Hipaa Fax

HIPAA Faxing from eFax Corporate®

Secure and encrypted HIPAA compliant faxing. BAA available.

Speak with a representative now: (844) 344-7099

What is a HIPAA Compliant Fax Solution?

Accountability Act (HIPAA) can be difficult for even the most experienced IT teams. When it comes to your faxing processes, determining whether you meet all of HIPAA’s guidelines and requirements can be overwhelming. Consequently, when considering the outsourcing of your organization’s fax infrastructure to a hosted cloud fax service — you should ask at least these four key questions of any potential solution:

Do You Have a Secure Fax Solution? Does it Meet HIPAA Fax Standards?

4 Questions to Ask Any Vendor:

  1. Is the fax solution you offer specifically designed to be a HIPAA compliant?
  2. Do you have an on-staff Compliance Team certified as HIPAA faxing experts?
  3. What major healthcare organizations are using your HIPAA fax solution today? For how long?
  4. Will you sign a Business Associate Agreement (BAA) as our HIPAA fax provider?

6 Tips

to prevent cyber attacks against
your healthcare organization


HIPAA Faxing — What the Law Actually Says

The following are excerpts from the HIPAA Security Rule, which outlines the minimum requirements any Covered Entity (CE) or Business Associate (BA) must take to ensure the confidentiality, integrity and availability of any ePHI it handles.
The law breaks these guidelines into three categories: Administrative Safeguards, Technical Safeguards and Physical Safeguards. As you read these guidelines, consider how your organization’s fax processes stand up.
Note: These excerpts reflect only a small portion of the language and requirements contained in the HIPAA Security Rule. We are including them only as examples of areas within the law that will affect how your faxing processes meet (or do not meet) HIPAA standards.

Our Secure Fax Solution Helps
You Meet HIPAA Standards


HIPAA Requires

eFax Corporate Delivers

Access Control: Requires covered entities to “Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in 164.308(a)(4) [Information Access Management].” The eFax Corporate cloud fax solution includes unique user identification, administrator privileges to grant and remove access, next generation (256-bit AES) encryption and other protocols to limit access to your organization’s authorized personnel only. Inbound documents may be sent to only the intended recipient’s email, limiting exposure and disclosure risks associated with faxing to a physical fax machine.
Transmission Security: The Transmission Security Standard, 45 CFR 164.312(e)(1) requires that a covered entity “Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.” eFax Corporate implements the highly secure Transport Security Layer (TLS) protocol approved and recommended by the National Institute for Standards and Technology (NIST) for document transmissions to ensure that your ePHI (and other business faxes) are never vulnerable at any point in transmission.
Data Encryption: Where implementation is a reasonable and appropriate safeguard for the covered entity, the covered entity must: “Implement a mechanism to encrypt and decrypt electronic protected health information.” 45 CFR § 164.312(a)(2)(iv). eFax Corporate® keeps your faxes encrypted at all times — both in transit and at rest. Storage of documents uses the NIST-recommended AES 256-bit encryption and robust in-transit TLS encryption. All data is secured and stored at our geographically redundant, Tier III and Tier IV colocations, which themselves are protected by multiple security layers 24/7/365.
Audit Control: “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.” 45 CFR § 164.312(b). eFax Corporate® employs multiple levels of audit control — from secure and automatic archiving of all faxes sent or received through eFax Corporate® for the life of your organization’s account, to transmission tracking with unique patient identifiers.

"Phase 2" HIPAA Audits

Speak with a representative now: (844) 344-7099