20 time-saving tips
Download 20 quick tips to help you spend less time on admin and more time helping your clients!

Practice management

Can I send a HIPAA-compliant fax?

Do you need to send faxes in your practice? We’ll tell you how you can ensure that they’re secure and HIPAA compliant.

You can send a HIPAA-compliant fax. And we’re going to explain how.

As a healthcare provider, you may feel you have no choice – you have to send certain information by fax. 

There are multiple ways to send a fax. Not all of them are HIPAA compliant. 

If you’re using an online efax service, there are certain boxes you need to check. 

Even a traditional fax machine that uses a landline isn’t HIPAA compliant if not used properly.

After reading this article, you’ll be able to confidently send faxes knowing they’re secure and compliant. No matter what kind of fax you use. 

Making traditional faxes HIPAA compliant

One appeal of using a traditional fax machine is that they send data through a regular phone line. This type of communication falls under HIPAA’s “conduit exception.” You don’t need a business associate agreement (BAA) from the telephone provider.


What’s the HIPAA conduit exception?

HIPAA’s “conduit exception” applies to services, such as the US Postal Service, that only transfer the information. The service can’t access the data and doesn’t store it for longer than necessary to complete the transmission.


What’s a BAA? 

An agreement between you and a service provider stating that they will keep your clients’ information safe.

Read more about BAAs in our blog post Do you need a Business Associate Agreement


But that doesn’t mean your faxes are automatically HIPAA compliant.

You still have to put reasonable safeguards in place to protect the sensitive information you send. These safeguards may vary depending on how you communicate.  

Here’s what the US Department of Health and Human Services says about faxing. 

“When faxing protected health information to a telephone number that is not regularly used, a reasonable safeguard may involve a provider first confirming the fax number with the intended recipient. Similarly, …pre-program frequently used numbers directly into the fax machine to avoid misdirecting the information.” 

Here are some additional safeguards that will ensure your faxes are HIPAA compliant:

  • Put your fax machine in a secure location
  • Don’t leave faxes on the fax machine
  • Securely file or dispose of received faxes 
  • Use a cover sheet with a HIPAA fax disclaimer. A cover sheet shields health information from unauthorized viewing. And a disclaimer notifies the recipient of the confidential nature of the information.

Wondering what disclaimer to add to your fax cover sheet? Enter your information below and receive a free, editable fax cover sheet with a HIPAA disclaimer included. 

Download your cover sheet, and you’ll also get 5 tips to make sure your online faxes are truly HIPAA compliant delivered to your inbox. 

Free fax cover sheet and HIPAA disclaimer

What can go wrong with faxing health information?

A lot can go wrong with traditional fax machines. Human error accounts for many common mistakes. 

  • Cover sheets are left off
  • Wrong numbers are entered (this can easily happen if numbers aren’t stored in the machine’s memory)
  • Faxes are left on the machine
  • Faxes are lost 
  • Fax pages are mixed in with pages from a different fax  


02_Messy faxes_HIPAAcompliantfax

Why are practitioners still using traditional fax?

Change is hard. Which might be why many practitioners are still using the old-style fax machine. 

However, there are also a lot of misconceptions about old technology versus new technology.

Let’s take a look at some of these misconceptions about traditional fax. 



It’s a simple solution that seems more reliable than using an internet based communication tool.

Traditional fax machines can result in misprinted or mixed up faxes.

You can send a fax in real time.

Opening an online fax application, attaching or scanning a file, and hitting “send” can take about the same time it takes to send a traditional fax. Also, don’t forget about busy signals. That’s a frustration most of us have forgotten, but they still happen with traditional faxes.

The physical nature of a fax leads to the illusion of security.

Although it’s not as easy to hack a traditional phone line as an internet connection, it can be done and faxes can be intercepted. Paper faxes can also be lost or mishandled if the safeguards mentioned above aren’t put in place. To assume that traditional fax machines are immune to security issues is a mistake.

Can be used when physical signatures are preferred over e-signatures.

Thanks to two laws, ESIGN and UETA, electronic signatures have the same legal effect as traditional handwritten signatures.

It’s easier to use what you already know (even if it isn’t efficient) than change to something you don’t know.

Changing to electronic faxing is as easy as subscribing to a new service. Online fax services require very little setup and you can use them as soon as you get an account. 


Online faxing can be HIPAA compliant

Electronic faxing, or efaxing, takes fax into the modern, digital world. 

Instead of bits of code sent down the phone line, online fax services transfer digital images over the internet. They’re delivered to an email account or, in some cases, a secure message center. 

Be careful – many fax services call themselves secure, but they aren’t HIPAA compliant unless they offer a BAA. 

