With the risk of personal information being leaked online at an all-time high, you need to take steps to ensure sensitive medical information is protected from cybercriminals. The Health Insurance Portability and Accountability Act (HIPAA) mandates how medical information is transferred and handled. For those who need HIPAA-compliant fax services, this creates a unique set of challenges.
When you regularly send information, the fax printer can be subject to both device malware and IoT cyberattacks. If you do not encrypt your sent data, any attack within the chain can result in a disaster.
In this article, I’ll delve into how you can secure your fax information and reach HIPAA compliance. First, let’s take a look at what HIPAA-compliant fax services are.
What are HIPAA Compliant Fax Services?
Modern fax machines have similar capabilities and connectivity as some computers. Files can be stored on internal memory, and the fax machine has internet access without needing to use dial-up in some use-cases. This brings many security risks, much like those associated with IoT devices. US law requires four security rules to be fulfilled:
- Having certification for all employees with access to the fax.
- Protecting against anticipated unauthorized persons and disclosure.
- Finding and protecting against anticipated cybersecurity threats and information theft.
- Ensuring the health information’s availability, integrity, and confidentiality.
Thankfully, there are some excellent solutions you can use. Let’s take a look at what they are!
Top HIPAA Compliant Fax Services
For a service to meet HIPAA compliance legal requirements, you only need a few security features implemented. That said, to make the service usable you also want to have a good user interface and features that make using the fax machine easier.
For a lot of companies, being able to integrate their company header and cover page with the fax, as well as allowing for fax mail to be sent via email, are major improvements and make the functioning of the system much easier.
When considering which system to choose, always take into account how it will fit with the current functioning of your company. Next, I’ll go over the three core features you’ll need to assess!
3 Core Features
Every type of fax software has three core features that you need to consider before implementing it.
Primarily, there are security features that make faxing HIPAA compliant. This is what will keep the information of your clients safe and your bottom line safe from lawsuits.
Next, you’ll need to consider the technical solutions for your business requirements. These have little to do with HIPAA but have everything to do with how you’ll be using the software and if it will fit with your current workflow. In many cases, picking out an online fax service that will work remotely and with digital documents will make the process much easier. In these cases, you’ll also need improved on-site or cloud-based protection.
The third set of features are those that assist the business applications of the software. This will include issues like reporting and connectivity with the system. Next, I’ll quickly go through what you’ll want to see from a HIPAA fax service and where you will be able to see if the services I’ve listed here fit your current business model.
How to Choose a HIPAA Compliant Fax Services Provider?
If your company needs to be HIPAA compliant, you need to make an emphasis on data integrity and private information protection. Some enterprises only have a few people HIPAA certified. This might prove to be a challenge when it comes to making an internal solution.
Good HIPAA-compliant fax services need to be both secure and easy to use and provide workflow solutions that apply to your business.
Generally, there will be three areas to consider before making your pick:
- Core company service or product
- Current cybersecurity standards
Each of these aspects will slightly change what you will want from a provider. Requesting to use a service that is as optimized as possible is always encouraged, as it allows the developers to focus on the particular needs of customers.
1. Adjusting for Core Service or Product
It may sound obvious that you will pick out services that apply to your business specifically, but the issue is not as simple. HIPAA and Gramm-Leach-Bliley Act (GLBA) compliance can be more complicated than you realize.
You should know how many of your folders contain private information and how many pages are in those folders. If it is only a small amount that you need to send, you only need software that can encrypt the necessary data.
When operating with documents that fall under HIPAA is the core of your business, your needs will be different. Health insurance providers, vendors, and healthcare providers need software that ensures your workflow remains efficient. In these situations, having an option to keep all of the information on the cloud would be immensely beneficial.
2. Adjusting for Cybersecurity Standards
Not all companies are investing in cybersecurity at the same pace. Not every company has a grand focus on new technologies and the security features that come with them. Thankfully, the need to become HIPAA compliant doesn’t mean you need to push yourself into hasty modernization. For companies that are testing their cybersecurity strategies and slowly implementing solutions, it is best to have the software take over the security for you.
Cloud-based options and email-based protection is the way to go. Then, when the rest of the company reaches the same level of cybersecurity, you might consider migrating to a different solution.
Now you know what you’re looking for, here’s a handy shortlist of services that may be of interest to your company!
FaxMaker Online is a popular solution that works flawlessly in most businesses, including ones using older systems.
