If you believe the legacy fax machine has been replaced with the EHR and electronic forms of communication, think again: 70% of health-care organizations still use paper faxes, according to the Office of the National Coordinator for Health Information Technology. But there are much safer and more efficient ways to communicate than via the physical fax machine.

Although HIPAA regulations tend to favor faxing over email for transmitting PHI, it’s inaccurate to believe that faxes are HIPAA compliant. HIPAA guidelines require a tight chain of custody at all times, a standard that paper faxes have difficulty meeting, particularly when most fax machines in most office settings are in plain view where unauthorized personnel and the public are always around.

Legacy fax environments were created with little or no security precautions in mind. For example, a standard fax transmission over the phone network is not encrypted. An employee making just one mistake keying in a number can send protected health information (PHI) to the wrong recipient—a HIPAA violation. Failure to include a cover sheet can leave patient information exposed on the recipient’s machine. An incoming fax left on a machine in an open area can be picked up by any employee with office access, including those who are not authorized to view PHI.

Data Breaches Cause Catastrophic Hardships for Healthcare Providers

A New York-based hospital was fined $387,000 in 2015 for faxing PHI to the wrong recipient in just two instances. In levying the heavy fine, the Office for Civil Rights, which administers the federal healthcare breach report, pointed to the egregious nature of the disclosures because the hospital cares for patients dealing with AIDS, HIV and chronic conditions. Protected health information PHI was sent to an office where a patient volunteered and to a second patient’s employer with the latter resulting in a lawsuit.

Regardless of the reason, experiencing a data breach can create a catastrophic hardship for a healthcare provider—both in terms of real costs and a loss in brand value and patient trust. It’s well-known that healthcare has the highest industry average per-record costs for a data breach with the average total cost for a breach now tops $10 million.

Digital Cloud Fax Technology is the Way Forward

Faxes aren’t going away anytime soon, but the physical fax machine’s days are numbered—or should be. Digital cloud fax technology (DCFT) combines the convenience of faxing with the security protocols that HIPAA regulations and common sense demand.

A fully HIPAA-compliant, cloud-based, fax-by-email solution will encrypt transmissions in transit and while at rest. Rather than faxes arriving at a physical machine, faxes arrive directly in the inbox of the intended recipient, where they wait for the recipient to log in and view them.

Such a solution allows administrators to view and manage fax usage through a web-based administrative portal. HIPAA compliance is maintained through the secure transmission of messages, combined with full audit trails of all faxes sent and received.

eFax Corporate: The Gold Standard

When it comes to faxing critical documents, eFax Corporate has reigned as the gold standard in digital cloud fax technology (DCFT) for more than 20 years and is the first major cloud fax provider to achieve HITRUST CSF® certification – reflecting the highest level of commitment to security and compliance in an organization.

With eFax Corporate, organizations can send faxes online by email with highly advanced TLS 1.2 encryption, the SSL replacement. This ensures fax documents are protected in transit from their point of origin to the recipient’s fax. When a fax is sent to one an employee, eFax Secure will send that employee an email with a URL to a secure website. The employee then simply clicks the URL (opening a TLS connection) and enters their eFax Corporate account information to download the fax from a secure HTTPS portal with encrypted storage (AES-256). It’s both safe and simple!

With our solution, sensitive data is protected by physical datacenter security and the highest encryption standards. All systems processing data are maintained in secure production ques, and multi-factor authentication is required for system entry. No customer fax data is shared with any third parties outside of our audit functions. No more faxes with sensitive information sent to the wrong number or patient records left sitting on an office fax machine!


Often overlooked while securing PHI is the fax machine, a continued weak spot since it remains a communications workhorse for the healthcare industry. eFax Corporate, a digital cloud faxing solution for the enterprise that is both HIPAA compliant and HITRUST CSF® Certified, can eliminate the physical fax machine and its inherent dangers, transmitting patient data using sophisticated encryption that protects this critical information.

In part five of this exclusive blog series, we’ll explore how eFax Corporate helps healthcare, financial services, and other heavily regulated industries meet and maintain compliance!

For more information on our digital cloud fax solution, please visit www.enterprise.efax.com.