HIPAA Compliant Fax FAQ

If you can’t find an answer to your question please contact us.

  • Q: What is HIPAA?
    A: HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security rules for safeguarding medical information.
  • Q: What is a BAA?
    A: A “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. A member of the covered entity’s workforce is not a business associate. A covered health care provider, health plan, or health care clearinghouse can be a business associate of another covered entity. ( learn more about BAA on the HHS site)
  • Q: Many digital fax platforms won’t sign a BAA. Will WestFax sign a BAA?
    A: Yes. WestFax will sign a Business Associate Agreement. Contact us to discuss your requirements. Our BAA agreement satisfies the Health and Human Services (HSS) standards for Health Information Privacy (HIP). (
  • Q: What is a HIPAA Compliant Fax?
    A: A “HIPAA Compliant Fax” is not some new fax format. Sending a fax in a HIPAA compliant way requires that a fax have an appropriate cover sheet, that the receiver's number is the verified and the cover sheet has a standard HIPAA Disclaimer that is pretty standard. There are rules around audit trails and secure storage of the digital faxes as well.
  • Q: We use an ERM, Can you integrate Fax into our workflow?
    A: Yes, We can integrate into any ERM. It starts with something as simple as Print to Fax driver and we can also perform custom integration into your ERM using our HIPAA Compliant Secure Fax API. Please contact us for more information.
  • Q: Do you have an API we can integrate with?
    A: Yes, We offer a robust HIPAA Compliant Secure Fax API. Go here to learn more about our API and sign up here.
  • Q: Can I get Customer Service help if I need it?
    A: Yes. Our in-house account managers are experienced professionals with years of service to the company. There is virtually no request they can’t handle. Our turnaround time for large custom merge orders is unmatched in the industry.
  • Q: Do I need to buy any software or hardware?
    A: No. You only need Internet access or email capability.
  • Q: What kind of security do you have at your Datacenter?
    A: Our highly secure Tier III data centers maintain SSAE16 SOC 2 Certifications to provide physical control of your ePHI data. The facility utilizes fingerprint scanning and video surveillance. Redundant and fault-tolerant power and HVAC systems ensuring system performance and availability. Redundant internet connections and carrier-class firewalling and security. Comprehensive compliance support that includes FISMA High / NIST 800-53, HIPAA, PCI-DSS Level 1, SOC 2 Type II, and SOC 3.
  • Q: How secure is your HIPAA Compliant Fax Service?
    A: We utilize the highest level of TLS encryption available for data in transit either through our secure website or secure API interfaces. We also use AES 256 bit encryption of ePHI data to guarantee privacy and prevent disclosure from intrusion. We support TLS protected SMTP email with optional REQUIRE TLS extension in accordance with the IETF RFC 3207. FTPS and SFTP with TLS for safe and secure transport of documents to and from your existing servers. Comprehensive HTTPS API allows for easy and flexible integration of systems.
  • Q: What are your acceptable document formats?
    A: Word, PDF, Tiff, Excel, Publisher and Powerpoint.
  • Q: What are your acceptable list formats?
    A: Delimited text files including CSV, and Tab Delimited. We also accept and DBF database formats.
  • Q: How do I sign up?
    A: Contact a WestFax Sales Representative at 1-800-473-6208 or use our Getting Started form.