the top providers of online fax services
We have reviewed over two dozen of the top online fax brands on the market and consolidated our findings on this site. Use our comparison chart below to make a quick decision on the best online fax service for your needs.
Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in 1996. The act, in a nutshell, provides security and privacy for medical information. That means that there are rules and requirements around the way healthcare information is stored and transmitted. For instance, many doctors will not email medical records to patients because of security requirements in HIPAA laws.
To be HIPAA-compliant, a provider must be able to share medical information with appropriate safeguards. When it comes to faxing, HIPAA requirements mandate certain safeguards to make sure that information transmitted through faxing – including online faxing – is secure. Those requirements range from including a cover sheet to sending verifying destination numbers
Who Needs a HIPAA Compliant Fax Service?
Any business that transfers healthcare information and data will need a HIPAA compliant service. That includes healthcare professionals and providers, pharmacies, and insurance agencies. Click here for more on who faxes healthcare information.
Online faxing automatically includes several of the provisions required by HIPAA for secure online faxing; faxes are stored in your secure online account, many online providers maintain transaction logs, and there are no fax machines to move into secure areas.
What Does It Mean To Have a Business Associate Agreement?
A Business Associate Agreement (BAA) is a contract between a HIPAA covered entity – any organization or business that handles personal health information – and a business associate, which means any organization or person providing services to the HIPAA entity. The BAA ensures that the business associate (for instance, a fax provider) is accountable for protecting the personal health information it is handling or transmitting.
Some fax service providers offer HIPAA compliance, but won’t sign a BAA. Many of them maintain their compliance even without the BAA by acting as a simple conduit for information, meaning they are excluded from the definition of a business associate per HIPAA’s language.
Some companies, for instance, asks HIPAA-regulated customers to sign a HIPAA Conduit setting specifically for transmission of sensitive data. That agreement ensures that the faxing company takes certain steps, including automatically deleting all messages and calls after 30 days, disabling SMS messaging, and disabling attachment of voicemail audio files and fax images to message notification emails. By adhering to those practices, the company is not technically handling patient data, and cannot be held liable for its security.
With the new 2013 Omnibus modification to the HIPAA/HITECH Acts, more security and safeguards are required of anyone who transmits or handles patient health information. For some HIPAA-covered entities or businesses, it may be worth a close look at the fax provider’s policies and the updated HIPAA regulations to make sure HIPAA compliance is not in name only.
If you’re a business that handles patient documents, you can use a provider that won’t sign a BAA. However, if you do so, make sure you understand what safeguards are in place to ensure that the fax provider is indeed adhering to HIPAA regulations. For instance, simply saying a service offers “encryption” isn’t enough, since data must be encrypted both in transit and at rest to be HIPAA-compliant. The fax provider must also be able to show that it is not storing personal health information.
These online fax services will sign a Business Associate Agreement: