Author:
mFax by Documo

How to Securely Fax Medical Records to Maintain HIPAA Compliance

Failingto meet HIPAA requirements for faxing could cost a company thousands of dollars in fines or more. Consequently, all businesses that handle and fax medical records must keep up with the latest HIPAA requirements for transmitting patient data securely.

Why Faxing Endures in Healthcare

Since1996, healthcare providers have had to keep the Health Insurance Portability and Accountability Act (HIPAA) in mind when handling patient data. At the timeHIPAA passed, electronic health records (EHR) were still far in the future and most medical facilities and insurers used fax machines to send and receive medical information. Faxing remains a common form of exchanging medical information with 70% of providers using this method.

Faxing offers several benefits, including remaining accepted as a secure form of data transmission as long as the sender takes precautions to protect the data and maintains HIPAA compliance. It also allows communication of sensitive information between entities that may use non-compatible EHR systems.

While traditional faxing is often secure enough to be HIPAA compliant, healthcare providers looking to upgrade to cloud faxing may need to be more cautious about the type of service they choose and how they use it to ensure they remain HIPAA-compliant when they fax medical records.

HIPAA Guidelines and How to be HIPPACompliant

HIPAA’s original guidelines and updates, such as Health Information Technology for Economic and Clinical Health (HITECH), remain broad enough to adapt well to technological updates. HITECH, passed in 2009, increased penalties for failing to maintain HIPAA compliance from $100 per violation of the privacy rule to violationsup to $50,000 per violation. Additionally, HITECH required legally binding Business Associate Agreements for all third parties handling electronically protected health information (ePHI). Companies also had to allow patients to access reports covering who viewed their ePHI and under what circumstances.

Per the Health and Human Services (HHS) Department, faxing is permissible between physicians’ offices when transmitting patient medical information. But, per HIPAA, the sender must take precautions to ensure the security of the data faxed by verifying the number, using a cover sheet, and keeping the fax machine in a physically secure location. These security measures ensure the faxing method remains in line with the requirements for protecting patient information, outlined in 45 CFR 164.530(c).

To maintain HIPAA compliance with any faxes sent or received, you need to take the following three measures:

  • Use a cover sheet
  • Create an audit trail
  • Verify the correct recipient

Coversheets provide physical protection against someone seeing personal information from the fax. They also provide information about the fax recipient to minimize the chances of the wrong person getting the fax and its information.

Audit trails track where faxes go from a device or cloud fax service. These trails provide evidence of faxed information and that the sender used the correct fax number.

Verifying the fax number with the recipient is crucial to avoid a one-digit misdial from creating a possible problem of sending sensitive information to the wrongperson. Contacting the recipient and double-checking the fax number, especially when sending a fax the first time, is a simple and effective step to take.

While the above three steps are the basic requirements, you must still do everything possible to prevent a data breach. Therefore, you will need to take steps toensure the security of any internet-connected devices you use, even fax machines.

Security When Faxing Medical Records

Faxing medical records requires precautions to prevent unauthorized access to the information. HIPAA violations have tiers based on the degree of neglect that went into the breach. The lowest level of violation could not have been prevented even with reasonable measures to the highest level due to willful neglect. The more security measures taken to protect PHI data, the less likely violation occurs.

A Lesson from the Past on ProtectingDevices from Hackers

One instance of potential for a violation that could occur even with reasonable security measures in place happened in 2018 with a firmware flaw in HPmultifunction printers.  These printers from HP had a security threat that started with incoming faxes.

A malicious individual would send a specific type of fax to the machine, which would then allow them network access to the other connected devices in the building. While the company provided firmware upgrades to close the security loophole, the incident illustrated the need to verify the security of multifunction printers when using them to fax documents. To securely use these devices, never allow them to locally store information, only connect them to a password-protected network, and keep the firmware updated.

Training for Enhancing Fax Security

Another way to ensure security is through employee training on HIPAA policies. HIPAA requires covered entities train all workers on HIPAA procedures and security. When workers who regularly fax items know about the HIPAA requirements, they will be more likely to check that their faxing procedure adheres to those. Additionally, this training can include how to use new cloud fax services, introducing those to operations or how to correctly use traditional fax machines for those new to this older technology.

Why Email Will Not Suffice for sending Medical Records

Faxing is typically more secure than email because most email providers don’t take extra security measures for the contents of their messages or attachments.Email addresses and passwords appear with high frequency on breach warning websites. The average person has a 41% chance of finding their email login information involved in a security breach. Therefore, anyone with that information can read any of their sent or received emails.

