What Does HIPAA Compliance Mean?

the top providers of online fax services

We have reviewed over two dozen of the top online fax brands on the market and consolidated our findings on this site. Use our comparison chart below to make a quick decision on the best online fax service for your needs.

Exclusive FC DiscountThis icon indicates that the price or included minutes of that particular plan are only available through the links on FaxCompare.com

Online Fax Service
  • Reviewed Plan
  • HIPAA compliant
  • Business Associate Agreement
  • Monthly Fees
  • Annual Payment Discount
  • Hidden Fees
  • Start Up Fee
  • Free Trial Period
  • Free Incoming Pages
  • Free Outgoing Pages
  • Users in Plan
  • Online Fax Storage
  • Customer Support
  • Premium Upgrades
  • Corporate Packages
  • Send Faxes by email
  • Incoming Overage Pages
  • Outgoing Overage Pages
 
Exclusive FC Discount
  • Healthcare Basic
  • Yes
  • Yes
  • $10.95
  • $9.00/ month
  • No
  • Free +
  • 30 Days
  • 500 Total
  • Combined
  • Unlimited
  • Unlimited
  • M-F 6-5 EST
  • Yes
  • Yes
  • Yes, but
  • $0.035
  • $0.035
Exclusive FC Discount
  • Professional
  • Yes
  • Yes
  • $7.95
  • N/A
  • No
  • Free +
  • No, but
  • 300
  • 300
  • Unlimited
  • Unlimited
  • M-F 9:30-4:30 MST
  • Yes
  • Yes
  • Yes, but
  • $0.05
  • $0.05
  • eFax Plus
  • Yes
  • No
  • $16.95
  • $14.13/ month
  • No
  • Free, but
  • 14 Days
  • 150
  • 150
  • 5
  • Unlimited
  • 24/7
  • Yes
  • Yes
  • Yes, but
  • $0.10
  • $0.10
  • Fax 1500
  • Yes
  • No
  • $22.99
  • $17.99/ month
  • No
  • Free
  • 7 Days
  • 1,500 Total
  • Combined
  • 30
  • Unlimited
  • Phone & Web
  • Yes
  • Yes
  • Yes, but
  • $0.049
  • $0.049

Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in 1996. The act, in a nutshell, provides security and privacy for medical information. That means that there are rules and requirements around the way healthcare information is stored and transmitted. For instance, many doctors will not email medical records to patients because of security requirements in HIPAA laws.

To be HIPAA-compliant, a provider must be able to share medical information with appropriate safeguards. When it comes to faxing, HIPAA requirements mandate certain safeguards to make sure that information transmitted through faxing – including online faxing – is secure. Those requirements range from including a cover sheet to sending verifying destination numbers

Who Needs a HIPAA Compliant Fax Service?

Any business that transfers healthcare information and data will need a HIPAA compliant service. That includes healthcare professionals and providers, pharmacies, and insurance agencies. Click here for more on who faxes healthcare information.

Online faxing automatically includes several of the provisions required by HIPAA for secure online faxing; faxes are stored in your secure online account, many online providers maintain transaction logs, and there are no fax machines to move into secure areas.

What Does It Mean To Have a Business Associate Agreement?

A Business Associate Agreement (BAA) is a contract between a HIPAA covered entity – any organization or business that handles personal health information – and a business associate, which means any organization or person providing services to the HIPAA entity. The BAA ensures that the business associate (for instance, a fax provider) is accountable for protecting the personal health information it is handling or transmitting.

Some fax service providers offer HIPAA compliance, but won’t sign a BAA. Many of them maintain their compliance even without the BAA by acting as a simple conduit for information, meaning they are excluded from the definition of a business associate per HIPAA’s language.

eFax, for instance, asks HIPAA-regulated customers to sign a HIPAA Conduit setting specifically for transmission of sensitive data. That agreement ensures that RingCentral takes certain steps, including automatically deleting all messages and calls after 30 days, disabling SMS messaging, and disabling attachment of voicemail audio files and fax images to message notification emails. By adhering to those practices, the company is not technically handling patient data, and cannot be held liable for its security.

The conduit agreement RingCentral provides does allow them to claim HIPAA compliance without a BAA in place, although it makes some feel nervous not to have the extra safeguard in place.

With the new 2013 Omnibus modification to the HIPAA/HITECH Acts, more security and safeguards are required of anyone who transmits or handles patient health information. For some HIPAA-covered entities or businesses, it may be worth a close look at the fax provider’s policies and the updated HIPAA regulations to make sure HIPAA compliance is not in name only.

If you’re a business that handles patient documents, you can use a provider that won’t sign a BAA. However, if you do so, make sure you understand what safeguards are in place to ensure that the fax provider is indeed adhering to HIPAA regulations. For instance, simply saying a service offers “encryption” isn’t enough, since data must be encrypted both in transit and at rest to be HIPAA-compliant. The fax provider must also be able to show that it is not storing personal health information.

These online fax services will sign a Business Associate Agreement:

These services offer HIPAA compliant technology, but will NOT sign a Business Associate Agreement:

Featured Product

A COMPLETE PHONE AND FAX SERVICE

Interested in a solution that manages your phone and fax needs? Simplify your communications with RingCentral Office. RingCentral Office offers a feature rich, business class VoIP phone system for far less than the cost of a traditional phone system.