PHIPA Compliant Faxing

Private Healthcare Data Remains Truly Private

Personal Health Information Protection Act (PHIPA) is an Ontario act that protects the private health information of a user to be shared with any unauthorized party, in the process of facilitating healthcare services to the user.

Since CocoFax is used widely by clients in the healthcare sector, CocoFax strives hard to use security measures that adhere to PHIPA compliance in the strictest sense.

The entire CocoFax architecture employs encryption standards of the highest level. Further, the account holders are in charge of how they want their private information to be shared.

Therefore, your entire fax data is safe against any data loss, theft, or disclosure without your permission.

There are several steps taken by CocoFax to ensure PHIPA compliance, which include:

User Authentication

CocoFax is a web service that can be accessed online only, either through your web browser or through your email client. Access through both requires login into your CocoFax account using SSL secure credentials.

Every user is issued an SSL encrypted session cookie, which acts as the unique identification of each user. The communications are encrypted for the entire time when a user is logged into CocoFax’s server.

Application Security

CocoFax employs multiple-layer security for each user who is logged into the server. Not one single user can view the private data of another user. The encryption is enabled for the entire login time, and controlled by the EMR software on the user’s end.

Organizational Security Measures

CocoFax’s employees have no access to the private faxes of any user. Even the production equipment of CocoFax cannot be accessed by its employees unless for maintenance, management, monitoring, or backup purposes.

Fax transmission takes place through CocoFax servers that cannot be accessed without special approval. The approval is granted only to specialized security experts and professional engineers, for the purpose of keeping fax transmission safe.

Physical Security Measures

CocoFax’s production equipment and data centers operate in secure and restricted facilities. There are power backups and data backups for everything. This keeps the servers up and running at all times. The 2048 bit RSA public keys and the 2048 bit SSL encryption makes sure that your faxes are secure while in transmission as well as in rest.

You can see a lock icon on the left-hand side of your internet browser, which indicates that all your communication on the CocoFax website is safe and secure.

Network Perimeter Defense

There are multiple layers of firewalls that keep all the outbound and inbound communications on CocoFax’s network safe and secure. The intrusion detector protects CocoFax from any potential cyber-attacks at all times.

All operating systems at CocoFax’s end are safeguarded with unique passwords. Every operating system is updated with the latest security patch recommended by the software vendor.

Data Backups

There are automated data backups for all faxes to keep private data safe and available. To increase the reliability of the system, all system components, networking protocols, SSL certificates, etc. are programmed in a redundant configuration.

Opt-out for ‘Storage’

The user has the option for ‘no storage’, which leads to faxes being sent to their emails only. If a user opts out of storing faxes, CocoFax does not keep any of their private faxes on the servers. Once the fax is delivered, it is deleted immediately.

PGP Encryption

CocoFax’s PGP encryption adds an extra layer of security for the user. PGP encryption provides a way to the user to enable end to end security.

With PGP encryption, a secure and unique PGP key is added for each email address. The fax file that is delivered to the email address is PGP encrypted by CocoFax. The user can decrypt the file at their end.

Secure Faxing Tips

CocoFax uses all possible security measures to keep your faxes safe. However, you should also make sure that the recipient’s security measures are up to the mark too.

Always double-check the fax number of the recipient to make sure that only the intended target user gets your fax. Adding wrong fax number can disclose the fax to unwanted party.

Add a cover sheet to the fax that can clearly state the intended sender and receiver. It should add that the fax is providing legally privileged information, and please contact you immediately if the fax was sent by mistake.