If you’re familiar with the Health Insurance Portability and Accountability Act (HIPAA), you know that it has detailed guidelines on data privacy. While there are no specific rules concerning fax cover sheets, anyone handling protected health information (PHI) should set up communications safeguards. This includes patient information shared by email, phone, fax, or any other method.
While there are plenty of templates available online, not all of them follow this federal law. To ensure that you have HIPAA-compliant fax cover sheets, we’ve come up with this handy checklist for your reference.
Table of Contents
- What Should a HIPAA Fax Cover Sheet Contain?
- What Is a HIPAA Fax Disclaimer?
- What HIPAA Says About Faxing Patient Information
- Guarantee the Security of PHI With iFax
What Should a HIPAA Fax Cover Sheet Contain?
When faxing PHI, the cover sheet must include the following:
- Date and time the fax cover sheet was sent
- Name of the recipient
- Fax number of the recipient
- Name of the sender (covered entity)
- Sender’s fax number
- HIPAA fax cover sheet disclaimer
It’s important that the fax cover sheet declares the document as “confidential” or “for authorized eyes only.”
Aside from these items, it is not recommended to include specific details in the fax cover sheet. For example, you may not include the patient’s name as this violates HIPAA standards. Instead, a fax cover sheet may have the patient’s case number for easy reference.
In some cases, you may include the physician’s contact number, case number, and insurance policy number on the fax cover sheet.
What Is a HIPAA Fax Disclaimer?
A HIPAA fax disclaimer should include the following:
- a reminder about confidentiality
- a warning against unauthorized viewing and use
- instructions on what to do to prevent PHI compromise
Here is an example of a HIPAA fax cover sheet disclaimer:
IMPORTANT: This facsimile transmission contains confidential information, some or all of which may be protected health information as defined by the federal Health Insurance Portability & Accountability Act (HIPAA) Privacy Rule. This transmission is intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential, and/or exempt from disclosure under applicable law.
If you are not the intended recipient (or an employee or agent responsible for delivering this facsimile transmission to the intended recipient), you are hereby notified that any disclosure, dissemination, distribution, or copying of this information is strictly prohibited and may be subject to legal restriction or sanction. Please notify the sender by telephone (number listed above) to arrange the return or destruction of the information and all copies.
This fax cover sheet disclaimer is standard across different industries. You may revise the text to apply to health industry use. Check out these other samples of HIPAA-compliant disclaimers.
What HIPAA Says About Faxing Patient Information
Does HIPAA consider faxing a safe method of sending and receiving PHI? Yes, it does. It’s safer than using email, which is more vulnerable to hackers and phishing attacks. In particular, online faxes are often safeguarded by encryption and password protection to further reduce the risk of unauthorized access.
For faxing PHI, examples of privacy safeguards include:
- Calling the recipient first to confirm the fax number
- Informing them that a document will be sent shortly
- Printing out a delivery confirmation report that proves the transmittal was successful
- Placing fax machines in a private area that is only accessible to authorized staff
- Using fax cover sheets that do not display the patient’s name or other identifying information
According to HIPAA guidelines, physicians can share patient information via email, fax, and phone as long as there are reasonable safeguards.
Here are some examples:
- A laboratory can fax or phone a patient’s results to the attending physician.
- A doctor can mail or fax a copy of lab results to another doctor for specialized treatment.
- A hospital may fax a patient’s condition to a nursing home to which they would be transferred.
Keep in mind that in most cases, a patient’s consent is necessary before you can fax PHI. For example, a potential employer needs the results of a physical exam as part of the hiring process. You still need to get the applicant’s permission before you can fax that information.
Guarantee the Security of PHI with iFax
A HIPAA fax cover sheet serves as a shield against the accidental disclosure of privileged information. It also helps ensure that the sender and receiver do not violate federal laws.
If you don’t want to create a fax cover sheet from scratch, you can use and customize fax cover sheet templates. But if you’re using iFax, the default HIPAA fax cover sheet is already available. All you need to do is fill out the necessary details.
iFax is a reliable HIPAA-compliant fax service with a proven track record in safeguarding confidential data. Thanks to 256-bit encryption, you can be confident about sharing and storing privileged information. You also have access to a secure cloud-based library where you can store and manage medical files from any device.
In addition to being HIPAA compliant, iFax also adheres to GLBA (Gramm-Leach-Bliley Act/Financial Services Modernization Act of 1999) and GDPR (General Data Protection Regulation 2016/679) standards.
Download iFax on your mobile device or sign up for the web app today.