HIPAA-compliant faxing came to the forefront as HIPAA changed the way health care organizations send, receive, and manage confidential information. Previous hard-copy paper systems are considered insecure and a liability, so new alternatives for exchanging and tracking protected health information (PHI) are required.

HIPAA compliance and faxing

The primary objective of HIPAA is that health organizations have the infrastructure and procedures – administrative, technical and physical – that allow them to safeguard patient health information from any kind of exposure or disclosure to unauthorized parties when this information is required to be transmitted or delivered to authorized individuals.

HIPAA does not prohibit the use of fax machines to communicate PHI; however the information is subject to strict regulations that protect the privacy and security of the information both at the point of dispatch, during transit and at the point of delivery.

The security provisions of HIPAA require “reasonable” efforts to make sure that the information delivery via fax has been sent securely and was received securely and by the person intended.

HIPAA makes a number of demands to ensure that patient health information is properly protected. These, in relation to security and privacy, include:

  • All fax machines are to be placed in a secure area and are not generally accessible.
  • Only authorized personnel are to have access and security measures should be provided to ensure that this occurs.
  • Destination numbers are verified before transmission.
  • Recipients are notified that they have been sent a fax.
  • Include a cover-sheet clearly stating that the fax contains confidential health information, is being sent with the patient’s authorization, should not be passed on to other parties without express consent; and should be destroyed if not received by the intended recipient.
  • Any patient data should be in the fax body and not in any of the data fields.
  • Maintain a copy of the confirmation sheet of the fax transmission, including the necessary data such as time and recipient’s number.
  • Confirm fax delivery by phoning the recipient.
  • Received faxes are to be stored in a secure location.
  • Maintain transmission and transaction log summaries.


Why traditional faxing methods are problematic

Although HIPAA does not prohibit patient health information from being faxed to authorized recipients, manual faxing is fraught with security issues that would certainly prevent health organizations from being compliant with HIPAA strict requirements.

With manual faxing, there are a number of risks:

  • Incoming faxes need to be removed immediately from the output tray and distributed to the recipient to reduce the chance of an inappropriate use or disclosure.
  • Any pre-programmed fax numbers need to be validated periodically and regular fax recipients contacted regularly to ensure that the number has not changed.
  • The destination fax machine may be in a secure location but may still be accessible to a number of people.
  • The information in hard copy must be filed securely.

Fax software is the solution

Address all of your information compliance and faxing needs through a single secure fax software solution. All of our products facilitate HIPAA fax compliance and information security in a simple and easy manner while allowing the organization to cut down on excess systems and equipment and ultimately cut faxing costs.

We offer a variety of secure fax solutions to help meet your specific needs and organizational environment, based on the industry-leading RightFax platform.

Contact us at 877-MY-FAXING (693-2946) to discuss how your company can eliminate manual faxing.