Enable remote workers to send and receive fax via email.   LEARN MORE

Sales: 978-367-3655
Support: 978-250-8355

Achieve HIPAA Compliance: A Checklist



The Health Insurance Portability and Accountability Act (HIPAA) establishes regulations for the use and disclosure of an individual’s Protected Health Information (PHI) held by “covered entities,” including health care providers and integrated delivery networks, health insurance plans, and medical service providers. Covered entities can confidently send/receive PHI through fax servers – whether installed at the customer site (FAXCOM servers) or accessed via the cloud  (FAXCOM Anywhere).

HIPAA and Faxing

HIPAA has specific requirements for faxing PHI, designed to ensure security at point of dispatch, during transit, and at delivery, including:


  • Placing fax machines in a secure and inaccessible area.
  • Ensuring only authorized personnel have access to the fax machines.
  • Verifying destination fax numbers before transmission.
  • Notifying recipients of received faxes.
  • Including a cover page clearly stating the fax: contains confidential health information; is being sent with the patient’s authorization; should not be forwarded to other parties without express consent, and should be destroyed if not received by the intended recipient.
  • Including patient data in fax body, not in any data fields.
  • Storing of received faxes in a secure location.
  • Maintaining transmission log summaries.

Biscom Helps Meet HIPAA for Faxing

Biscom’s computer-based fax solutions are superior to manual faxing methods:

  • Incoming faxes don’t sit on public fax machines. They are automatically routed to the recipient’s fax client or email. 
  • Fax software is integrated with Active Directory and email lists, with recipients selected from established fax lists. 
  • Notifications of received faxes can be sent to a user’s email with a link to a secure director containing the fax image. 
  • Archiving of faxes to a secure location is configurable and controlled by the fax service administrator. 
  • Cover pages are controlled by the fax service administrator. 
  • Transaction logs maintain a complete audit trail of faxing. 
  • Job Tracking module monitors all faxes through the delivery process, recording events in a searchable database. 

Information and Facilities Security 

Biscom fax solutions were designed to help achieve HIPAA  compliance. Robust safeguards are in place to secure information and facilities. Hosted cloud customers can expect: 

  • Data Encryption
  • Internal Systems Security
  • Server Management Security
  • Facilities Security 

Data Encryption

Users of Biscom’s cloud‐based hosted Enterprise edition fax service configure their FAXCOM Queue(s) to use the Secure
Socket Layer (SSL) cryptographic protocol. SSL creates a secure connection between the queue and the FAXCOM Anywhere
server data centers. Communications are point‐to‐point, unlike email, and encrypted with SSL, providing far more security
than email delivery methods using TLS. The application was also designed to prevent intermingling of faxes between different

Internal Systems Security

To prevent access from unauthorized users, the internal hosted network is behind a series of firewalls and systems. Moreover,
by running only the necessary process, closing ports, and disabling unneeded protocols, all systems are designed and deployed
to reduce potential attack surface area.

Server Management Security

Proper operation of servers, operating systems, and network components is the responsibility of a dedicated staff, and only
that staff has access to the systems. All operating systems are maintained at the vendor’s recommended security‐related
patch level. In addition, to maintain the highest level of availability, the server management security staff regularly reviews
security and application logs.

Facilities Security

To control access to Biscom’s information and assets, the company engages multiple Tier1 data centers from Verizon, AT&T,
and Level3. These telecom and IP data centers are protected by 24‐hour physical security, where proper identification for
entrance is required. Power and environmental protections at these facilities include battery backup and redundant power
feeds, generators, and cooling.

Looking for more information?

Email us today to speak with one of our specialists.

recent posts

stay up to date

Stay in the know with our latest product updates