HIPAA Compliance

Why HIPAA-Compliant Cover Sheets are Important

Exploring the Necessity and Best Practices for Including Cover Sheets when Transmitting HIPAA-Protected Information

A HIPAA-compliant fax cover sheet is important because it’s often the only safeguard between a misdialed fax number and a serious HIPAA violation. Every fax cover sheet sent with protected health information (PHI) should confirm the intended recipient, warn anyone else who receives it that the contents are confidential, and spell out what to do if the fax was sent in error.

There is no single official HIPAA cover sheet, and the HIPAA Privacy Rule doesn’t list exact wording — but healthcare organizations widely agree a compliant cover sheet should verify the receiving number, keep the fax machine in a restricted area, alert the receiving party that a sensitive document is on its way, and carry a confidentiality disclaimer with legal language. Skipping any of these steps raises the odds that protected health information reaches the wrong person, which can trigger steep HIPAA penalties.

To learn more about HIPAA compliance see our previous post on “What is HIPAA“.

Keep these safeguards in mind any time protected health information is going out by fax:

  • Verify the receiving fax number is correct. While having preset autodial eliminates a lot of accidental misdials it’s important to verify the receiving number if the receiver has poor handwriting or is in doubt.

  • The location of a fax machine that handles HIPAA-related faxes should be located in areas not easily accessible to the public or uncleared individuals. Physical security measures are as important as electronic ones.

  • If possible notify the receiving party that a document containing sensitive data is incoming so they can check their fax machine for the output. Leaving faxes in the tray can lead to data being compromised.

  • Online Faxes should also have a coversheet as many online fax numbers are set up to cc multiple parties so all the more reason to have a very specific coversheet.

  • and finally, a fax cover sheet that alerts the receiver that the information is confidential and that there are serious implications should proper safeguards not be implemented.

What Needs to be Included on a HIPAA Fax Cover Sheet?

There is no official HIPAA cover sheet but the cover sheet should contain the following information to be considered HIPAA compliant:

  • Date and Time Fax sent
  • Receiver name and fax #
  • Sender name, organization, and phone #
  • Patients Name and reference # (if applicable)
  • HIPAA Fax Disclaimer

An Example of a HIPAA Fax Disclaimer

IMPORTANT: This facsimile transmission contains confidential information, some or all of which may be protected health information as defined by the federal Health Insurance Portability & Accountability Act (HIPAA) Privacy Rule. This transmission is intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential, and/or exempt from disclosure under applicable law.

If you are not the intended recipient (or an employee or agent responsible for delivering this facsimile transmission to the intended recipient), you are hereby notified that any disclosure, dissemination, distribution, or copying of this information is strictly prohibited and may be subject to legal restriction or sanction. Please notify the sender by telephone (number listed above) to arrange the return or destruction of the information and all copies.

In summary, don’t take chances with HIPAA compliance and your faxing protected information. The fines are steep and it’s simple to adhere to basic guidelines to protect your organization.