HIPAA violations and Fax.
How to ensure you are compliant.


It doesn’t need to be said, but HIPAA compliance is serious business. Entire industries have been built around making sure medical facilities, doctors offices and insurers are complying with all the privacy and data protection laws and guidelines. Here are some straightforward tips for keeping your faxing on the right side of the law. HIPAA Violations are no joke.

1. Don’t allow incoming faxes sit on publicly available fax machines or within visual range of unallowed 3rd parties.
If one is receiving faxed protected documents ensure that your machine is in a private non-public location. When sending a protected fax, call the receiver to ensure that their fax machine is in a private or protected location. If the fax machine is physically located on a desk ensure that patients and clients walking by cannot see the contents of faxes being received.

2. While you’re at it, dump your manual fax machine and use a HIPAA compliant cloud fax service.
Immediately this will save you money, make it easier to manage sending and receiving faxes, and offers the added security of encryption technology when sending and storing faxes. Make sure your cloud fax service encrypts all your documents and is setup for HIPAA fax. WestFax offers HIPAA compliant cloud fax.

3. Always use cover pages.
HIPAA requirements dictate that one uses a cover sheet with the approved HIPAA statement when transmitting PHI. Be sure to use a Confidentiality Statement on your fax cover sheets when sending patient information. This is an example of a Confidentiality Statement:

The documents accompanying this facsimile transmittal are intended only for the use of the individual or entity to which it is addressed. It may contain information that is privileged, confidential and exempt from disclosure under law. If the reader of this message is not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you are not the intended recipient, you are hereby notified that law strictly prohibits any disclosure, copying, distribution or action taken in reliance on the contents of these documents. If you have received this fax in error, please notify the sender immediately to arrange for return of these documents.

In order to be HIPAA compliant, your fax cover sheet should also include the following items:

  • Date and time sent
  • Recipient’s name
  • Recipient’s fax number
  • Sender’s name and organization
  • Sender’s phone number
  • HIPAA fax disclaimer

4. Maintain an audit trail.
If you don’t have an accurate audit trail of every activity that occurred with each patient document, then you are susceptible to fines associated with non-compliance.

HIPAA is not optional and until all IT assets and architectures are re-engineered to be intrinsically HIPAA compliant everyone must be vigilant and attentive to PHI handing requirements and best practices.