1. Regulations concerning patient record confidentiality

  2. Why faxes will continue in healthcare

  3. Barriers to having HIPAA compliant faxes

  4. Tips for HIPAA compliance using a traditional fax machine

  5. Benefits of web-based faxing to ensure HIPAA-compliant faxes

  6. GFI Software solutions to help ensure HIPAA compliant faxes

  7. Blogs

  8. HIPAA compliant fax resources

What are the regulations concerning patient record confidentiality?

In the last 30 years, many countries have introduced legislation to ensure patient record confidentiality. One notable initiative was the Privacy Rule portion of HIPAA (Health Insurance Portability and Accountability Act), enacted in United States in 1996. The security provision of HIPAA demands that healthcare providers take reasonable care to protect the confidentiality of protected healthcare information (also known as PHI).

IT professionals in the healthcare industry have found HIPAA compliance to be an ongoing challenge, as they have to figure out how to securely authenticate, transmit and store confidential medical documents and patient data. In fact, an entire industry has grown up around products and services designed to help organizations meet the HIPAA data protection requirements. This plethora of rules and regulations might lead the public to believe that their medical secrets are safe, but the sheer amount of data makes security a daunting task.

There are well over one billion healthcare visits per year in the US and each healthcare interaction generates data about patients that is used, shared and analyzed. Effective healthcare requires this data to be routinely shared among general practitioners, specialists, clinics, pharmacists, hospitals, health insurers, governmental agencies and others. These one-billion-plus healthcare visits result in an estimated 30 billion healthcare transactions per year. 1 Conservative estimates say half of these transactions are fax-based.2


Why faxes will continue in healthcare

It was once thought that standalone fax machines would be replaced with email messaging. But email can’t always guarantee to be as secure a form of communication as faxing. For example, an email message and its content might be archived on any number of servers. Email transmission of information also runs into problems with compliance agencies and regulations, such as HIPAA, that require greater security. Unlike emails, a fax cannot be used to carry a virus, phish or harm a company’s network security.

It’s estimated that there are about 125 million fax machines in use in the world today, and close to six million new purchases each year.3 According to a 2012 survey, 85 per cent of U.S. businesses make use of faxing in some form.4

There are three main reasons why faxing is still important to organizations:

  1. To obtain a phone line and a fax machine is still the simplest and least technical way for a healthcare provider to begin communicating with the outside world.

  2. Many companies, especially those in the healthcare, legal and insurance space, are required to transmit medical documents and patient data via fax because of compliance concerns.

  3. Companies are maintaining legacy applications, such as purchasing and billing systems, which are only able to transmit a document via fax.


Because faxing will be around for the foreseeable future, health care providers are looking for ways to securely transmit protected health information (PHI) via fax. Unfortunately, using a traditional fax machine can be a cumbersome process to create HIPAA-compliant faxes.

What is a HIPAA compliant fax?

Faxing is explicitly named in the HIPAA code as an acceptable method to transmit medical records, test results and other healthcare information and instructions.5 Its Privacy Rule allows health care providers to transmit confidential information as long as they use “reasonable safeguards.” While the definition of a “reasonable safeguard” can unfortunately vary, one certainty is that transmitting a HIPAA compliant fax is difficult using a traditional fax machine.

Barriers to having HIPAA compliant faxes

When using a traditional fax machine, providers must be extremely cautious and establish strict faxing protocols to avoid a security breach. Simply keying in one wrong digit on a fax machine could send protected health information (PHI) to an unintended destination. The HIPAA journal reported that seven doctors’ offices in Texas accidentally faxed PHI to the wrong fax number.6 Names, medical histories, medical results and other types of PHI were sent to a local radio station. One of the highest compliance fines assessed were due to HIPAA violations – the New York-Presbyterian Hospital and Columbia University for $4.8 Million.7

HIPAA guidelines suggest confirming unknown fax numbers before sending, though this may be difficult for larger healthcare institutions that have hundreds of individual fax machines in use.

Limits vary by jurisdiction, but a common requirement is to hold patient treatment information, such as medical results, for seven to ten years. The actual time may even be longer. An institution may need to keep records of a minor until the patient reaches the age of majority for the jurisdiction.


