Having trouble viewing eFax Corporate® ? It's because the browser you are using is not supported. Please upgrade to one of the latest versions. Thank you X

HIPAA Faxing from eFax Corporate®


Secure and encrypted HIPAA compliant faxing. BAA available.

What is a HIPAA Compliant Fax Solution?

If your organization needs to transmit electronic protected health information (ePHI) by fax on a regular basis, you need to make sure those transmissions are completely secure and fully protected at all times. This is not only a matter of protecting patient privacy and your business’s reputation — it’s also the law.

Complying with the hundreds of pages of dense legal language in the Health Insurance Portability and

Accountability Act (HIPAA) can be difficult for even the most experienced IT teams. When it comes to your faxing processes, determining whether you meet all of HIPAA’s guidelines and requirements can be overwhelming. Consequently, when considering the outsourcing of your organization’s fax infrastructure to a hosted cloud fax service — you should ask at least these four key questions of any potential solution:

Do You Have a Secure Fax Solution? Does it Meet HIPAA Fax Standards?


4 Questions to Ask Any Vendor:
 
  1. Is the fax solution you offer specifically designed to be a HIPAA compliant?
  2. Do you have an on-staff Compliance Team certified as HIPAA faxing experts?
  3. What major healthcare organizations are using your HIPAA fax solution today? For how long?
  4. Will you sign a Business Associate Agreement (BAA) as our HIPAA fax provider?

6 Tips

to prevent cyber attacks against
your healthcare organization

watch the webinar:

HIPAA Faxing — What the Law Actually Says

The following are excerpts from the HIPAA Security Rule, which outlines the minimum requirements any Covered Entity (CE) or Business Associate (BA) must take to ensure the confidentiality, integrity and availability of any ePHI it handles.

The law breaks these guidelines into three categories: Administrative Safeguards, Technical Safeguards and Physical Safeguards. As you read these guidelines, consider how your organization's fax processes stand up.

Note: These excerpts reflect only a small portion of the language and requirements contained in the HIPAA Security Rule. We are including them only as examples of areas within the law that will affect how your faxing processes meet (or do not meet) HIPAA standards.

Security Management Process
164.308(a)(1)
Implement policies and procedures to prevent, detect, contain, and correct security violations.

Required or Addressable

Risk Analysis (Required)
Risk Management (Required)
Information System Activity Review (Required)

Information Access Management
164.308(a)(4)
Implement policies and procedures for authorizing access to electronic protected health information that are consistent with the applicable requirements of subpart E of this part.

Access authorization (Addressable)
Implement policies and procedures for granting access to electronic protected health information, for example through access to a workstation, transaction, program, process, or other mechanism.

Contingency Plan
164.308(a)(7)
Establish (and implement as needed) policies and procedures for responding to emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.

Disaster recovery plan (Required)
Establish (and implement as needed) procedures to restore any loss of data.
Emergency Mode Operation Plan (Required)

Business Associate Contracts and Other Arrangements
164.308(b)(1)
A covered entity, in accordance with §164.306, may permit a business associate to create, receive, maintain, or transmit electronic protected health information on the covered entity’s behalf only if the covered entity obtains satisfactory assurances, in accordance with §164.314(a) that the business associate will appropriately safeguard the information.

Written contract or other arrangement (Required). Document the satisfactory assurances required by paragraph (b)(1) of this section through a written contract or other arrangement with the business associate that meets the applicable requirements of §164.314(a).

Written contract or other arrangement (Required)

Facility Access Controls
164.310(a)(1)
Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.

Required or Addressable

Contingency Operations (Addressable)
Facility Security Plan (Addressable)
Access Control and Validation Procedures (Addressable)
Maintenance Records (Addressable)

Device and Media Controls
164.310(d)
Implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain electronic protected health information into and out of a facility, and the movement of these items within the facility.

