Goal: Describes what the organization should do to appropriately limit physical access to the information systems contained within its facilities, while ensuring that properly authorized employees can physically access such systems.
The purpose of this policy is to establish a procedure for transmission of protected health and financial information (PHI) via facsimile (fax) or other means of electronic transfer, to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its accompanying regulations, and to protect the confidentiality and integrity of PHI as required by State and Federal law, professional ethics and accreditation agencies.
Whenever possible we will store and review periodically audit controls, like fax transmittal summaries and confirmation sheets to confirm/eliminate unauthorized access or use.