hipaa compliant faxing

5 Tips for HIPAA Compliant Faxing: All You Need to Know

Alexis Basilla

Share with:

If your organization is coming from the healthcare industry or medical background, there’s a high chance you are still sending faxes daily — which means you must have reasonable safeguards in place to ensure they are HIPAA compliant.

When it comes to HIPAA compliant faxing, your organization must ensure that all Protected Health Information (PHI) being sent and received is safe according to the Health Insurance Portability and Accountability Act (HIPAA) from 1996. This act safeguards medical records and patient data and provides a framework on when PHI can be shared and with whom.


Table of Contents


5 Tips for HIPAA Compliant Faxing: All You Need to Know

What is a HIPAA violation?

HIPAA states that only the minimum necessary information must be disclosed in a fax, so disclosing too much is a violation. Some other things that constitute a violation are:

  • Disclosing PHI without permission
  • Accessing PHI without authorization
  • Failure to dispose of PHI when it’s not needed anymore
  • Failure to manage risk and conduct a risk assessment
  • Not having safeguards in place to ensure PHI is safe
  • Not monitoring access to PHI
  • Not giving patients copies of their PHI when they request it
  • Not having access controls
  • Not having a HIPAA complaint agreement with vendors before sharing PHI
  • Delaying a notification to patients in case of a breach
  • Ignoring the 60-day timeframe from breach discovery to issue a notification
  • Mishandling and missending HIPAA
  • Not documenting compliance efforts

With such a variety of violations that can occur, how does a healthcare facility keep track of whether a breach has happened? The most common way HIPAA compliance violations are uncovered is through internal audits, but healthcare professionals who have violated HIPAA regulations will often self-report to minimize the impact of the violation. Some organizations may also have a compliance team that consistently checks for potential violations.

What Happens if You Breach HIPAA Compliance?

Financial penalties for HIPAA compliance violations are high, and it doesn’t matter if the violation was intentional or not.

Fines can reach $25,000 per violation category, per the calendar year when issued by state attorneys. But, the Office of Civil Rights (OCR) can issue higher fines, going up to $1.5 million per violation category for each year of violation. There have already been instances of multi-million-dollar fines.

HIPAA Violation Tiers

Not all HIPAA violations hold the same weight when it comes to consequences. There is a structure that’s used to define the height and severity of penalty:

  • Tier 1 Violation – With a minimum fine of $100 to $50,000 per violation, this tier is reserved for instances when an organization was unaware of a violation that could not have been avoided, but it has taken steps to abide by HIPAA rules.
  • Tier 2 Violation – With a minimum fine of $1,000 to $50,000 per violation, tier 2 is reserved for instances when an organization should have been aware of the violation, but it could not be avoided even with precautions.
  • Tier 3 Violation – This tier is for instances where there was “willful neglect” but there was also an attempt to correct the violation, with the fine spanning between $10,000 to $50,000 per violation.
  • Tier 4 Violation – This tier is for instances of “willful neglect” without any attempts to correct the violation, with a fine starting at $50,000 per violation.

Health and medical organizations are all required to take extra security measures to ensure they are HIPAA compliant. Unfortunately, old faxing machines can easily compromise information. These machines are a far cry from being considered secure enough for PHI, even when they are used as fully standalone systems not connected to the rest of the network. That’s why it’s vital that healthcare companies switch to a HIPAA compliant faxing system.

HIPAA Faxing vs. Traditional Fax Machines

There are major obstacles to overcome for fax machines to be deemed secure enough for sensitive patient information. Organizations shouldn’t depend on unreliable fax machines only because of the current interoperability issues of eHealth systems.

Since switching to newer solutions takes time, it’s important to ensure that PHI remains safe while fax machines are still in use. All employees should be well aware of the HIPAA faxing rules and practices that come with using traditional fax servers.

Practicing safe faxing while using HIPAA compliant fax machines is a good countermeasure against privacy breaches in a traditional setup.

5 Tips for HIPAA Compliant Faxing: All You Need to Know

HIPAA Compliant Faxing: Tips for Remaining Compliant

Handling PHI can be tricky, but luckily there are a few helpful methods and tips to securely send patient information.

1. Never Leave Faxes Unattended on a Fax Machine

Whenever you need to send a fax that contains PHI or other personal information, it is a golden HIPAA fax rule that you stay beside the machine until you are finished faxing. Even if you have other quick tasks you’d like to take care of while sending a fax, leaving the documents unattended can lead to a major violation. Stay near the fax machine until the fax is complete. It’s a standard rule in HIPAA compliant faxing!

Tip: Take precautions before sending the fax through and ensure that the recipient has their fax machine in a secure location where the documents won’t be accessible to unauthorized personnel. Include an additional fax cover sheet to ensure that the document remains secure.

Now, what about if you’re faxing online? A similar rule applies. Never leave your computer or device unattended. Set a security password to thwart off unauthorized access. If you are using a shared computer, make sure to log out from your online fax account once you’re done faxing. In case you need to save a fax document locally, make sure that it is well secured and that no one else can access or view it except those who are authorized to do so.

2. Switch to a cloud-based HIPAA compliant faxing service

Cloud-based or online faxing services like iFax don’t only transfer your faxing to the cloud — they bring you new features and capabilities that a regular fax machine or three-in-one machine just can’t offer.

Additionally, it’s a cost-efficient option as you won’t be needing a fax machine anymore. Paper, ink, and toner are purchases of the past and you can save money on incurring costs of electricity.

