Why HIPAA-Compliant Cover Sheets are Important

Exploring the Necessity and Best Practices for Including Cover Sheets when Transmitting HIPAA-Protected Information

HIPAA CoversheetsPrivacy and Security of an individual’s medical records and health information is more important than ever in an age of daily reports of hacked servers and data theft. HIPAA addresses these concerns; its regulations are strictly enforced and have shaped how medicine is practiced in our country.

To learn more about HIPAA compliance see our previous post on “What is HIPAA“.

Let’s talk about HIPAA fax cover pages. Do you really need to include a cover sheet? The short and only answer is YES.

When handling sensitive medical information there is no wiggle room with regard to HIPAA safeguards. There are no guidelines on what a cover sheet should contain if transmitting HIPAA-protected information however most agree that the following safeguards should be employed:

  • Verify the receiving fax number is correct. While having preset autodial eliminates a lot of accidental misdials it’s important to verify the receiving number if the receiver has poor handwriting or is in doubt.

  • The location of a fax machine that handles HIPAA-related faxes should be located in areas not easily accessible to the public or uncleared individuals. Physical security measures are as important as electronic ones.

  • If possible notify the receiving party that a document containing sensitive data is incoming so they can check their fax machine for the output. Leaving faxes in the tray can lead to data being compromised.

  • Online Faxes should also have a coversheet as many online fax numbers are set up to cc multiple parties so all the more reason to have a very specific coversheet.

  • and finally, a fax cover sheet that alerts the receiver that the information is confidential and that there are serious implications should proper safeguards not be implemented.

What Needs to be Included on a HIPAA Fax Cover Sheet?

There is no official HIPAA cover sheet but the cover sheet should contain the following information to be considered HIPAA compliant:

  • Date and Time Fax sent
  • Receiver name and fax #
  • Sender name, organization, and phone #
  • Patients Name and reference # (if applicable)
  • HIPAA Fax Disclaimer

An Example of a HIPAA Fax Disclaimer

IMPORTANT: This facsimile transmission contains confidential information, some or all of which may be protected health information as defined by the federal Health Insurance Portability & Accountability Act (HIPAA) Privacy Rule. This transmission is intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential, and/or exempt from disclosure under applicable law.

If you are not the intended recipient (or an employee or agent responsible for delivering this facsimile transmission to the intended recipient), you are hereby notified that any disclosure, dissemination, distribution, or copying of this information is strictly prohibited and may be subject to legal restriction or sanction. Please notify the sender by telephone (number listed above) to arrange the return or destruction of the information and all copies.

In summary, don’t take chances with HIPAA compliance and your faxing protected information. The fines are steep and it’s simple to adhere to basic guidelines to protect your organization.

Discover more