For some users, it can lack customization options, yet you can scale it and use it for large traffic volumes. The drawback is a lack of workflow options that might be available with some other solutions.
In most cases, faxes are sent very sporadically and only upon request. This means that, in virtually all scenarios, it’s better to simply have more people certified to use it than have one person dedicated to sending HIPAA-compliant fax documents.
When it comes to security features, this service is as secure as it gets. Primarily, it’s because it doesn’t go through stacking security features to protect the messages, but rather reduces the number of possible attack angles.
For one, the service can send out fax without ever stacking your fax machine with the data from the message. This means that if there was an intrusion, or if unauthorized personnel have access to the machine, they won’t be able to see the documents sent. In these cases, faxes are sent via email and are subject to the same strict email security. The recipient will then receive an email with the message that they will be able to send to the fax machine. Because of this, there is no way for any document sent to be left unsupervised for any amount of time. You can send it in the middle of the night and the recipient will be able to print it when they are available without anyone else having access.
You can send multiple faxes at the same time, or the same fax to multiple recipients, as you would an email. The system utilizes all of the cybersecurity features present on your device and your existing system.
Finally, you can use reporting and overview, which are useful when checking where the faxes were sent. This tool can also assist with both the business and security sides of the process.
Cost of FaxMaker Online
As is often the case with HIPAA-compliant fax services, you’ll page per page. The smallest number of pages you can buy is 1800, which will cost you $142.90 per year, or 7.9 cents per page.
The biggest plan is for 12,000 pages which will cost you $861.90 per year or approximately 7.1 cents per page.
The 11% discount might not sound a lot per page, but for companies that surpass even the large order and would use multiple per year, the prices stack up. Corporate clients that surpass the number should contact the service directly and request an even better deal.
Concord Cloud Fax
Concord Cloud Fax provides a set of advanced features when it comes to HIPAA-compliant fax services and is useful for unorthodox business structures.
This software places a large emphasis on cloud services and collaboration, making it a good choice for businesses that don’t work from the same spot. The amount of cybersecurity is also on a high level, significantly surpassing any HIPAA standard.
The downside of the system is that it is a completely new user interface and anyone working for you will need time to familiarize themselves with the app.
The emphasis on cloud services means that you will need to make sure that your current cloud solutions are compatible with what Concord is offering.
Overall, this set of software solutions is useful for companies that need to send a limited number of HIPAA-compliant fax messages from time to time.
Cloud services are a great solution when you need multiple points of connection. You can even use fax numbers from different countries on the same system. This will charge the calls locally and allows you to work with services outside of the US.
Cost of Concord Cloud Fax
The biggest issue with Concord is the pricing. They require you to ask for a quote and won’t give you a ballpark figure directly on the website. This is unsurprising because they are not cheap.
Approximately, sending faxes will cost you $3.20 per page, far more expensive than some other services.
mFax by Documo
Documo has a solid software development strategy and their solutions are usually strictly focused on what they seek to solve. For HIPAA-compliant fax services, they offer their mFax service, a simple but effective solution for securely sending fax documents.
The main thing to know about the Documo mFax is what methods the software allows you to send your documents. You will be able to send via fax machine, email, or Voice over Internet Protocol (VoIP). All three cater to a certain type of fax recipient, letting you diversify your offerings.
Unlike most fax services that focus on uniformity, Documo mFax emphasizes adaptability. Their app offers you the ability to send secure documents from a wide range of devices, including smartphones. This gives you a lot of options when it comes to organizing your business, but these options come with challenges. You’ll need to make sure all of the devices being used are secure and stay current on any new attacks.
There is the option for VoIP fax numbers, which is excellent for companies that wish to extend beyond the US and still keep the same personal information security applicable in the states. Documo offers VoIP fax numbers for companies that wish to extend beyond the US. This would allow you to keep the same personal information security applicable in the states.
Overall, Documo is a solid choice because the app itself is secure and robust.
Cost of Documo
Documo’s mFax is one of the most affordable services available, starting at only $25 per month. This price will cost you 10 cents per page and you will get 250 pages per month.
With the biggest package of 2500 pages per month, a single page will cost 5 cents, totaling potentially $125 per month for the service with only one fax number.
iFax is an Apple-developed product and boasts the expected Apple style. It’s incredibly simple to use, and it has all of the features you would need to send and receive fax documents that are HIPAA compliant.
