How to Send & Receive HIPAA-Compliant Faxes

hipaa fax

Finding a good HIPAA fax compliant solution is a necessity in the healthcare industry, where sensitive documents like protected health information (PHI) are sent and received in a daily basis. As a matter of fact, it is required by law.

Although for many years offices used fax machines for this purpose, now it is not safe to send faxes via machines because a problem during the process might end up violating HIPAA. In addition, phone lines are subject to interceptions, which make the information potentially accessible to unwanted people.

Luckily, fax now has evolved to become a paper-free process that you can complete just by using your computer and an Internet connection. And new services have popped-up offering HIPAA compliant fax transmissions for businesses that need it, proving that new fax technology is not only faster, but also safer.

What Is HIPAA?

HIPAA is the short name for the Health Insurance Portability and Accountability Act, which was created to improve electronic transmissions of confidential documents, making them more secure.

The main part that deals with faxing in the HIPAA is the “Safeguards Principle”, which states that:

“Individually identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure.”

Healthcare providers are required to follow the regulations on the act, implementing the right online fax security and privacy measures.

But the HIPAA is a dense document with a lot of legal terms that can prove to be a nightmare for IT teams looking to secure the transmissions correctly. To implement the changes, it is much better to opt for a HIPAA compliant online fax service.

Using a HIPAA-Compliant Online Fax Service

The best way to make sure patient information is transmitted following HIPAA regulations is through a HIPAA compliant fax service. Nowadays we can find good alternatives like eFax Corporate and Interfax that provide different types of security measures to guarantee the integrity of your faxes.

When selecting a secure online fax service, make sure you request a “Business Associate Agreement” (BAA). This agreement needs to be signed by your provider as your HIPAA fax partner.

How Do These Services Keep Your Faxes Secure?

Online fax services deploy a variety of measures designed to follow all the requirements from the Act, including:

Encryption. Services use advanced encryption to fax documents via the IP network, implementing the secure TransPort Security Layer (TLS) protocol recommended by the National Institute for Standards and Technology. Encryption is on at all times, no matter if the fax is in transit or at rest.

Access Control. With a service such as eFax Corporate, your documents will be accessed securely from the cloud, providing your unique username and password. These cloud fax servers are protected by 256-bit AES encryption and other security protocols.

Automatic fax removal. When you receive a confidential document, it will be deleted from the servers one you have read it. This is an automatic process that adds a layer of protection from people with access to the servers.

Audit Control. You can track all your transmissions, thanks to a full audit trail of documents faxed through the secure servers. Using cloud faxing, this trail can be accessed at any time. A trail will help you keep track of each patient document, helping you avoid fines associated with non-compliance.

There’s also automatic archiving of incoming documents on your secure account, where they will be stored securely as long as you have an active account.

Receiving HIPAA Faxes Online

When someone sends you a private document via your virtual fax number, it is encrypted and then transmitted to your provider’s cloud fax servers, where it is stored securely following HIPAA regulations.

To access it, you simply log into your account using your credentials. This is an easy and fast way to deal with secure faxes, but make sure you are accessing your account through a secure connection with SSL (https://).

You could also receive fax online via email, but this a more difficult alternative since your email needs to be also fully HIPAA compliant and support TLS for inbound email delivery.

Sending HIPAA-Compliant Fax Online

If you want to send a compliant fax using an efax service, you can:

1. Log into your online fax account, and follow the steps to send your fax from there, using an SSL connection.

This is very easy. Just click on Send a fax and fill out all the information you need to deliver your fax. As always, double or triple check that you are faxing to the correct number to avoid violations.

2. Send your fax over email. Instead of typing and email address in the TO field, enter the number followed by @efaxsend.com (here we are taking eFax Corporate as an example). The message field will act as your cover page and the documents to be faxed will be attached to the email.

The resulting fax will be transmitted in a format that is compatible with both online fax services and fax machines.

Once you press Send, your email will be forwarded to your service’s secure fax servers, using TLS.

Tips for Faxing Through a HIPAA Online Fax Service

  • Request a Business Associate Agreement. This is a requirement by HIPAA HITECH, if your service doesn’t provide an agreement you are not being compliant. We have found some services that advertise as compliant but don’t offer this document explicitly.
  • Always use a cover page. This is also a requirement, and it must contain the approved HIPAA statement when sending patient information. A good service will include it automatically with each transmission.
  • Make sure you don’t have to store faxes locally. Cloud faxing is excellent because it allows you to access and modify your faxes without having to download them. One of the most common causes of breaches is the loss of faxes stored in local devices.