2023 HIPAA Rule Changes. Are You Compliant?

The article outlines the 2023 HIPAA changes and the importance of secure fax technology in maintaining compliance and protecting patient data.


2023 HIPAA Rule ChangesAs we approach 2023, significant changes to the Health Insurance Portability and Accountability Act (HIPAA) regulations are on the horizon. These changes aim to strengthen patient privacy and improve the handling of sensitive health information, including substance use disorder (SUD) records. In this blog post, we will explore the forthcoming HIPAA rule updates and provide guidance on maintaining compliance in the ever-evolving healthcare landscape.

The Importance of Fax in Maintaining HIPAA Compliance:

Fax technology continues to play a vital role in the secure exchange of protected health information (PHI) while preserving patient privacy. Despite advancements in digital communication, fax remains a reliable and HIPAA-compliant method of transmitting sensitive data. Its inherent security features make it a preferred choice for covered entities to communicate with healthcare providers, insurance companies, and trusted third parties involved in patient care.

Understanding HIPAA Compliance:

HIPAA, enacted in 1996, establishes regulations to protect patient privacy and safeguard health information. The Privacy Rule, a key component of HIPAA, sets requirements for covered entities to ensure the security of PHI, including electronic PHI (ePHI). Failure to comply with HIPAA regulations can lead to penalties and reputational damage.

Changes in HIPAA Regulations:

The 2013 HIPAA Omnibus Final Rule expanded HIPAA's scope by introducing provisions for business associates, enhancing patient rights, increasing penalties for noncompliance, modifying breach notification rules, and incorporating elements of the Genetic Information Nondiscrimination Act (GINA). Additionally, the Confidentiality of Substance Use Disorder Patient Records (42 CFR Part 2) addressed the need for stricter protection of SUD and mental health treatment records.

Protecting SUD Records:

The Legacy Act (Overdose Prevention and Patient Safety Act) brought significant changes to the handling of SUD patients' health records, aligning SUD confidentiality regulations with HIPAA. This enables better coordination of care while reinforcing privacy protections. Covered entities must comply with HIPAA's Notice of Privacy Practices when handling SUD-related information.

Staying Compliant in 2023:

As the HIPAA Privacy Rule undergoes changes in 2023, it is crucial for covered entities to stay informed and adapt their practices accordingly. Regularly review and update internal procedures, provide ongoing employee training, and maintain a secure infrastructure for transmitting and storing PHI.

Key Considerations for HIPAA Fax Compliance:

  1. Secure Faxing: Utilize HIPAA-compliant cloud-based fax services that offer advanced encryption for data in transit and at rest. Ensure that fax machines and multifunction printers (MFPs) are located in secure areas with controlled access.
  2. Business Associate Agreements (BAAs): Engage only with fax service providers willing to sign BAAs, acknowledging their responsibility for safeguarding PHI and ensuring compliance.
  3. Ongoing Employee Training: Conduct regular training sessions to educate employees on proper handling of PHI and compliance with HIPAA regulations. Emphasize the importance of secure communication channels and the prevention of unauthorized access to patient information.
  4. Updated Notice of Privacy Practices: Revise and update your HIPAA Notice of Privacy Practices to reflect changes in HIPAA regulations, including the handling of SUD-related information, patient rights, and breach notification requirements.
Consult legal or compliance professionals to ensure full compliance with the evolving HIPAA regulations and Part 2 requirements.


As the healthcare landscape continues to evolve, staying compliant with HIPAA regulations is of paramount importance. The forthcoming changes to HIPAA in 2023, including updates related to SUD records, require covered entities to remain vigilant and adapt their practices to ensure patient privacy and data security. By leveraging WestFax's secure faxing solutions healthcare organizations can navigate the evolving regulatory landscape while safeguarding patient information.

Discover more