: HIPAA

Defining Compliance: PCI DSS

Misconceptions Surrounding Compliance

Transmitting Sensitive Data: Specialized Protection Required

The Problem with Email and Unsecured Public Internet

What Today’s Businesses Need for Compliance

Secure Fax Solutions to Support Compliance

Introduction

Businesses today have their work cut out

for them when it comes to sending and

receiving sensitive information. Whether

this data belongs to customers, or is the

company’s own intellectual property, it

represents a valuable target for hackers.

What’s more, it isn’t just external factors

that organizations have to consider -

there are also standards governing the

practices of enterprises within specific

industries, including health care and retail.

Any firm that deals with sensitive patient

data is beholden to the Health Insurance

Portability and Accountability Act (HIPAA);

similarly, all organizations that accept

customer payments by credit or debit

cards must adhere to the rules from the

Payment Card Industry Data Security

Standard (PCI DSS) or risk losing their

merchant account.

1

These rules require

specialized protection for

sensitive, personal data, and

many companies are turning

to advanced fax solutions as

a simple, streamlined and

secure way to support

their compliance.

https://www.faxcore.com/

Defining Compliance: HIPAA

HIPAA impacts organizations inside and

outside the health care sector. Overall,

it is a set of rules - including the Privacy

Rule, Security Rule, Enforcement Rule and

Omnibus Rule - that creates an industry

standard for the privacy and security of

health care patients and their sensitive,

personal information.

HIPAA requires that health care institutions

and any firm dealing with the personally

identifiable information (PII) of patients must

take special precautions when sending

and receiving this data, or participating in

electronic health care transactions.

The rules included help health care

providers and other organizations ensure

the confidentiality, privacy and security of

sensitive information, even as advances in

technology threaten it.

2

https://www.faxcore.com/https://www.hhs.gov/hipaa/for-professionals/index.html

Defining Compliance: PCI DSS

PCI DSS affects every company and

agency that accepts, stores or processes

payment card information. Similar to

HIPAA, the standards included work

to ensure that customers’ sensitive

information - including their payment

card and PIN - is safeguarded during all

physical and digital transactions.

3

PCI standards include requirements for:

Creating and maintaining a secure network environment.

Protecting cardholder data with encryption and other safeguards.

Maintaining vulnerability management through anti-virus and other protections.

Implementing robust access controls, including restricting digital and physical access.

Monitoring and testing the network and security systems.

Creating and maintaining an information security policy.

https://www.faxcore.com/https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security

Misconceptions Surrounding Compliance

Organizations inside and outside the

health care, retail and banking industries

should understand these standards and

the responsibilities they hold according

to these rules. However, there are a

few misconceptions regarding overall

compliance with HIPAA and PCI DSS:

4

While there are certain groups – including

the U.S. Department of Health and Human

Services, as well as the Payment Card Industry

Security Standards Council – that are highly

involved with HIPAA and PCI DSS, there is no

single governing body that businesses must go

through in order to achieve compliance.

Although some providers tout their solutions

as “compliant,” no hardware or software

is inherently compliant. These systems

can, however, be installed, implemented

and utilized in a way that helps support an

organization’s compliance with industry

standards like HIPAA and PCI DSS.

There is a federal organization governing compliance:

Certain hardware and software solutions are compliant:

http://

Transmitting sensitive data: Specialized protection required

Overall, compliance is about aligning

a company’s practices with the rules

and requirements included in industry

security and privacy standards. This

includes ensuring that there are certain

specialized protections in place for

transmitting sensitive data like payment

card information or patient details.

5

Encryption is the primary method of

achieving security and privacy - and

is required for sensitive data in transit

or at rest within servers under PCI DSS

and HIPAA. However, encryption can

be difficult for users to implement, and

additional protections are needed to

properly ensure that only authorized

users have access to sensitive PII.

https://www.faxcore.com/

The Problem with Email and Unsecured Public Internet

Many users beholden to HIPAA or PCI

DSS wonder why traditional email isn’t

a viable option for sending or receiving

sensitive data. The issue here not only lies

within the needed encryption, but also the

connection over which emails are sent.