With a cloud fax service, you can even save on the fixed phone line each month and won’t necessarily need one to send and receive faxes online. With a cloud-based HIPAA compliant faxing service, you have the ability to simply send an email to fax over confidential information right from your phone or computer.

Cloud faxing service providers use military-grade encryption technology to add an additional layer of security to all the data you send via online fax.

While there are plenty of online fax service providers to choose from, always select one that is compliant with all the regulations you have to follow. A top-tier secure fax service will be HIPAA compliant from the start.

Tip: Your online fax service provider is required by law to sign a business associate’s agreement (BAA) with you so that both sides know the HIPAA fax regulations and responsibilities of keeping PHI safe. If a provider refuses to do so, we recommend finding a different service.

3. Use HIPAA Fax Disclaimer

Every time you send a fax document containing PHI, you are required by HIPAA to use a fax disclaimer with the approved statement warning against unauthorized access. This document basically serves as a fax cover sheet to inform the receipt that incoming faxes contain personal health information that is not to be distributed.

While there is no official checklist on what information should be included in the disclaimer, the following information will convey the HIPAA fax regulations needed to stay compliant:

  • Date and time of fax transmission
  • Receiver fax name and number
  • Sender fax number, name, and organization
  • Name of the patient whose information is being sent
  • HIPAA disclaimer prohibiting the distribution of the received information

Tip: If you are switching to an online fax app, double-check whether you are able to attach a fax disclaimer as part of your protocol when sending faxes.

4. Keep an Audit Trail

Another way to maintain HIPAA compliant faxing is to keep track of all activity on your systems and network with audit logs. Audit controls are a requirement for all Covered Entities and Business Associates, meaning that healthcare providers, medical organizations, and all their vendors must keep them.

Cloud fax service providers must, therefore, offer a way to keep track of all the faxing activity to ensure compliance when sending patient health information. While most cloud faxing platforms perform this automatically, the best ones will have an online fax storage system that lets access all document versions to track changes and activity.

Tip: You must keep the logs for at least six years according to the HIPAA fax regulations. The logs must be stored in raw format for 6-12 months before you are free to compress them.

5. Migrate to the Cloud

Most healthcare data breaches happen because PHI was stolen from portable storage devices such as removable drives, laptops, or tablets. While other regulations typically handle such data breaches, stolen PHI creates a violation and an organization becomes susceptible to fines.

With a cloud-based HIPAA compliant faxing service, data is stored securely in the cloud (via remote servers). A well-secured cloud server significantly lowers chances for data breach especially if it is secured by state-of-the-art enterprise-level encryption.

Tip: To avoid data theft from portable devices, ensure that all PHI is heavily encrypted at all times and safely stored in the organization’s cloud server.

5 Tips for HIPAA Compliant Faxing: All You Need to Know

HIPAA Fax Requirements (General Rules)

When it comes to HIPAA compliant faxing, there are general rules and requirements that individuals, businesses, and organizations should follow. Aside from the tips mentioned above, some standard guidelines also apply, including:

  1. The implementation of additional security measures to safeguard and protect sensitive health information;
  2. Running routine security checks;
  3. Those who use online fax services should also enable automatic virus and malware scanning on computer systems.
  4. Updating old software and fax applications;
  5. Ensuring that all third-party integrations are legit and duly authorized to store or handle sensitive health information;
  6. Using strong and unique passwords for every account (fax user);
  7. Staying alert for any possible click baits or phishing scams.

HIPAA Compliant Faxing via Online Fax

For traditional fax users, HIPAA compliant faxing continues to remain a challenge. Since fax machines can’t keep up with the regulatory framework, HIPAA is just one of the many regulations that are slowly pushing them out of offices. Regular risk assessment and staff training can reduce instances of violations, but implementing new technological software is the best solution for healthcare providers.

Thanks to modern faxing solutions, it has become less challenging for the healthcare sector to implement HIPAA compliant faxing. With cloud-based fax services like iFax, there are more ways to safeguard PHI and minimize unintentional disclosures due to human errors and staff negligence.

Simply put, iFax moves your organization away from the traditional fax machines and into the modern era of HIPAA compliant faxing services that connect to the rest of your network. With availability spanning across all major platforms (Windows, macOS, Android, and iOS), iFax comes with more features than a fax machine ever could!

With an integrated document scanner, fax image editing capability, and automated fax image optimization, it’s the go-to solution for health and medical organizations.

Final Thoughts

The practice of HIPAA compliant faxing aims to safeguard sensitive health information against any form of abuse or misuse. For those who are in the healthcare sector, it is necessary to understand the significance of this practice so that it isn’t merely followed for the sake of avoiding penalties and legal violations.

Are you in need of a secure and HIPAA compliant faxing service? With iFax, you can rest easy knowing that your faxes will be encrypted from start to finish!

Try the iFax app today and start sending online faxes from any device even if you’re on the go.

More great articles
hipaa rules for dentists
What Are the HIPAA Rules for Dentists?

Did you know that dentists are subject to the same HIPAA regulations as other medical and healthcare professionals? If you're…

Read Story
hospital billing software
Hospital Billing Software Guide: 3 Important Factors to Consider

The introduction of hospital billing software has impacted the medical and healthcare sector to such an unimaginable degree. This advancement…

Read Story
how are faxing apps compliant with HIPAA
How Are Faxing Apps Compliant With HIPAA? 3 Easy Ways to Find Out!

Digital faxing has evolved to a point where users can easily fax through a smartphone! If not for fax apps,…

Read Story
Subscribe to iFax Newsletter
Get great content to your inbox every week. No spam.

    Only great content, we don’t share your email with third parties.