PHIPA Compliance – SRFax.com Send and Receive faxes with email or mobile devices.

For its Ontario health care clients, SRFax is committed to compliance with the Ontario Personal Health Information Protection Act (PHIPA).

When you send a fax through our service, you’re ensuring your own peace of mind. Our PHIPA compliance ensures that all your health information will be completely secure. We pledge to safeguard your fax information with SSL encryption, firewalls and even optional PGP encryption. Read on for full details concerning our security measures. SRFax ensures that at no time during transmission does your data ever leave Canadian borders. All data is stored in our facilities which are based in Vancouver, British Columbia.

When personal health information is faxed from a computer, security measures are implemented by SRFax. We take reasonable steps to ensure that personal health information in our control is protected against theft, loss and unauthorized use or disclosure and we ensure that the records containing the information are protected against unauthorized copying, modification or disposal.

User Authentication

Users can access the SRFax service via Email or online only with a valid username and password combination which are SSL encrypted. An encrypted session ID cookie is used to uniquely identify each user. While logged into our servers, all communications will be encrypted at all times.

Application Security

Our robust application security model prevents any SRFax customer from accessing another’s data. This model enforced for the entire duration of a user session and controlled by your EMR software.

Organizational Safeguards

The information contained in faxed documents is proprietary to the customer sending the fax. SRFax employees do not have access to the SRFax production equipment, except where necessary for system management, maintenance, monitoring, and backups. The SRFax servers that process faxes are in a secure environment that is accessed by a team of approved professional engineers and security specialists only. As a result, all information passing through SRFax server environment remains protected and secure.

Physical Safeguards

All SRFax fax production equipment is housed at a facility that provides 24-hour physical security, redundant electrical generators and other backup equipment designed to keep servers secure and continually up and running. SRFax leverages the strongest encryption products to protect customer data and communications, including 2048-bit SSL Certification and 2048 Bit RSA public keys. The lock icon in your internet browser indicates that data is fully shielded from access while connected to our servers.

Perimeter Defense / Operating Systems

The network perimeter is protected by multiple firewalls and monitored by intrusion detection systems all sourced from industry-leading security vendors. In addition, SRFax monitors and analyzes firewall logs to proactively identify security threats. SRFax enforces tight operating system-level security by using a minimal number of access points to all production servers. We protect all operating system accounts with passwords, and production servers do not share a master password database. All operating systems are maintained at each vendors’ recommended patch levels for security and are hardened by disabling and/or removing any unnecessary users, protocols, and processes.

Reliability and Backup

All networking components, SSL certificates, accelerators, load balancers, Web servers, and application servers are configured in a redundant configuration. All customer data is stored on a primary database server that is clustered with a backup database server for redundancy. All customer data is stored on disk storage that is mirrored across different storage cabinets and controllers. All customer data is automatically backed up on a daily / weekly basis.

No Storage Option

We recommend clients set their account to delete fax data once it has been delivered or retrieved. Immediate deletion of the data once it has been delivered ensures maximum protection of any private health information. By doing this SRFax is simply a gateway for your faxing requirements.

Tips for Safer Faxing

Assess the recipients security infrastructure
Always ensure that the receiver has taken appropriate precautions to prevent anyone else from accessing the electronic or paper based faxed documents.
Confirm recipients fax number
Before sending a fax, check that the receiver’s number is correct.
Always include a cover sheet
Always complete a fax cover sheet that clearly identifies both the sender and the intended receiver. The cover sheet should include a standard confidentiality notice stating that the information contained in the fax is legally privileged, that the fax is intended for the named recipient only and a request to contact you directly if the transmission was sent in error.

PGP Encryption

SRFax also offers added security by allowing users to use PGP Encryption. All that is required is a PGP Public Key to be uploaded for each Email address. When a fax is received by SRFax, the Email notification is automatically encrypted using the PGP Key provided before delivery. The recipients PGP-enabled Email software will then decrypt it for viewing. Complete, end-to-end security is provided through this fully automated, widely available, and easy-to-use process.

Please contact us if you require more details on encrypting your faxes.