Disposal (Required)
Media Re-use (Required)
Accountability (Required)
Data Backup and Storage (Addressable)

Access Control
164.312(a)(1)
Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in §164.308(a)(4).

Required or Addressable

Unique User Identification (Required)
Emergency Access Procedure (Required)
Automatic Logoff (Addressable)
Encryption and Decryption (Addressable)

Audit Controls
164.312(b)
Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.

Mechanism to Authenticate Electronic Protected Health Information (Addressable)

Transmission Security
164.312(e)(1)
Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.

(i) Integrity controls (Addressable). Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of.
(ii) Encryption (Addressable). Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.

Integrity Controls (Addressable)
Encryption (Addressable)

Our Secure Fax Solution Helps
You Meet HIPAA Standards

For true HIPAA compliant faxing, you can trust eFax Corporate®.

With eFax Corporate deployed across your organization, your staff can securely fax by email from any Internet connected device including desktops, laptops, tablets or smartphones. Our secure fax solution transmits your ePHI and other important fax documents by email using the most advanced encryption over an IP network to your recipient's fax number.

Our secure fax service also stores your faxes digitally on our secure cloud using sophisticated 256-bit AES encryption and advanced security measures at our telco-grade colocations. Outsourcing your fax process to us lets your team eliminate the fax machines, fax servers and other fax infrastructure that can leave your organization vulnerable to non-compliance with HIPAA. Learn more on sending HIPAA Faxes Today!

eFax Corporate HIPAA Certified Seal
Secure Fax for Healthcare
Secure HIPAA Faxing
  • HIPAA Compliant fax solution
  • We will sign a BAA as your HIPAA fax partner
  • Strongest encryption available for your faxes in transit
  • Strongest encryption available for your faxes at rest (256-bit)
  • Eliminate your in-house fax hardware — and outsource to a proven HIPAA fax partner
Secure HIPAA Fax
  • HIPAA Requires
    eFax Corporate Delivers
  • Access Control: Requires covered entities to “Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in 164.308(a)(4) [Information Access Management].”

    The eFax Corporate cloud fax solution includes unique user identification, administrator privileges to grant and remove access, next generation (256-bit AES) encryption and other protocols to limit access to your organization’s authorized personnel only. Inbound documents may be sent to only the intended recipient’s email, limiting exposure and disclosure risks associated with faxing to a physical fax machine.

  • Transmission Security: The Transmission Security Standard, 45 CFR 164.312(e)(1) requires that a covered entity “Implement technical security measures
to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.”

    eFax Corporate implements the highly secure Transport Security Layer (TLS) protocol approved and recommended by the National Institute for Standards and Technology (NIST) for document transmissions to ensure that your ePHI (and other business faxes) are never vulnerable at any point in transmission.

  • Data Encryption: Where implementation is a reasonable and appropriate safeguard for the
 covered entity, the covered entity must: “Implement a mechanism to encrypt and decrypt electronic protected health information.” 45 CFR § 164.312(a)(2)(iv).

    eFax Corporate® keeps
 your faxes encrypted at all times — both in transit and at rest. Storage of documents uses the NIST-recommended AES 256-bit encryption and robust in-transit TLS encryption. All data is secured and stored at our geographically redundant, Tier III and Tier IV colocations, which themselves are protected by multiple security layers 24/7/365.

  • Audit Control: “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.” 45 CFR § 164.312(b).

    eFax Corporate® employs multiple levels of audit control — from secure and automatic archiving of all faxes sent or received through eFax Corporate® for the life of your organization’s account, to transmission tracking with unique patient identifiers.

"Phase 2" HIPAA Audits

Are your fax processes in full compliance with HIPAA's strict guidelines? Do they create unnecessary risks for disclosure of Protected Health Information (PHI) to unauthorized recipients or employees?

Read our new whitepaper that address the 5 assumptions that covered entities make about their regulatory compliance — which are often incorrect — and find out how to correct them.

Download the White Paper

Get Your Custom Quote

Speak with a representative now: (844) 403-1886