HIPAA Fax Cover Sheet: A Secure Guide and Free Templates

Download Free HIPAA Compliant Fax Cover Sheet Templates

Get free HIPAA-compliant cover sheet templates here. These templates warn recipients of sensitive content and have the disclaimers needed for HIPAA compliance.

Choose from three versions:

How To Use These Cover Sheets With mFax

To get started, download the HIPAA fax cover sheet template of your choice from above. Then, follow along with our help video here to get it set up in your account. Be sure to make any customizations and save as an account template to ensure your entire organization will be able to use your new HIPAA safe cover sheet.

What Are HIPAA Fax Cover Sheets and Why They're Necessary

Fax cover sheets give important information about the fax sent. HIPAA compliant cover sheets include directions for the handling of the documents to ensure the security of patient data. Most importantly, HIPAA compliant cover sheet disclaimers indicate the information in the fax is PHI for viewing and use only by authorized entities. By putting this disclaimer on the sheet, senders show they put forth the required effort to protect PHI.

Both physical and digital faxes require cover sheets if they contain PHI. The information on the sheet is essential to alert the receiver of the private nature of the faxed document. Therefore, entities covered under HIPAA should always include a compliant cover sheet on all faxes, regardless of the type of fax sending device.

What Information to Include on a HIPPA Fax Cover Sheet

To ensure delivery of the fax to the correct person and the privacy of patient information, the following information should be included on a HIPAA compliant fax cover sheet:

Receiver Information

This category includes the name and fax number of the receiver of the fax. In many cases, the fax recipient may not be the same as the patient. For example, sending a fax to a physician’s office requires the office’s fax number and the party intended to receive the fax (like in the case of referrals).

Sender Information

Sender information is the name and fax number of the individual or entity sending the fax.

Patient Name and Reference Number  

When sending patient information between healthcare providers, including the patient’s name is essential. In some cases, patients will have a reference number with their case, which should also be part of this section on the cover sheet.

Date and Time Sent

Adding the time and date of the fax delivery provides an additional record of sending for both the recipient and the sender.

Number of Pages on Cover Sheet

Always include the total number of pages faxed on the cover sheet. This number allows the recipient to verify the entire fax came through and printed out correctly.

HIPAA Disclaimer

A HIPAA disclaimer on the fax cover sheet provides information for how to handle a fax delivered to the wrong number or an incomplete fax. This information helps to maintain patient information privacy.

Sample HIPAA Disclaimer

This facsimile transmission is intended for the sole confidential use of the designated recipients, some or all of which may be protected health information as defined by the federal Health Insurance Portability & Accountability Act (HIPAA) Privacy Rule. If you have received this information in error, any review dissemination, distribution, or copying of this information is strictly prohibited. If you have received this transmission in error, please contact the sender to arrange for the destruction or return of the information. If any pages failed to send, please contact the sender at the above number.

How to Improve Fax Security

There are a host of precautions your teams should take to maximize security and ensure HIPAA compliance for faxed PHI. Upgrading faxing methods, securing faxing devices, and protecting network access can all improve the security of your faxed documents.

Use HIPAA Cover Sheets

Given the content of this article, this one's a no-brainer. Protect your organization and prevent unauthorized viewing of sensitive information by including a HIPAA cover sheet to warn recipients that private health information may be included in the transmission.

Fax Only From Secure Devices  

Opting for a HIPAA compliant online fax service saves time, cuts costs in physical materials, and improves your data security. Some of the things we do to protect your sensitive data:

1. Availability of two-factor authentication (2FA) for users
2. Automated session timeouts
3. Tracking and auditing of faxed and received data
4. AES 256-bit encryption both for faxes in storage and transfer
5. TLS 1.2 encryption for transmitted files
6. Strict datacenter security for mFax's servers, databases, and network

Combined with your own HIPAA security efforts, mFax can help ensure all your sensitive communications and PHI are safe and compliant with regulations like HIPAA, HITECH, GLBA, and SOX.

Keep Physical Fax Machines in Secure Areas

The HIPAA Privacy Rule requires covered entities to secure PHI using one of several methods. For instance, entities might shred expired or used documents, file retained information in a locked cabinet, and keep medical records in areas secured with a lock or passcode.

The Security Rule governs electronic personal health information (e-PHI). As a subset of the Privacy Rule, the Security Rule covers everything the former does. It also requires four points for keeping e-PHI secure. Entities must do the following:

1. Protect e-PHI from access by unauthorized personnel
2. Use methods to record and track access to e-PHI through creating audit trails
3. Ensure the integrity of e-PHI from unauthorized changes
4. Protect the transmission integrity over electronic networks

For physical fax machines, keep the device and faxes sent and received in a secure area that only authorized personnel can access. When using digital fax options, ensure your software allows only permissioned users to access received and sent faxes to protect against unauthorized access.

Want to switch to online faxing but still need to keep some physical fax machines? mFax's FaxBridge Connectors allow you to continue using your physical machines and get all the security and reliability advantages from mFax's unparalleled network infrastructure.

Do Not Fax Over Unsecured Networks

When using networked fax machines or multifunction printers with faxing capability, never use unsecured networks. These types of devices are prone to security breaches both through the network and from unsecured internal storage on the device. Encrypting documents before sending them to the multifunction printer will help0 protect them from hackers who try accessing the device.

Get HIPAA-Compliant Faxing on the Most Reliable Fax Network

mFax's ultra-reliable and secure cloud fax network is trusted by hospitals and healthcare providers across North America. See our pricing and sign up for your free trial here to start using these HIPAA fax cover sheets for yourself. Need more info? Get in touch with our experts now.

Sources

https://www.cdc.gov/phlp/publications/topic/hipaa.html

https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html

https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf

‍