Your Guide to HIPAA Compliant Fax Services

Image of doctor sending information via text message.
HIPAA practices are used by medical professionals to protect personal health information.

With the risk of personal information being leaked online at an all-time high, you need to take steps to ensure sensitive medical information is protected from cybercriminals. The Health Insurance Portability and Accountability Act (HIPAA) mandates how medical information is transferred and handled. For those who need HIPAA-compliant fax services, this creates a unique set of challenges. 

When you regularly send information, the fax printer can be subject to both device malware and IoT cyberattacks. If you do not encrypt your sent data, any attack within the chain can result in a disaster. 

In this article, I’ll delve into how you can secure your fax information and reach HIPAA compliance. First, let’s take a look at what HIPAA-compliant fax services are.

What are HIPAA Compliant Fax Services?

Modern fax machines have similar capabilities and connectivity as some computers. Files can be stored on internal memory, and the fax machine has internet access without needing to use dial-up in some use-cases. This brings many security risks, much like those associated with IoT devices. US law requires four security rules to be fulfilled:

  1. Having certification for all employees with access to the fax.
  2. Protecting against anticipated unauthorized persons and disclosure.
  3. Finding and protecting against anticipated cybersecurity threats and information theft.
  4. Ensuring the health information’s availability, integrity, and confidentiality.

Thankfully, there are some excellent solutions you can use. Let’s take a look at what they are! 

Photograph of a fax machine up close.
Modern fax machines are as much IoT devices as any printer or scanner!

Top HIPAA Compliant Fax Services

For a service to meet HIPAA compliance legal requirements, you only need a few security features implemented. That said, to make the service usable you also want to have a good user interface and features that make using the fax machine easier.

For a lot of companies, being able to integrate their company header and cover page with the fax, as well as allowing for fax mail to be sent via email, are major improvements and make the functioning of the system much easier.

When considering which system to choose, always take into account how it will fit with the current functioning of your company. Next, I’ll go over the three core features you’ll need to assess! 

3 Core Features

Every type of fax software has three core features that you need to consider before implementing it. 

Primarily, there are security features that make faxing HIPAA compliant. This is what will keep the information of your clients safe and your bottom line safe from lawsuits.

Next, you’ll need to consider the technical solutions for your business requirements. These have little to do with HIPAA but have everything to do with how you’ll be using the software and if it will fit with your current workflow. In many cases, picking out an online fax service that will work remotely and with digital documents will make the process much easier. In these cases, you’ll also need improved on-site or cloud-based protection.

The third set of features are those that assist the business applications of the software. This will include issues like reporting and connectivity with the system. Next, I’ll quickly go through what you’ll want to see from a HIPAA fax service and where you will be able to see if the services I’ve listed here fit your current business model.

How to Choose a HIPAA Compliant Fax Services Provider?

If your company needs to be HIPAA compliant, you need to make an emphasis on data integrity and private information protection. Some enterprises only have a few people HIPAA certified. This might prove to be a challenge when it comes to making an internal solution.

Good HIPAA-compliant fax services need to be both secure and easy to use and provide workflow solutions that apply to your business.

Generally, there will be three areas to consider before making your pick:

  1. Core company service or product
  2. Current cybersecurity standards

Each of these aspects will slightly change what you will want from a provider. Requesting to use a service that is as optimized as possible is always encouraged, as it allows the developers to focus on the particular needs of customers.

1. Adjusting for Core Service or Product

It may sound obvious that you will pick out services that apply to your business specifically, but the issue is not as simple. HIPAA and Gramm-Leach-Bliley Act (GLBA) compliance can be more complicated than you realize. 

You should know how many of your folders contain private information and how many pages are in those folders. If it is only a small amount that you need to send, you only need software that can encrypt the necessary data. 

When operating with documents that fall under HIPAA is the core of your business, your needs will be different. Health insurance providers, vendors, and healthcare providers need software that ensures your workflow remains efficient. In these situations, having an option to keep all of the information on the cloud would be immensely beneficial.

Image of company space with few people sitting at desks.
What software you will need depends on who will use the service and how many people are HIPAA certified.

2. Adjusting for Cybersecurity Standards

Not all companies are investing in cybersecurity at the same pace. Not every company has a grand focus on new technologies and the security features that come with them. Thankfully, the need to become HIPAA compliant doesn’t mean you need to push yourself into hasty modernization. For companies that are testing their cybersecurity strategies and slowly implementing solutions, it is best to have the software take over the security for you.

Cloud-based options and email-based protection is the way to go. Then, when the rest of the company reaches the same level of cybersecurity, you might consider migrating to a different solution.

Now you know what you’re looking for, here’s a handy shortlist of services that may be of interest to your company!

FaxMaker Online

Screenshot of FaxMaker's online user interface being effectively an email with an attachment.
One of the best options for most companies using fax services is FaxMaker Online.