The majority of emails – unless there is an

MPLS connection between sending and

receiving email servers are transmitted

over public internet, which is inherently

vulnerable and does not provide the

6

proper data protection for compliance.

Sensitive information must be properly

safeguarded during transmission and

while at rest. In this way, a sender emailing

an unencrypted document containing

sensitive data over public internet, and

the receiver who stores it in their email

folder, are both noncompliant. This puts

both at risk of a security breach, as well

as other negative consequences like

noncompliance penalties and fines.

https://www.faxcore.com/

What Today’s Businesses Need for Compliance

7

All of this and more is achievable through

an advanced fax solution that can support

an organization’s compliant workflows

concerning personal health information or

payment card data.

In order to meet compliance with HIPAA and PCI

DSS, businesses require a secure system that:

Does not transmit sensitive, personal data over unsecured public internet connections, i.e. non-https connections.

Features automated document encryption and strong access controls to provide data security

Helps support other compliance requirements for user access controls, security and data privacy.

http://

Secure Fax Solutions to Support Compliance

8

FaxCore is the leader in secure fax

solutions, and understands what it takes to

implement a system that helps businesses

achieve and maintain compliance.

FaxCore provides options for traditional,

on-premise fax and cloud-based fax,

which can be deployed and accessed in a

secure and compliant manner.

Whether your organization is beholden to the standards of HIPAA or PCI DSS - or both - FaxCore has the technology and expertise to support security and compliance. Connect with us today to request a demo and learn more about how FaxCore helps you ensure compliance.

As noted, while hardware and software elements themselves cannot be compliant, FaxCore helps ensure that even organizations leveraging cloud fax

servers can maintain their PCI DSS and/or HIPAA compliance:

Automated document encryption and strong access controls support data security.

Users can access the advanced cloud fax server through a HTTPS-secured browser,

enabling them to easily view, download and receive faxes in a safe and compliant manner.

Businesses can also opt for Office 365 email server in the cloud, which when used

alongside a TLS secure link connecting the company’s instance of Office 365 and the

FaxCore server, can enable protection and compliant email-to-fax transmissions.

https://www.faxcore.com/https://www.faxcore.com/https://www.faxcore.com/https://www.faxcore.com/request-a-demo/

www.faxcore.com

https://www.faxcore.com/https://www.faxcore.com/https://www.facebook.com/FaxCorehttps://twitter.com/faxcorehttps://www.linkedin.com/company/faxcore-inc-/https://www.youtube.com/user/faxcore

contentspage 1page 2page 3page 4page 5page 6page 7page 8

Button 1: Button 2: Button 3: Button 4: Button 5: Button 6: Button 7: Button 8: Button 9: Button 17: Button 10: Button 11: Button 12: Button 13: Button 14: Button 15: Button 16: Button 18: Button 26: Button 19: Button 20: Button 21: Button 22: Button 23: Button 24: Button 25: Button 87: Button 27: Button 35: Button 28: Button 29: Button 30: Button 31: Button 32: Button 33: Button 34: Button 88: Button 36: Button 44: Button 37: Button 38: Button 39: Button 40: Button 41: Button 42: Button 43: Button 45: Button 53: Button 46: Button 47: Button 48: Button 49: Button 50: Button 51: Button 52: Button 54: Button 62: Button 55: Button 56: Button 57: Button 58: Button 59: Button 60: Button 61: Button 63: Button 71: Button 64: Button 65: Button 66: Button 67: Button 68: Button 69: Button 70: Button 72: Button 80: Button 73: Button 74: Button 75: Button 76: Button 77: Button 78: Button 79: Button 89: Button 90: Button 91: Button 86: Button 85: Button 83: Button 84: Button 81: Button 82: