HIPAA compliance
ShieldQ patient confidentiality/ security measures
ShieldQ recognizes that securing personal medical record information is of great concern to both patients and providers in the health care industry. To address these concerns, ShieldQ implements three levels of security to faxes: technical, physical and procedural.
Technical
ShieldQ provides a full audit trail of faxes submitted and sent through the system. This information is visible online, and optionally, in confirmations returned to the message sender. ShieldQ accepts messages submitted to its systems in encrypted form, whether by SSL or signed email (PKI). ShieldQ does not enable its customer service staff access to viewing patient-identifying content. ShieldQ uses security methods to determine the identity of its users and operators so that appropriate rights and restrictions can be enforced for that user. ShieldQ uses both password protection and usernames in its authentication process.
Physical
All ShieldQ servers are housed in secure environments, which can be accessed by approved personnel only.
Procedural
ShieldQ does not retain copies of faxes containing patient health information. This is achieved by requiring clients who are covered entities to apply the following measures as prerequisites for transmitting patient-identifying health information through our systems:
- Use SSL or PKI to send messages to ShieldQ; the service enables SSL-secured communication to our Web Service servers via https://ws.interfax.net, and public-key encryption of email messages, so that potentially patient-identifying information can be submitted securely for faxing.
- Avoid placing patient-identifying information into any data fields .All other parts of a transaction are retained indefinitely for billing and archival purposes.
Since ShieldQ does not address HIPAA requirements for archive handling, patient-identifying information must not reside anywhere except in the fax itself.
At clients' request, ShieldQ will agree to enter into a "Business Associate" contract, a sample of which can be viewed here. If you'd like more information or clarification on any HIPAA-related issues that involve ShieldQ, please do not hesitate to contact Mr. Ernest Palla, Managing Director of InterFAX US Inc.