Faxing over phone lines or via a secure online cloud fax system protects the information from hackers. When faxing over the phone, hackers cannot access the information sent via telephone lines. Plus, fax machines don’t typically store information after sending the fax.

Cloud fax services should use multifactor authentication, which prevents someone who only has the user name and password from accessing the account. They also encrypt faxes from the time the fax is sent until the recipient gets it. This encryption uses specific keys to unlock the fax. Someone who does not have these keys cannot see the fax.

Consequently, for HIPAA compliance, faxing will always surpass email security. Using email to send PHI could result in a violation due to the unsecured nature of the systems used by email providers.

How to Fax Medical Records or PHI

When faxing medical records or anything with PHI, the processes for keeping the information private to only the sender’s and recipient’s eyes are important.Correctly using a fax machine and sending the information to the correct number are both vital to avoiding HIPAA violations when transmitting this sensitive information.

How to Send an Online Fax  

Specifics of sending an online fax may depend on the particular program used. However, the general process is as follows:

  1. Log onto the online fax program via its website.
  2. Create a cover sheet or fill out a cover sheet template.
  3. Choose the file to fax from your computer or online drive and attach it.
  4. Attach the coversheet you created to the fax. Often this only requires checking a box to add your coversheet.
  5. Type in the fax number to send your fax to or choose from among your online fax system contacts list.
  6. Verify the fax number before sending the fax.
  7. Click send to send the fax.
  8. Contact the recipient to ensure they received the fax correctly.

How to Use Traditional Faxing

While traditional fax machines have been around for decades, most people are not fully aware of how to use these older devices because they typically only appear in use in a few industries, such as healthcare. Therefore, making sure to do each of the following steps will ensure that anyone can send a fax securely with a phone-connected machine:

  1. Fill out a HIPAA-compliant cover sheet and place it on the front of the stack of the fax.
  2. Turn on the confirmation page setting for the fax machine if it is not already on.
  3. Place the pages on the fax machine face up or face down depending on the image on the paper feed tray.
  4. Type in the number to send the fax to.
  5. Verify the fax number by checking the number you typed against your records or phoning the recipient.
  6. Hit send to send the fax.
  7. Call the recipient to verify receipt of the fax.

The Importance of a Coversheet WhenSending a HIPPA Compliant Fax

Cover sheets are essential whether sending an online or traditional fax. These sheets serve as a means of protecting the information in the fax from someone who might accidentally see a page sitting on the fax machine. However, the cover sheet itself cannot include any PHI while also including information to indicate the confidentiality of the fax.

When creating your cover sheet for faxing sensitive information, include words on the cover sheet such as “confidential” and “important.” These words reinforce the importance of getting the fax to the intended recipient.

Next, include fax coversheet information such as your name and fax number, the recipient's name, the subject (without being medically specific), and the total number of pages with the coversheet. You can find out more about cover sheets and get a template online here.

In summary, a HIPAA compliant fax coversheet should have the following information:

  • Notice of “confidential” and “important” information in the fax
  • Number of pages, including the cover sheet
  • Your name and fax number
  • Recipient’s name
  • The subject of the fax (without revealing PHI)

Even if you are not certain if the data sent requires a HIPAA-compliant coversheet, err on the side of caution and use one to avoid issues in the future.

How to Choose a Cloud Fax Provider to Send HIPAA-Compliant Faxes

If you prefer to use an online fax provider, you should not pick one at random for sending PHI. Look for the following security features in cloud fax provider:

  • Business Associate Agreement
  • Multifactor authentication login and user protections
  • Secure connections
  • File encryptions

To ensure HIPAA compliance, you will need a cloud fax service that will sign Business Associate Agreement (BAA) to ensure proper handling of all information to prevent access by unauthorized parties. This agreement is a requirement perHITECH and must be a feature of any online fax service you choose.

Secondly, you must look at the type of security the fax provider offers. Security features should only allow authorized people to send and receive faxes or readother faxes stored in the cloud. These include a variety of encryption methods and login processes to protect the online fax service and information sent with it.

Two-factor authentication, which verifies the identity of someone logging in, and automated timeouts protect data on a computer from accidental access by an unauthorized person in the office. Additionally, automatically created audit trails keep tabs on who logs in, what they do, and which documents they access.This information is vital to creating access reports upon request for patients or audit trails for HIPAA investigations.

To protect the data, sent, the cloud fax provider should only use secure HTTPS connections for its web presence and access from fax API. The cloud infrastructure must also be secure with physical security for the servers the company uses. Files need encryption at rest and in transit. Look for TLS 1.2transit encryption and AES 256-bit encryption in the cloud fax service.

