The Health Insurance Portability and Accountability Act (HIPAA) establishes regulations for the use and disclosure of an individual’s Protected Health Information (PHI) held by covered entities, including healthcare providers and integrated delivery networks, health insurance plans, and medical service providers. Covered entities can confidently fax ePHI through Biscom’s fax servers or pure SaaS cloud fax, as well as business associates as defined in the HITECH Act.

HIPAA and Faxing

HIPAA has specific requirements for faxing PHI, designed to ensure security at point of dispatch, during transit, and at delivery, including:


  • Placing fax machines in a secure and inaccessible area.
  • Ensuring only authorized personnel have access to the fax machines.
  • Verifying destination fax numbers before transmission.
  • Notifying recipients of received faxes.
  • Including a cover page clearly stating the fax: contains confidential health information; is being sent with the patient’s authorization; should not be forwarded to other parties without express consent, and should be destroyed if not received by the intended recipient.
  • Including patient data in fax body, not in any data fields.
  • Storing of received faxes in a secure location.
  • Maintaining transmission log summaries.

Biscom Helps Meet HIPAA for Faxing

Biscom’s server and cloud-based fax solutions are superior to fax machines:

  • Incoming faxes don’t sit on public fax machines – they are automatically routed to the recipient’s fax client or email. 
  • Microsoft Active Directory supports role-based permissions and user authentication for accessing faxes. 
  • Users can be notified of received faxes through email, or receive the fax directly to their inbox.
  • Archiving of faxes to a secure location is configurable and controlled by the fax administrator. 
  • Cover pages can be customized and controlled by the fax administrator. 
  • Transaction logs maintain a complete audit trail of faxing for compliance requirements. 
  • Enterprise management tools provide real-time status of the entire fax environment, and supports alerts that can prevent issues becoming real problems.

Information Security for Faxes

Biscom fax solutions were designed to help organizations meet their HIPAA compliance requirements through:

  • Encryption of faxes and data at rest and in transit
  • Multiple roles that support access and administration of the fax platform
  • Enterprise tools for managing users, fax queues, and fax jobs
  • Biscom’s Cloud Fax platform runs in Tier 4 data centers with 24/7 monitoring, running in a fault-tolerant mode for maximum uptime

Looking for more information?

Email us today to speak with one of our specialists.