These legal retention requirements are challenging for paper-based records such as faxes. Printed patient files can take up considerable space. They may be lost due to theft or disasters (such as fire). Printed ink pages can degrade within the legal archiving time requirement. Additionally, searching for information is time-consuming if done manually. An institution also runs the risk of faxes not being attached to a patient’s record when required to produce proof of information.

Tips for HIPAA compliance using a traditional fax machine

Some PHI safeguards for traditional fax machines include:

  1. Confirm the fax number with the intended recipient when faxing PHI to a telephone number that is not regularly used.

  2. Call the recipient to make sure their fax machine is not in a public area and is in a protected location.

  3. If you know you will be receiving PHI via fax, ask the person faxing you to give you advanced notice so that you will be around to immediately remove the pages from the fax machine.

  4. Pre-program frequently used numbers directly into the fax machine to avoid misdialing.

  5. When faxing PHI, don’t leave the fax machine until the transmission is complete.

  6. Use printed cover sheet pages with the approved HIPAA statement for all PHI faxes.

  7. Include a confidentiality statement on fax cover pages when the fax includes PHI.

  8. Keep an accurate audit trail of every fax involving PHI to avoid fines for non-compliance.


Benefits of web-based faxing to ensure HIPAA-compliant faxes

Working with traditional fax machines to produce HIPAA compliant faxes adds a burden to an already heavy workload for frontline staff. Because of this, many health care providers are turning to web-based electronic faxing – using faxing software and network fax servers – to better ensure HIPAA compliant faxing.

Network faxing is designed to work with existing systems and use an organization’s existing network. It needs no dedicated phone line or fax machine. It needs no paper, no ink and no human monitoring. Network faxing enables staff to fax from Electronic Healthcare Record (EHR) applications, Project Management (PM) software, their desktop, from office applications by email, a Customer Relationship Management (CRM) platform and many other applications.

Network faxing eliminates many of the issues that traditional fax machines have in creating HIPAA compliant faxes:

  • Faxes are received electronically, eliminating the problem of faxes on the fax machine for anyone to read.

  • The process of manual phone dialing is removed, so sending a fax with sensitive information to the wrong fax number is greatly reduced.

  • Cover sheets with the approved HIPAA statement for all PHI faxes can be automatically programmed into an electronic fax.

  • No longer do faxes have to be scanned before being entered in an EHR application.

  • Staff efficiency is increased, since no one has to wait to scan and monitor the faxing process.

  • Medical practices that use network faxing are reporting efficiency savings of up to 80 percent.8

  • Network faxing software can catalog, index and archive faxes automatically.

  • The risk of losing or misfiling a fax is exponentially reduced.

  • Network faxing, along with electronic archiving, enables easier tracking and retrieval of past faxes – creating an accurate audit trail of every fax involving PHI.

  • Medical providers can search their archive database to know who received communications and when.

  • Faxes are stored more securely.

  • Some network faxing software can even monitor all types of communications and even block any information from being sent if this is against regulations or hospital policies.

Try GFI FaxMaker for free

GFI Software solutions to help ensure HIPAA compliant faxes

GFI FaxMaker is a network fax server software that enables email to fax and fax to email for Exchange and other SMTP servers in a secure, encrypted environment.

Faxing protocols make it nearly impossible to intercept a fax in mid-transmission – making it more secure than email. Electronic faxing with GFI FaxMaker makes it easy to access this more secure protocol.

An organization can install the GFI FaxMaker fax service as a physical, on-premise service with a standard fax modem; as a virtual Fax over IP (FoIP) through a gateway or VoIP phone system, or through Hybrid faxing with no equipment but integrated with a cloud-based faxing system.

GFI FaxMaker is not only popular in the healthcare industry because it acts as a HIPAA compliant fax service, but also because of its ease of use:

  • Users can sign in to the GFI FaxMaker web client, fill in fax content on-screen, add attachments and simply click send.

  • GFI FaxMaker allows users to fax directly through an email application. Simply start to compose an email and in the “To:” box enter a fax number with “@faxmaker.com” at the end. Fill out the subject line, add body content and attachments and send.

  • Incoming faxes pass through an OCR (optical character recognition) module that makes it possible to search in the fax body. This feature is useful when older faxes have to be retrieved.

  • It provides features such as API, SMS alerts and digital signatures.