By insisting on a high level of security from a cloud fax provider, the chances of HIPAA violations originating within the fax service decrease. However, even with the most secure system, it can only send faxes securely if used correctly.

Security Tips for Safer DataTransmission When Faxing  

The ultimate responsibility for sending HIPAA-compliant faxes lies with the sender. Therefore, you need to use several precautions when transmitting PHI online or via traditional fax.

  • Coversheet
  • Verify security measures
  • Track faxes with an audit trail
  • Properly use the computer or machine when faxing
  • Use strong passwords for cloud faxes
  • Choose a HIPAA compliant cloud fax service

Always use a cover sheet for both telephone-based and online faxing. This cover sheet prevents someone from accidentally seeing PHI from the fax just by walking by the machine.

Confirm the fax number before sending. Check the entered number after inputting it into your traditional fax machine or online service. Doing so can minimize the chances of a HIPAA violation caused by sending the fax to another recipient.

When choosing an online service, verify the security measures of your fax provider and that of the receiver. Most medical facilities should use HIPAA-compliant fax software. If you are not certain, contact them directly to verify. If they have a traditional fax machine, ask if the machine is in a secure area, only accessible by authorized personnel. The machine should not be located in a publicly accessible area.  

Track all incoming and outgoing faxes with an audit trail. Traditional machines print out receipts after each fax. Keep a record of these for HIPAA compliance. Ifyou use a cloud system, always have the audit trail creation option operating and maintaining your records for at least the past six years.

When using a computer with cloud faxing, do not do so from an unsecured or openWi-Fi network. For instance, never log into a fax service provider’s website from a coffee shop or public network. Always use a network with a secure password to enhance the security of faxes.

Never leave the computer from the time you log into a cloud fax service until you log out. While automatic time-outs offer extra security, don’t rely on this to protect information on the screen from others. For traditional fax machines, locate the machine inside a locked room that only authorized individuals have keys to.

Select a strong password for your online fax account that you do not use for any other login. Choosing a strong password is one that has at least eight characters, uses both upper and lower case letters, and includes symbols, and numbers. The specifics of the password requirements may vary depending on the fax service. Stronger, longer passwords are always better than weak, shorter codes.

Lastly, carefully choose a HIPAA-compliant online fax provider that optimizes document security. Documents should have encryption during transit to the cloud, while stored in the cloud, and on the way to the recipient.

Failing to

Verifying HIPAA compliance for every fax sent will prevent severe consequences of fines from mishandling PHI. Whether faxing with a traditional machine or an electronic fax machine, always make sure to follow general security guidelines of using a HIPAA coversheet, verifying the fax number, and maintaining an audit trail.

If you choose to use mFax for your HIPAA-compliant cloud fax for sending medical health records, feel free to contact our support team at any time you need help. Or, if you want to find out more about cloud faxing for sending sensitive information, talk to one of our experts to find the right faxing solution for your needs.

Table of Contents
Schedule your mFax Demo
User-Friendly Interface
Full-Featured Cloud Fax API
Reliable White-Label Fax Solution
Secure and Encrypted
Schedule Your mFax Demo

Recent posts

Eight Reasons Why Healthcare Organizations Are Retiring Their Fax Servers

mFax by Documo
mFax by Documo

Top 5 Features to Look for in the Best Online Fax Service

6 mins
July 3, 2024
mFax by Documo
mFax by Documo

The Ultimate Guide to Implementing a Secure Cloud Fax API

10 mins
June 26, 2024
mFax by Documo
mFax by Documo

mFax Security Measures and HIPAA Compliance

6 Mins
July 7, 2022
mFax by Documo
mFax by Documo

Things You Should Consider Before Signing a Contract

5 Mins
July 7, 2022
mFax by Documo
mFax by Documo

How to Securely Fax Medical Records to Maintain HIPAA Compliance

5 MIns
July 7, 2022
mFax by Documo
mFax by Documo

Safe Faxing Tips and Best Practices

5 Mins
July 7, 2022
mFax by Documo
mFax by Documo

6 Ways to Fax

4 Mins
July 7, 2022
Jack Hoover
Jack Hoover

Maximizing Data Security: Secure Cloud Faxing Strategies for IT Managers

11 mins
June 21, 2024
Phil Charron
Phil Charron

Administrative Burdens: The Reason US Healthcare Is Broken

4 Mins
June 11, 2024
Tony Cox
Tony Cox

How Does Cloud Fax Increase Revenue For Agents & Resellers?

3 Mins
June 7, 2024
Steve Chong
Steve Chong

What Role Does AI Play in Managing Healthcare Information?