“If you’re using an online fax service in your practice, it's important to obtain a BAA. But it's equally important to understand that a BAA doesn’t guarantee HIPAA compliance. It’s up to you to use the service in a compliant manner.”

Steve Youngman, Vice-President of Legal, Hushmail

Using a HIPAA-compliant efax service is just the first step. There are some best practices you should adopt to make sure your faxes are truly HIPAA compliant. 

Efax is more efficient and convenient than the traditional fax machine. For one thing, it isn’t dependent on your recipient having a fax machine of their own. If they do have a fax machine, they can receive your efax. But they can also receive it through email if they’re using an online fax service. No one is limited because of equipment. 

Efax also doesn’t require a pricey machine, toner, maintenance, and energy. 

03_Efaxes are better_HIPAAcompliant fax


“Electronic fax is far more secure, efficient, and HIPAA friendly than traditional fax. And it supports the modern practice, which is typically digitally based and reliant. But be sure that you are using a HIPAA-appropriate efax service.”

Liathana Dalton, Director, Person Centered Tech

HIPAA-compliant fax services 

Here are a few HIPAA-compliant fax services to help you get started in your research:


iPlum provides a variety of online communication tools from HIPAA-compliant text messaging to voice calling to online fax. Their fax service allows you to send and receive faxes through their online portal or mobile app. You can also choose to receive email notifications when a fax arrives. iPlum allows you to use your old fax number, and a BAA is available with the HIPAA-compliant plan.

HIPAA-compliant faxing starts at $20.99/user per month


iFax is a fully compliant HIPAA fax service that offers free BAA signing. Faxes are transmitted with a 256-bit encryption, and you may send and receive faxes through their web platform or any of their apps for Windows, Mac, Android, or iOS. You can get a new fax number with iFax or port your existing one.

iFax starts at $19.99/month.


Srfax allows you to send and receive faxes through their online portal or using your regular email program. If you choose to use email, you simply enter the destination number followed by @srfax.com in the To field of your email. Like iPlum, Srfax allows you to port your existing traditional fax number. It also comes with a 30-day, no-hassle, free trial. Srfax provides a BAA with its HIPAA-compliant plan upon request.

500 pages a month starts at $12.60/month


Like Srfax, Faxage allows you to send and receive faxes through their online portal or using your regular email program. You can also use their mobile app. And like the other services, you can use your old fax number. Faxage will provide a BAA with any of its plans upon request and allows for great flexibility in its plans. Pricing is determined either by the number of faxes or by the minute.

Plans start at $3.49/month

Don’t forget, you can enter your information below to receive a free fax cover sheet and 5 tips for using your online fax service to support your HIPAA compliance. 

Free fax cover sheet and HIPAA disclaimer

FAQs about faxing

Can I fax medical records?

Yes, as long as you’re using a traditional fax machine and put in place the safeguards mentioned above. Or using a HIPAA-compliant efax service that comes with a BAA.

Do I still use a traditional fax number when I use electronic faxing?

Yes. When you send a fax, you’ll send it to your recipient’s fax number. You might do this through an online portal or through your regular email program. This is normally achieved by putting the fax number and the fax service in the To field, like this:


Also, many online fax services will allow you to use your old fax number. 

Does an electronic fax service provide a way to securely store faxes?

Yes. Services that are HIPAA compliant will provide a way to store your faxes as well as keep a record of all transmission receipts. 

Hushmail supports HIPAA-compliant faxing

Sometimes, the hospital, clinic, or practitioner won’t accept anything but a fax. For that reason, you’ll need to have some kind of fax service, either a traditional machine or an online fax provider. 

If you go with an online fax provider, make sure your email is secure and HIPAA compliant. 

Hushmail’s secure email service is a perfect complement to your online fax service. Most online fax services have an email component to them. Either you’ll use email to send the fax. Or you’ll use an online portal but receive email notifications when a fax comes through.

Either way, your email service should also be secure and HIPAA compliant. 

Hushmail for Healthcare comes with all the required security measures and a BAA. Plus, you can set it up so it only receives encrypted emails from a specific sender - such as your fax service. That way you can ensure your faxes are secure.  

HIPAA-compliant fax alternative

It’s true that some places require faxes. However, it’s worth asking if they’ll accept a secure email instead. 

Emails using a HIPAA-compliant service are speedy, secure, and easy to file away. They also give you something a fax service doesn’t… 

The opportunity for collaboration.

For example, with Hushmail you can send a referral to a clinic. They can email a quick reply back asking questions about the client. And you can respond. 

It’s all secure, HIPAA compliant, and in one place. 

So even if you have an online fax service, be sure to sign up for a HIPAA-compliant email service to use with it. Or to possibly use instead. 

Learn more about Hushmail for Healthcare

Similar posts