FaxMaker Online is a popular solution that works flawlessly in most businesses, including ones using older systems.

For some users, it can lack customization options, yet you can scale it and use it for large traffic volumes. The drawback is a lack of workflow options that might be available with some other solutions.

In most cases, faxes are sent very sporadically and only upon request. This means that, in virtually all scenarios, it’s better to simply have more people certified to use it than have one person dedicated to sending HIPAA-compliant fax documents.

When it comes to security features, this service is as secure as it gets. Primarily, it’s because it doesn’t go through stacking security features to protect the messages, but rather reduces the number of possible attack angles.

For one, the service can send out fax without ever stacking your fax machine with the data from the message. This means that if there was an intrusion, or if unauthorized personnel have access to the machine, they won’t be able to see the documents sent. In these cases, faxes are sent via email and are subject to the same strict email security. The recipient will then receive an email with the message that they will be able to send to the fax machine. Because of this, there is no way for any document sent to be left unsupervised for any amount of time. You can send it in the middle of the night and the recipient will be able to print it when they are available without anyone else having access.

You can send multiple faxes at the same time, or the same fax to multiple recipients, as you would an email. The system utilizes all of the cybersecurity features present on your device and your existing system.

Finally, you can use reporting and overview, which are useful when checking where the faxes were sent. This tool can also assist with both the business and security sides of the process.

Cost of FaxMaker Online

As is often the case with HIPAA-compliant fax services, you’ll page per page. The smallest number of pages you can buy is 1800, which will cost you $142.90 per year, or 7.9 cents per page.

The biggest plan is for 12,000 pages which will cost you $861.90 per year or approximately 7.1 cents per page.

The 11% discount might not sound a lot per page, but for companies that surpass even the large order and would use multiple per year, the prices stack up. Corporate clients that surpass the number should contact the service directly and request an even better deal.

Concord Cloud Fax

Image of Concord Cloud Fax logo.
Though Concord is very advanced, it has a learning curve and is quite expensive.

Concord Cloud Fax provides a set of advanced features when it comes to HIPAA-compliant fax services and is useful for unorthodox business structures.

This software places a large emphasis on cloud services and collaboration, making it a good choice for businesses that don’t work from the same spot. The amount of cybersecurity is also on a high level, significantly surpassing any HIPAA standard.

The downside of the system is that it is a completely new user interface and anyone working for you will need time to familiarize themselves with the app.

The emphasis on cloud services means that you will need to make sure that your current cloud solutions are compatible with what Concord is offering.

Overall, this set of software solutions is useful for companies that need to send a limited number of HIPAA-compliant fax messages from time to time.

Cloud services are a great solution when you need multiple points of connection. You can even use fax numbers from different countries on the same system. This will charge the calls locally and allows you to work with services outside of the US.

Cost of Concord Cloud Fax

The biggest issue with Concord is the pricing. They require you to ask for a quote and won’t give you a ballpark figure directly on the website. This is unsurprising because they are not cheap.

Approximately, sending faxes will cost you $3.20 per page, far more expensive than some other services.

mFax by Documo

Illustration of a woman sending a fax using Documo mFax.
Documo is very secure and easy to use but lacks some advanced features.

Documo has a solid software development strategy and their solutions are usually strictly focused on what they seek to solve. For HIPAA-compliant fax services, they offer their mFax service, a simple but effective solution for securely sending fax documents.

The main thing to know about the Documo mFax is what methods the software allows you to send your documents. You will be able to send via fax machine, email, or Voice over Internet Protocol (VoIP). All three cater to a certain type of fax recipient, letting you diversify your offerings.

Unlike most fax services that focus on uniformity, Documo mFax emphasizes adaptability. Their app offers you the ability to send secure documents from a wide range of devices, including smartphones. This gives you a lot of options when it comes to organizing your business, but these options come with challenges. You’ll need to make sure all of the devices being used are secure and stay current on any new attacks. 

There is the option for VoIP fax numbers, which is excellent for companies that wish to extend beyond the US and still keep the same personal information security applicable in the states. Documo offers VoIP fax numbers for companies that wish to extend beyond the US. This would allow you to keep the same personal information security applicable in the states. 

Overall, Documo is a solid choice because the app itself is secure and robust

Cost of Documo

Documo’s mFax is one of the most affordable services available, starting at only $25 per month. This price will cost you 10 cents per page and you will get 250 pages per month.

With the biggest package of 2500 pages per month, a single page will cost 5 cents, totaling potentially $125 per month for the service with only one fax number.


Image of iFax user interface.
Though meant for Apple products, iFax works everywhere and works well.

iFax is an Apple-developed product and boasts the expected Apple style. It’s incredibly simple to use, and it has all of the features you would need to send and receive fax documents that are HIPAA compliant.

