Filter by Category

New Zealand Healthcare Agencies Required to Eliminate Fax Machine Use and Secure Emails for Compliance by 2020

New Zealand's Health Information Security Framework requires emails to be encrypted and secure by 2020


Here’s what you need to know in order to make the transition and achieve compliance with HISF Chapter 8 by 2020

Are you part of a health agency or healthcare organization in New Zealand that uses traditional fax machines or other insecure data transfer methods to share patient information and communications? If so, you’ll want to pay close attention to the January 2020 and December 2020 deadlines for compliance with the Ministry of Health’s Health Information Security Framework (HISF) Chapter 8.  

HISF Chapter 8 Objective: Ensure the integrity of information communicated across networks and that any changes are authorised and controlled

HISO 10029:2015 Health Information Security Framework is a standard for the New Zealand health and disability sector, published in December 2015. The standard is governed by the Health Information Standards Organization (HISO) which was established in June 2003 as a committee operating under the authority of the Ministry of Health and is accountable to the Chief Technology and Digital Services Officer. A recently released requirement in HISF Chapter 8 (Communications) dictates that health agencies should retire analogue fax machines for external communication by December 2020. The organisation asserts that all PII (patient identifiable information) must be protected at rest and in transit. With traditional email and fax listed as two of the most commonly used tools for transmitting patient data in the healthcare industry, their aim is to address the issue of non-compliance with security requirements as outlined in the HISF standard. 

The specific implementation guidance on securing digital communications provided by HISO also states that health agencies are required to comply by enabling TLS version 1.2 or later on email servers with incoming or outgoing email connections over public internet by January 2020. Additionally, and effective immediately, healthcare agencies should not purchase any new analogue fax machine equipment and implement a secure, approved digital alternative by December 2020. Among the recommended alternatives to analogue fax are digital solutions that provide secure email scanned documents, secure messaging, and/or secure collaboration. 

GoAnywhere Managed File Transfer (MFT) addresses the overall objective in HISF Chapter 8 in multiple ways: 

  • Through using secure communications protocols for data in transit and strong cryptographic methods for data at rest.
  • Providing access control mechanisms that allow you to create users, manage permissions, utilise multifactor authentication, interface with Active Directory, LDAP, RADIUS, and includes SAML support.
  • Allowing robust role-based access features including 17 admin user roles to support separation of duties, granular configuration capabilities for new admin user roles, in addition to customisable templates for web users. 

Related Reading: Nemours Children’s Health System Saves Time with Flexible MFT Solution

Effective, Affordable, and Scalable HISF Chapter 8 Email Compliance Tool

GoAnywhere MFT’s Secure Mail enables health agencies and other security-conscious healthcare organisations to transmit messages, files, and attachments through secure channels with the convenience of email functionality. Health professionals can transmit protected health information over TLS version 1.2 connections to provide a link to sensitive data. Secure Mail enforces authentication restrictions on the recipient to ensure that confidentiality is not compromised.  Until the data is retrieved by authorised recipients, the contents are encrypted at rest using strong AES 256-bit ciphers. Secure Mail offers greater protection than traditional email, removes file size limitations, and provides a valuable encrypted email tool to ensure compliance throughout your organisation. 

Your team can access and send Secure Mail messages via our web browser interface or utilise the plugin for Microsoft Outlook to send ad hoc messages and data back and forth between patients, other healthcare offices and vendors such as insurance companies or pharmacies. Granular permissions controls, plus detailed audit logs enable you to keep track of every transfer. 

Mail Example

Eliminating Analogue Fax Communications with Digital Alternatives for HISF Chapter 8 Fax Compliance

Protecting the confidentiality and integrity of data at rest is a constant challenge facing organisations operating in the healthcare sector.  GoAnywhere MFT’s Secure Folders offer an easy to use solution for protecting sensitive data at rest across your healthcare agency’s enterprise and allowing for secure collaboration as dictated by HISF Chapter 8. Secure Folders enables web users to store and access sensitive data through an easy-to-use online interface. Data is encrypted using strong AES 256-bit encryption on enterprise storage locations, even in commercial cloud environments if desired.  Data at rest is then accessible by authenticated and authorised users via a browser interface over HTTPS.  By integrating Secure Folders with other GoAnywhere MFT features, your organisation can safeguard data throughout its lifecycle as required by HISF. 

Files Example

Related Reading: University of Tennessee Medical Center Uses MFT to Improve the Security of Sensitive Patient Data

Securely Collaborate and Share Patient Health Information with GoDrive and Secure Forms

The GoDrive module further compliments GoAnywhere’s file transfer capabilities by offering a secure means to share and collaborate on files between networked and authenticated devices. File permissions can be restricted by administrative users as necessary to maintain the confidentiality of sensitive health data while also applying strong AES 256-bit encryption. Folders can even be securely shared to mobile devices through the convenient GoDrive solutions for Windows, MacOS, or the mobile app. In the worst-case scenario of a lost or compromised device, GoDrive can even remotely remove access to files and wipe folders if necessary.

The Secure Forms module allows you to create and embed forms on a web page so that you can simplify the process of everything from inputting new patient information, to standardising follow up documentation and communication, or requesting information and large attachments from patients. 

See How GoAnywhere MFT Can Help You Easily Achieve HISF Chapter 8 Compliance

GoAnywhere can be installed on nearly any platform on premises or in the cloud, allowing for your healthcare agency to easily deploy the software in minutes. No programming skills are required. The intuitive browser-based web interface with easy drag-n-drop functionality, plus detailed documentation helps get your team up and running quickly.  

Compliance with the requirements of HISF Chapter 8 can be a simple transition with the implementation of GoAnywhere in your network. GoAnywhere Managed File Transfer is scalable to accommodate the needs of healthcare agencies of all sizes, plus it can be customised to your budget and needs to include only the modules and features that suit your organisation. 

We have helped many health organisations with encrypting emails.

If you’d like to learn more, we invite you to request a custom demo where we can show you exactly how GoAnywhere can help your organisation, or if you prefer to try it on your own, feel free to download a 30-day free trial from our website. 



Related Posts


15 Days to PCI DSS 3.2: Preparing Your Organization for Compliance

There are two weeks left until February 1, 2018, the date PCI DSS 3.2 becomes enforceable. In these final weeks, you may be wondering if you’ve checked all the boxes for 3.2 compliance. If you…


3 Data Breaches That May Have Been Avoided through PCI DSS Compliance

  “Dear Valued Customer, As you may have heard, on September 8, 2014, we confirmed that our payment data systems have been breached, which could potentially impact customers using…


8 Essential Resources to Help You Understand GDPR Compliance

On May 25, 2018, the General Data Protection Regulation (GDPR) will be fully enforceable in the European Union. This new regulation succeeds the Data Protection Directive, a two-decade old directive…


10 Shocking PCI DSS Compliance Statistics

If you work for any organization that processes credit or debit card information, you’ve heard of the Payment Card Industry Data Security Standard (PCI DSS), the regulatory standard aimed at…


How to Build a Framework for HIPAA and HITECH Compliance

HITECH laws were enacted to up the ante on healthcare organizations to meet HIPAA legal compliance for data security and privacy, which, of course puts an additional burden on IT to make sure all…