The iFax is both HIPAA and GLBA compliant. GLBA compliance is needed in the financial industry for the same reason: to protect the privacy and personal information of the client.
iFax can work cross-platform, including both desktop operating systems and those found on mobile. The app is mostly adapted for Apple products but doesn’t have any restrictions when it comes to who can use it.
The iFax app supports email-to-email sending, as well as creating smart folders with your online storage option like Google Drive, Dropbox, or iCloud.They allow a demo that works without any encryption if you wish to see how the user interface looks. This means its simple non-HIPAA compliant sending can be free for a limited number of pages.
Cost of iFax
Those who need HIPAA-compliant services will need to go with the professional plan. This plan starts at 1000 pages costing between $25 and $1,666.70 per month, making one-page cost between 2.5 cents and 1.6 cents.
SRFax is a service that has been around for a while and has a good legacy when it comes to performance. The user interface is slightly clunky, but it’s very clean and easy to go through. The app allows you to use the software for free with a month-long demo. SRFax is sold as a Software as a Service (SaaS) program.
When it comes to security software, SRFax is solid with using the optional Pretty Good Privacy (PGP) encryption to protect the data from all known threats. This is required under the FTC rules and HIPAA. Such a security model is not perfect. You will need to invest in device safety if using it for a business, but it is compliant and relatively affordable.
Overall, SRFax is a great service for those who offer services to remote areas. The software can route fax documents that come from other numbers and do so securely. This makes it an excellent choice for businesses that offer services to areas without a phone number.
Cost of SRFax
SRFax is relatively affordable, especially for smaller operations. The smallest plan is 200 pages per month for $10.95, making each page cost 5.4 cents. The biggest plan is 800 pages for $19.95, which equates to 2.4 cents per page.
In both cases, additional pages cost 5 cents. This is somewhere in the middle of the road when it comes to pricing. You’ll have to decide if the price is worth it when you consider the services provided.
For any company dealing with medical records, faxes sent must be HIPAA compliant.
But, not every company needs the same service and it is important to know how you will be sending and receiving the fax documents that you need. This includes the number of people that are HIPAA certified to use the solution. Each option will need a different set of security solutions and workflow solutions, making the result much more secure, easier to manage, and with straightforward reporting.
When picking out the service, make sure you are familiar with the volume you need as most services are charged per page. You also need to know how your company works and how technically competent your employees are. With this information, you will be on the right path to finding an optimized service.
Do you have more questions about HIPAA-compliant faxes? Check out the FAQs and Resources below!
Are electronic faxes HIPAA compliant?
You will need to check each machine to see if it meets HIPAA compliance. Most options available will be HIPAA compliant, or at least capable of connecting through devices that are. If not and you’re handling medical files stop immediately and get one that is; it’s a legal requirement!
Does the fax need to be HIPAA compliant?
No. Fax is used to send scanned documents directly through a phone modem to another fax device. HIPAA only concerns personal privacy information and those who handle it like healthcare organizations. Often organizations use fax machines because they are the easiest way to ensure HIPAA IT compliance for any business that handles such information.
What can I use instead of fax?
For sending messages and media there are much better options than fax machines, including emails and instant messages. Yet, the reason why email and IM haven’t killed the fax is security concerns. Hard copies can be much more secure than digital media. This makes faxes an ideal choice for data transfer while meeting HIPAA compliance.
Can I send a fax from my computer?
Yes. It’s easy to send a send fax from Windows computers as fax is an integrated function. It’s a bit more difficult for UNIX-based systems that need Third-party software. Especially with good Third-party software, you can be HIPAA compliant and use fax systems with any modern system even if you don’t have the fax machine itself.
Can you fax from Gmail for free?
Yes. There are options to use email to email and fax to email options with Gmail, sending information through a fax number. That said, it’s always recommended to use additional HIPAA software if you wish to ensure that the process is complying with the FTC standard.
TechGenix: Article on the Biggest Myths and Misconceptions about Faxing
Learn more about the biggest faxing myths and misconceptions.
TechGenix: Article on Fax Machines in Healthcare
Learn more about using fax machines in healthcare settings.
TechGenix: Article on Avoiding HIPAA Compliance Breaches
Check out the best ways to avoid beaching HIPAA compliance.
TechGenix: Article on Online Fax Services
Explore your options when it comes to online fax services available today.
TechGenix: Article on Sending Faxes through Email
Find out how you can send fax documents through email and what to expect.
Federal Trade Commission: Article on the Gramm-Leach-Bliley Act
Read more about the Gramm-Leach-Bliley Act from the US Federal Trade Commission’s site.