The iFax is both HIPAA and GLBA compliant. GLBA compliance is needed in the financial industry for the same reason: to protect the privacy and personal information of the client. 

iFax can work cross-platform, including both desktop operating systems and those found on mobile. The app is mostly adapted for Apple products but doesn’t have any restrictions when it comes to who can use it.

The iFax app supports email-to-email sending, as well as creating smart folders with your online storage option like Google Drive, Dropbox, or iCloud.They allow a demo that works without any encryption if you wish to see how the user interface looks. This means its simple non-HIPAA compliant sending can be free for a limited number of pages.

Cost of iFax

Those who need HIPAA-compliant services will need to go with the professional plan. This plan starts at 1000 pages costing between $25 and $1,666.70 per month, making one-page cost between 2.5 cents and 1.6 cents.


Image of SRFax company logo.
You get all the features you need with SRFax but require a special plan for HIPPA compliance.

SRFax is a service that has been around for a while and has a good legacy when it comes to performance. The user interface is slightly clunky, but it’s very clean and easy to go through. The app allows you to use the software for free with a month-long demo. SRFax is sold as a Software as a Service (SaaS) program.

When it comes to security software, SRFax is solid with using the optional Pretty Good Privacy (PGP) encryption to protect the data from all known threats. This is required under the FTC rules and HIPAA. Such a security model is not perfect. You will need to invest in device safety if using it for a business, but it is compliant and relatively affordable.

Overall, SRFax is a great service for those who offer services to remote areas. The software can route fax documents that come from other numbers and do so securely. This makes it an excellent choice for businesses that offer services to areas without a phone number. 

Cost of SRFax

SRFax is relatively affordable, especially for smaller operations. The smallest plan is 200 pages per month for $10.95, making each page cost 5.4 cents. The biggest plan is 800 pages for $19.95, which equates to 2.4 cents per page.

In both cases, additional pages cost 5 cents. This is somewhere in the middle of the road when it comes to pricing. You’ll have to decide if the price is worth it when you consider the services provided. 

Final Thoughts

For any company dealing with medical records, faxes sent must be HIPAA compliant. 

But, not every company needs the same service and it is important to know how you will be sending and receiving the fax documents that you need. This includes the number of people that are HIPAA certified to use the solution. Each option will need a different set of security solutions and workflow solutions, making the result much more secure, easier to manage, and with straightforward reporting.

When picking out the service, make sure you are familiar with the volume you need as most services are charged per page. You also need to know how your company works and how technically competent your employees are. With this information, you will be on the right path to finding an optimized service. 

Do you have more questions about HIPAA-compliant faxes? Check out the FAQs and Resources below!


Are electronic faxes HIPAA compliant?

You will need to check each machine to see if it meets HIPAA compliance. Most options available will be HIPAA compliant, or at least capable of connecting through devices that are. If not and you’re handling medical files stop immediately and get one that is; it’s a legal requirement!

Does the fax need to be HIPAA compliant?

No. Fax is used to send scanned documents directly through a phone modem to another fax device. HIPAA only concerns personal privacy information and those who handle it like healthcare organizations. Often organizations use fax machines because they are the easiest way to ensure HIPAA IT compliance for any business that handles such information.

What can I use instead of fax?

For sending messages and media there are much better options than fax machines, including emails and instant messages. Yet, the reason why email and IM haven’t killed the fax is security concerns. Hard copies can be much more secure than digital media. This makes faxes an ideal choice for data transfer while meeting HIPAA compliance.

Can I send a fax from my computer?

Yes. It’s easy to send a send fax from Windows computers as fax is an integrated function. It’s a bit more difficult for UNIX-based systems that need Third-party software. Especially with good Third-party software, you can be HIPAA compliant and use fax systems with any modern system even if you don’t have the fax machine itself.

Can you fax from Gmail for free?

Yes. There are options to use email to email and fax to email options with Gmail, sending information through a fax number. That said, it’s always recommended to use additional HIPAA software if you wish to ensure that the process is complying with the FTC standard.


TechGenix: Article on the Biggest Myths and Misconceptions about Faxing

Learn more about the biggest faxing myths and misconceptions.

TechGenix: Article on Fax Machines in Healthcare 

Learn more about using fax machines in healthcare settings.

TechGenix: Article on Avoiding HIPAA Compliance Breaches

Check out the best ways to avoid beaching HIPAA compliance.

TechGenix: Article on Online Fax Services

Explore your options when it comes to online fax services available today.

TechGenix: Article on Sending Faxes through Email

Find out how you can send fax documents through email and what to expect.

Federal Trade Commission: Article on the Gramm-Leach-Bliley Act

Read more about the Gramm-Leach-Bliley Act from the US Federal Trade Commission’s site.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top