PHIPA | PHIPA Compliant Faxing

Secure your EMR Faxing.

If you are looking for a streamlined electronic fax solution, including integration with your existing EMR system, AFAX has got you covered.

AFAX follows and complies with guidelines set aside by the IPC (Information and Privacy Commissioner of Ontario) for the Personal Health Information Protection Act (PHIPA).

To be compliant with those guidelines, we have implemented all security measures necessary for privacy of any information storage or transfers within the AFAX™ Platform, including the account holder’s information and all electronic fax documents

Security and privacy measures are fundamental to our application infrastructure; we use our own proprietary software code and safeguard application data using industry standard firewalls. We utilize unique encryption keys for every single fax document stored on our servers, and access is restricted to document owners or other authorized account holders.

To keep your faxes secure in transit, we work with trusted technology partners for our data communication and telecom requirements. We have designed and implemented multi-layer authentication security to the AFAX web portal, and for our enterprise customers using Windows / macOS applications to access AFAX services.

Here is a summary of the steps we have taken to ensiure PHIPA compliance:

Start Free Try Now

Application Security 

AFAX software and applications are built considering all security aspects of modern software development methodology.

Our core application is developed in-house using our own software engineers, not outsourced.

We are not using any open-source or third-party applications which are obsolete or deprecated. This allows us to ensure security of all aspects of our application and software utilities which are exposed to the public.

User Authentication

Access to Fax documents in only possible through multi-layer authentication and authorization. The use of unique account numbers, passwords and multi-factor authentication schemes keeps your account secure.

 All intranet and internet communication channels are secured via 256 Bit SSL Encryption.

Organization Safeguards
 
The unique encryption algorithms and methods used within the AFAX Platform do not allow access to the content of the fax documents except for the account holder and other authorized users added to the account by the holder.
 
Our support staff, including our software developers and system engineers are only able to access the fax
 metadata¥ for troubleshooting and/or feature implementation purposes.
 
¥ Fax Metadata includes information found in the fax header: such as the recipient(s) fax number, date or duration of the fax, status of the fax or any reference number(s).
 
Physical Safeguards

Our facilities and datacenter is located within Canada. Our physical building has 24x7 security, secure room access and locked cages. We keep redundant data backups in the event of system failure and all electrical power sources are protected with generators and UPS. 

Availability, Reliability and Backup

Most of our system infrastructure is built and implemented on redundant platforms to avoid permanent data loss, whenever the technology was available.
We keep backups of customer data in remote storage with the same encryption and security access measures as our main site.

Optout Storage Option

We provide our customers with the option to opt-out of storing their fax documents with us. This means that our system will only retain the fax document for the duration of the fax transmission plus any period required for successful customer notifications.

Optional Encryption

AFAX provides our customers with an added layer of security by allowing the optional use of personal encryption methods, including PGP encryption.
Please contact us if you require more detailed information on encrypting your faxes.

.

Perimeter Defense | Operating Systems
 

Our network is secured by industry standard firewall applications and monitored by intrusion detection systems in real-time.

We keep all of our hardware firmware, BIOS and Operating Systems up-to-date by applying the vendor’s recommended security patches. All necessary system software and applications are password protected with very limited remote access to technical support personnel.