HIPAA Compliant Fax Solutions
FAXAGE Internet Fax is designed with the necessary administrative, technical and physical safeguards in mind to allow our clients to comply with the HIPAA Security Rule when using our service.
In general, it is our responsibility to put required mechanisms in place which allow you to comply with HIPAA through using our online fax services appropriately. It is your responsibility to utilize the mechanisms that we provide in order to maintain your compliance. It is especially critical that you visit 'Admin' -> 'Secure Email' after logging on to your account to set up one of the security options for incoming faxes.
Our standard Business Associate Agreement (BAA) is available upon request via email to firstname.lastname@example.org. You will most likely need to obtain an executed copy of our BAA and keep it for your records.
HIPAA Compliant Faxing Overview
Expand All | Collapse All
Click any topic below to expand
- Security Management Process. FAXAGE has identified and analyzed potential risks to information and has implemented security measures to reduce risks and vulnerabilities. We continue to analyze new threats and take appropriate measures over time.
- Security Personnel. FAXAGE has designated a security official responsible for developing and implementing its security policies and procedures.
- Information Access Management. Access to any information on the FAXAGE system requires privileges which are maintained appropriate to our personnel's roles.
- Workforce Training and Management. Our staff consists of dedicated on-site personnel who are appropriately trained and managed. We do not use any outsourcing, which is often a source of risk or loss of management oversight in organizations.
- Evaluation. We perform quarterly network security scans and annual assessments of our policies and procedures.
- Access Controls. Technical policies and procedures are in place to ensure that only authorized personnel have access to systems where electronic Protected Health Information (ePHI) may be stored or accessed.
- Audit Controls. Dedicated hardware and software components are in place to ensure that system activities are monitored and to ensure the integrity of logs.
- Integrity Controls. FAXAGE ensures that ePHI (and any faxes on the system) are not improperly altered or destroyed.
- Transmission Security. FAXAGE supplies multiple mechanisms to ensure that transmissions of faxes are appropriately secured via various encryption schemes. See our Secure Internet Fax page for more information regarding the available options.
- Facility Access and Control. All of FAXAGE's services are provided on dedicated equipment owned and operated by FAXAGE. Facilities are separately caged and 24x7 video monitoring is in place.
An overview of the requirements related to the HIPAA Security Rule is available from the U.S. Department of Health and Human Services here: Summary of the HIPAA Security Rule