5 Mins
May 24, 2024
Denis Whelan
Denis Whelan

Healthcare Interoperability, more than EHR to EHR

3 mins
May 8, 2024
Shane Fitch
Shane Fitch

How Do Product Managers Integrate Cloud Fax In Healthtech?

6 mins
April 2, 2024
Steve Chong
Steve Chong

What To Look For in a Cloud Fax Solution as a Reseller

9 mins
March 26, 2024
Denis Whelan
Denis Whelan

7 Key Considerations: Ultimate Cloud Fax Buyers Guide

10 mins
April 9, 2024
Sam Dorshorst
Sam Dorshorst

Enterprise Cloud Fax Implementation Pitfalls

9 mins
March 19, 2024
Matt Overlund
Matt Overlund

How OCR Fax Software Saves Healthcare Critical Time & Money

7 min
March 12, 2024
Jack Hoover
Jack Hoover

Need Reliable Faxing? Discover Effortless Online Solutions

8 min read
December 19, 2023
Jack Hoover
Jack Hoover

Faxing Made Easy: Send & Receive Faxes on iPhone with mFax

11 min read
November 29, 2023
Jack Hoover
Jack Hoover

Top Tips for Sending and Receiving Faxes via Email

5 min read
November 17, 2023
mFax by Documo
mFax by Documo

Fax Plus vs. mFax - A Comprehensive Comparison

5 min read
November 2, 2023
mFax by Documo
mFax by Documo

WestFax vs. mFax - A Comprehensive Comparison

November 2, 2023
mFax by Documo
mFax by Documo

OpenText vs. mFax - A Comprehensive Comparison

November 2, 2023
mFax by Documo
mFax by Documo

Concord vs. mFax - A Comprehensive Comparison

November 2, 2023
mFax by Documo
mFax by Documo

mFax vs. Retarus - A Detailed Comparison

5 min read
November 2, 2023
mFax by Documo
mFax by Documo

mFax vs. RingCentral - A Detailed Comparison

5 min read
November 2, 2023
mFax by Documo
mFax by Documo

mFax vs. Biscom - A Detailed Comparison

5 min read
November 2, 2023
mFax by Documo
mFax by Documo

mFax Versus iFax - A Detailed Comparison

November 2, 2023
mFax by Documo
mFax by Documo

mFax vs. eFax - A Detailed Comparison

5 min read
November 2, 2023
mFax by Documo
mFax by Documo

How can you securely fax HIPAA compliant in 2024? With mFax.

6
October 18, 2023
mFax by Documo
mFax by Documo

Free Fax Cover Sheet Templates

5
October 30, 2023
mFax by Documo
mFax by Documo

Top 10 eFax Best Alternatives | 2023

3 minutes
October 25, 2023
Brynna Carman
Brynna Carman

Part 2: ViVE 2023 Innovators

March 8, 2023
Brittany Woo
Brittany Woo

50 Must See HealthTech Innovators @ ViVE

March 8, 2023
mFax by Documo
mFax by Documo

Health Tech Innovator Profile: Phreesia

February 6, 2023
mFax by Documo
mFax by Documo

Comparably's Top Companies with Inclusive Cultures for Women

January 17, 2023
mFax by Documo
mFax by Documo

SOC 2 Compliance is Just Table Stakes for Vendor Evaluations

January 12, 2023
mFax by Documo
mFax by Documo

Documo Selected as 2022 Comparably Award Winner

November 30, 2022
mFax by Documo
mFax by Documo

What is Faxploit and How Can We Avoid It?

6 min read
July 11, 2022
mFax by Documo
mFax by Documo

Why Does Faxing Still Exist Despite Advancing Technology?

11 min read
August 15, 2022
mFax by Documo
mFax by Documo

How to Send a Fax in 2023: A Comprehensive Guide

7 min read
September 10, 2022
mFax by Documo
mFax by Documo

Why Is Fax Still Important in Financial Industries?

11 min read
September 15, 2022
mFax by Documo
mFax by Documo

Ultimate FAQ For Online Faxing

6 min read
September 15, 2022
mFax by Documo
mFax by Documo

Online HIPAA Fax Compliance in 2024: For Regulated Companies

June 30, 2022
mFax by Documo
mFax by Documo

Why Your Business Needs A Programmable Fax API

June 30, 2022
mFax by Documo
mFax by Documo

Why These 4 Industries Still Fax In 2020

July 5, 2022
mFax by Documo
mFax by Documo

VoIP vs FoIP - How to Choose the Best Service for Your Business

June 30, 2022
mFax by Documo
mFax by Documo

Why is HIPAA-Compliant Fax Crucial for the Healthcare Industry?

