Untitled Created with Sketch.

HIPAA compliant fax

Secure HIPAA fax for healthcare organizations.

mFax for HIPAA compliant online fax

While wading through regulations can be confusing, choosing top-rated mFax is not. A HIPAA compliant cloud fax service like mFax is authorized to transmit and store sensitive data including PHI and ePHI.

Our HIPAA secure fax service is a top rated product for sending and receiving faxes from a computer. Since your practice does not need to print out papers, you do not need to worry about storing physical files or destroying them properly after faxing to ensure security compliance.

With mFax, we provide several methods to ensure the security of the data that goes through our system. Our HIPAA compliant features include the following:

Encrypted document exchange

Fax protocol has inherent security features that make it an attractive means to transmit documents. We add to this by utilizing encryption technology whenever documents are transported to/from our network.

At rest encryption

All sensitive data is encrypted at rest. This means it cannot be accessed in any usable form outside of our secure web portal.

Secure socket layer protocol

Our web interface and API access is accessible only through secure HTTPS connections.

Audit trails

All document transmissions and log on/log off events are logged and recorded along with associated IP addresses.

User authentication

All system access points require user authentication to access any secure data. We also implement auto-logoff features for additional protection. The system includes advanced administrative controls with customizable user permissions and roles.

Data center security

All web servers, application servers, and databases are housed in state-of-the-art SSAE16 Type II secured facilities with redundant hardware, power, and internet connectivity.

The info above is just a glimpse into how we secure data.
For more information on system, application, and operational security measures
please visit our security page to learn more.

What are HIPAA fax rules?

The Health Insurance Portability and Accountability Act (HIPAA) governs the privacy of health information and the penalties for entities that fail to keep patient information secure.

Under HIPAA, practitioners must look at the three rules of the act that govern privacy and security. These are as follows:

  • Privacy Rule: Ensures privacy by keeping information that could identify a patient protected.
  • Security Rule: This rule governs how practitioners keep electronic health records secure.
  • Breach Notification Rule: If a security or data breach occurs, this rule governs who an entity notifies and how.

Meeting HIPAA fax requirements

HIPAA compliant online fax services ensure files are transmitted in compliance with the security rule. Also, covered entities must assess security risks regularly, take reasonable steps to prevent breaches, document record-keeping methodology, and audit systems to ensure information security.

Additionally, there must be physical safeguards to prevent unauthorized access to computers, software, or documents that might contain private health information (PHI).

HIPAA fax policy

While the law does not specifically mention HIPAA fax, instead taking a technology-neutral approach, organizations must adhere to requirements aimed at keeping patient information secure.

When it comes to a HIPAA fax service, the following necessary requirements must be met:

Correct recipient

Steps must be taken to ensure faxes are sent to the correct recipient and no unnecessary errors are made

HIPAA compliant fax cover sheet

A cover sheet is required to indicate the confidential nature of the information included

Audit trail

There must be a tracking method for where faxes go in case of a data breach or audit

Frequently asked questions

If you have questions about mFax's user-friendly cloud fax service and its easy setup process, we have the answers you need here.

  • Is HIPAA faxing safe for highly sensitive documents?

    HIPAA compliant fax services cater specifically to the protected health information of patients. Because patient information is already highly sensitive, HIPAA compliant faxing also works well with other delicate information in other sectors. For instance, those in legal practices or financial services can use HIPAA compliant cloud fax services to relay the secure documents they frequently fax.

  • How does HIPAA faxing relate to security?

    You can use the guidelines for HIPAA compliance as a security standard for your business. Whether in healthcare, finance, or any other field, using a secure faxing method that encrypts data and creates audit trails for following possible breaches is a good idea. Even credit card information that a small business may need to fax is still sensitive enough to warrant the extra security offered by mFax's encryption. HIPAA compliance shows a high level of traceability, security, and privacy for any documents sent.

  • What Is the HIPAA disclaimer cover sheet I must send?

    When it comes to sending faxes, you must include a cover sheet, whether you send physical or digital fax. This cover sheet adds an extra layer of protection for the patient's information.

    The information included on the sheet should convey that the fax includes sensitive information. Using the words "confidential" and "important" on the sheet helps to ensure that it gets attention. Do not put any information that could identify the patient on the cover sheet. However, you should include your office's contact number and a request to call immediately if the wrong person received the fax. These additions help to ensure that you had the correct fax number on file.

    Don't forget to include standard fax cover sheet information such as the name and number of both the sender and recipient, the subject, and the number of pages.

  • Do I need a HIPAA-compliant fax machine?

    The Office of Civil Rights (OCR) does not officially endorse any specific technology. However, by choosing a fax service provider that will offer the information security levels required by HIPAA, you can send faxes while remaining compliant. You do not need a specific fax machine or special equipment to use mFax.

  • Can I use a HIPAA fax API?

    Yes, you can use application programming interfaces to integrate cloud fax into your system. However, you must choose carefully the app that you use because as a covered entity under HIPAA, if the app causes a data breach, you will hold liability. Choosing mFax's API to embrace the security of cloud faxing while maintaining the same features that make mFax HIPAA compliant lets you use this app for your healthcare business.

  • What types of healthcare entities use HIPAA compliant fax?

    Any healthcare facility that currently uses traditional faxing can use HIPAA compliant cloud fax services, such as the following:

    1. Hospitals
    2. Clinics
    3. Physicians' offices
    4. Medical testing centers

  • Does mFax have a HIPAA compliant fax app?

    Although we don’t yet offer any native applications for iOS or Android, our HIPAA compliant fax service can be accessed via our web portal on any internet-enabled device.

  • Does mFax offer HIPAA compliant fax to email?

    Yes. Our fax to email service is included with all our plans and can be used to enable email notifications for both incoming and outgoing faxes. However, given the unsecured nature of many email services, we do not recommend attaching faxes containing private information to emails directly. Instead, those files can be included in a link within the email and then accessed via our secure portal.