A companion to GFI FaxMaker is GFI Archiver. Healthcare facilities have to employ fast, safe and efficient storage software for faxes and other PHI records. Archiving can all be done with GFI Archiver. The system allows for intelligent reporting, and it is already configured to run reports that comply with HIPAA and other record confidentiality mandates.



How online faxing cures a widespread healthcare headache
Learn why online faxing offers a more functional way to fax.

Read the blog


Seven reasons why online faxing is good for healthcare providers
Find out the top seven things that online faxing offers your business.

Read the blog


Faxing in the healthcare industry – HIPAA compliance
Learn why fax servers are the only way to safely and securely transmit confidential patient data.

Read the blog

HIPAA compliant fax resources


GFI FaxMaker trial
Try GFI FaxMaker fax service free for 30 days with access to all GFI FaxMaker features and customer support.

Download the trial


Faxing efficiency through automation
See why in many countries, faxing is still the only way of sending compliant documents electronically.

Watch the video


Faxing in the healthcare industry
Watch this quick video to find out more about faxing in the healthcare industry.

Watch the video


Integrated network faxing key to improved productivity and information security
Download this white paper and discover how network faxing reduces labor costs and increases information security.

Download the whitepaper

Related Posts

Everything You Need to Know: NIS2 and Healthcare Data Security

15 ott 2023

Everything You Need to Know: NIS2 and Healthcare Data Security

Explore the essentials of NIS2 compliance in the healthcare sector and uncover how NIS2 standards are crucial for protecting patient data amidst the growing digital threats. We also introduce how tools like GFI LanGuard can aid in navigating the compliance pathway, making the journey toward enhanced data security more straightforward for healthcare providers.

Your Guide to GFI AppManager’s General Availability: Join Our Upcoming Webinar

4 ott 2023

Your Guide to GFI AppManager’s General Availability: Join Our Upcoming Webinar

Dive into the capabilities of the GFI AppManager in our upcoming launch webinar. We'll be unveiling all its groundbreaking features and showcasing a live demonstration of this revolutionary cloud platform. Register now to explore how GFI AppManager is set to redefine IT management and secure your spot in the session.

Highlights del Managed Services Summit: GFI AppManager e la nostra partnership con QBS

19 set 2023

Highlights del Managed Services Summit: GFI AppManager e la nostra partnership con QBS

Entrate nel Managed Services Summit di Londra di quest'anno. Questo blog vi offre un posto in prima fila per assistere alla partnership trasformativa tra GFI Software e QBS e alla presentazione di GFI AppManager, la nostra piattaforma cloud rivoluzionaria progettata per rivoluzionare il panorama degli MSP. Dall'avvincente keynote del nostro CEO Eric Vaughan alle novità sui prodotti, scoprite come stiamo rimodellando il futuro dei servizi gestiti.

GFI Software e QBS Software annunciano l'estensione della loro partnership strategica

13 set 2023

GFI Software e QBS Software annunciano l'estensione della loro partnership strategica

La collaborazione è destinata ad amplificare le soluzioni MSP di GFI nel Regno Unito, con particolare attenzione alla nuovissima soluzione MSP appositamente costruita, GFI AppManager.

GFI Software annuncia la trasformazione GenAI dell'intero portafoglio software con CoPilot

7 set 2023

GFI Software annuncia la trasformazione GenAI dell'intero portafoglio software con CoPilot

GFI Software, leader negli strumenti IT per il mercato delle PMI, ha presentato oggi un'iniziativa innovativa per rafforzare l'intero portafoglio di prodotti con funzionalità GenAI. GFI Software introdurrà il componente GenAI "CoPilot" in tutti i suoi prodotti, avanzando la sua posizione all'avanguardia tra le aziende di software con soluzioni GenAI-driven.

GFI Software: Orgoglioso co-sponsor principale del Managed Services Summit di Londra!

23 ago 2023

GFI Software: Orgoglioso co-sponsor principale del Managed Services Summit di Londra!

GFI Software sarà il Co-Sponsor principale del prossimo Managed Services Summit di Londra insieme al partner GFI QBS, che si terrà il 13 settembre 2023. Questo prestigioso evento riunisce leader, innovatori ed esperti del settore dei servizi gestiti per esplorare le ultime tendenze, tecnologie e strategie che stanno plasmando il futuro dei servizi IT.