Your Clients’ Fax Processes Might Have Compliance Gaps—and That’s an Opportunity for You
Pop quiz: Name the operating system that can place a business into possible non-compliance with HIPAA, SOX and GLBA — just for using it after April 2014.
Answer: Windows XP, according to a thought-provoking Tech Republic article.
As the article explains, April 2014 is when Microsoft’s support for XP ended. The article then points out that the regulations named above require that the operating systems of any business dealing with private consumer or patient data maintain active support and all security patches. And while an organization might believe that it is technically on the right side of these regulations if it has installed all patches up to the April support expiration, clearly new security vulnerabilities will appear—and no Microsoft support will be forthcoming. To make matters worse, even a single non-supported endpoint could expose an entire organization’s IT infrastructure to exploits from malware like Cryptolocker, viruses and other cyber risks, which may remain undetected by outdated security programs or software on XP machines. In other words, at some point merely running Windows XP could be enough to make an organization non-compliant with the most important federal rules in its industry, and could also increase the exposure risks associated with running non-supported operating systems.
Do you think all of your clients know this, or all of those who run Windows XP? Probably not. And that’s not a mark against your clients’ IT diligence. They almost certainly maintain sophisticated security protocols to protect their key data and to keep their businesses in compliance—protocols such as firewalls, running frequent audits, intrusion detection and prevention, etc. And, frankly, IT likely is not their core competency—they rely on you for that.
The point here is that these regulations are written so broadly that even the most diligent IT department at your most heavily regulated client’s business might not have realized that support expiration for their corporate operating system could, by itself, trigger a compliance violation.
And this is with a technology that most IT departments are focused on: a computer operating system. How much do your clients really understand about the compliance levels of their fax infrastructure?
Questions to Ask Your Clients About Their Fax Compliance
Just one ruling within one of these federal regulations—HIPAA’s Omnibus Rule—is more than 500 pages. So if a seemingly innocent one-line clause requiring support for a corporate operating system can trigger non-compliance, your clients that use fax need to know the answers to such questions as:
- What compliance vulnerabilities do the use of paper-based faxing represent for our industry and our business?
- What compliance vulnerabilities do the use of in-house fax servers represent for our industry and our business?
- If we use a cloud fax solution, what transfer protocols will provide the highest level of data security while enhancing compliance? SSL? TLS?
- What levels of security must be applied to our “stored” or “at rest” faxes maintained as electronic files? Are there minimum bit rates required for data encryption, for example?
- What physical security measures are required, if any, to protect servers storing our electronic fax documents?
- How do regulatory demands for “direct delivery” of certain confidential information affect our current fax processes?
A Compliant Fax Solution for Your Clients—and a Lucrative Opportunity for You
This list could go on and on, of course. But even if your clients are extremely conscientious, the cost in time, resources and headaches to stay compliant with all of these regulations is too great for them to manage the effort entirely in-house.
Your clients would be far better served by outsourcing their fax infrastructure to a fully hosted, cloud fax service—like eFax Corporate— which would not only significantly reduce their overall faxing costs (and bring their IT department’s fax-hassle count to roughly zero), but would would also bring their fax processes in line with all of these federal regulations.
How You Can Offer Such a Secure-Faxing Solution
eFax Corporate, often complemented by eFax Secure in highly regulated business environments, is a compliant faxing service that millions of businesses trust every day to transmit their most sensitive documents. Our proven process helps enterprises meet the strictest federal mandates regarding data transfer, tracking and storage.
And this solution is now part of our support-driven, high-touch, lucrative Partner Program. Please visit our eFax Corporate Partner page to learn more.
Peter Ely is Leader, Channels, Enterprise Marketing. Currently responsible for the Enterprise Partner Program for j2 Cloud Services, Peter Ely is a 27-year technology veteran, having held senior executive positions looking after Presales Support, Product Management, Product Marketing and Technical Evangelist teams in the telecommunications and data networking arenas in positions located across two continents and three countries. Guest blogs such as this one are published monthly and are part of MSPmentor’s annual platinum sponsorship.