June 29, 2022
mFax by Documo
mFax by Documo

Why Fax is Better Than Email

July 6, 2022
mFax by Documo
mFax by Documo
Tech talk

What Personal Information is Protected Under HIPAA?

12
June 29, 2022
mFax by Documo
mFax by Documo

Vanilla Go Paperless Cupcakes

June 30, 2022
mFax by Documo
mFax by Documo

Ultimate Guide to HIPAA Fax

July 7, 2022
mFax by Documo
mFax by Documo

T.38 and the VoIP Fax Stigma

July 5, 2022
mFax by Documo
mFax by Documo

The Matter of Fax: A look at faxing in healthcare

July 7, 2022
mFax by Documo
mFax by Documo

The Limitations (and Even Dangers) of Free Fax Services

June 29, 2022
mFax by Documo
mFax by Documo

The Future of the Cloud Fax Market

June 29, 2022
mFax by Documo
mFax by Documo

The Evolution of Fax Technology

June 29, 2022
mFax by Documo
mFax by Documo

Partner Spotlight - Skyetel

July 7, 2022
mFax by Documo
mFax by Documo

Is Cloud Faxing Secure & Safe?

June 30, 2022
mFax by Documo
mFax by Documo

Interesting Fax Facts for People to Ponder

June 29, 2022
mFax by Documo
mFax by Documo

Online Signature Analysis: What Your Signature Says About You

June 29, 2022
mFax by Documo
mFax by Documo

Is it Safe to Fax Personal Information?

June 29, 2022
mFax by Documo
mFax by Documo

How to Protect Your MFPs from Security Breaches

June 30, 2022
mFax by Documo
mFax by Documo

How to Send an International Fax the Old-Fashioned Way

June 29, 2022
mFax by Documo
mFax by Documo

HIPAA-Compliant Faxing Made Easy with Innovaccer and mFax

June 29, 2022
mFax by Documo
mFax by Documo

Industries That Are Benefiting the Most from Online Faxing

June 29, 2022
mFax by Documo
mFax by Documo

How to Get a Fax Number Without a Phone Line

June 29, 2022
mFax by Documo
mFax by Documo

How the Elections Benefit from Online Faxing

June 29, 2022
mFax by Documo
mFax by Documo

How Emailing Private Docs Can Leave You Vulnerable

June 30, 2022
mFax by Documo
mFax by Documo

How Are These 6 Healthcare Orgs Utilizing mFax for Success?

June 29, 2022
mFax by Documo
mFax by Documo

How Cloud Fax Enables Healthcare Interoperability During Coronavirus

July 5, 2022
mFax by Documo
mFax by Documo

How Healthcare IT Teams Can Deliver Interoperability In 2020

July 5, 2022
mFax by Documo
mFax by Documo

How Do Cloud Faxes Work?

June 30, 2022
mFax by Documo
mFax by Documo

Beginners' Guide to Business Automation

July 5, 2022
mFax by Documo
mFax by Documo

HIPAA Fax Cover Sheet: A Secure Guide and Free Templates

June 29, 2022
mFax by Documo
mFax by Documo

Cloud Faxing: Top 5 Questions That You’re Guaranteed to Ask

June 30, 2022
mFax by Documo
mFax by Documo

HIPAA and The Cloud

July 7, 2022
mFax by Documo
mFax by Documo

Are Physical Fax Machines Putting HIPAA Compliance at Risk?

July 7, 2022
mFax by Documo
mFax by Documo

Healthcare Technology Trends to Watch Out for

July 7, 2022
mFax by Documo
mFax by Documo

Cloud Fax or Fax Server - How to Compare Solutions

June 30, 2022
mFax by Documo
mFax by Documo

5 Reasons Why Online Faxing is Important

June 29, 2022
mFax by Documo
mFax by Documo

Are You Losing 15% of Your Faxes?

June 30, 2022
mFax by Documo
mFax by Documo

5 Ways The mFax Solution Dominates The Financial Industry

July 6, 2022
mFax by Documo
mFax by Documo

5 Best Concord Cloud Fax Alternatives

June 29, 2022
mFax by Documo
mFax by Documo

4 Simple Ways You Can Quickly Improve Patient Retention

July 5, 2022
mFax by Documo
mFax by Documo
mSign me up

Advantages and Disadvantages of Online Faxing

June 29, 2022

Get in touch with our US based team of fax experts

We'll help you assess your fax needs and determine the best solution for your business.

+1 (888) 966-4922
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.