The HIPAA Privacy Rule allows healthcare providers to share patient information via fax. Here are guidelines to ensure your faxing practices protect protected health information (PHI):

  1. When sending a fax, use a cover sheet with the date and time sent, recipient’s name and fax number, and sender’s name, organization, and phone number. Never include a patient’s name or any other PHI on the cover sheet.
  1. Include a privacy statement on the cover sheet indicating the confidentiality of the information, its intended recipient, and instructions to notify the sender and destroy the fax if received in error.
  1. Position fax machines in areas inaccessible to patients and visitors.
  1. Avoid leaving documents containing PHI unattended on the fax machine.
  1. Regularly check the fax machine for outgoing faxes and incoming faxes.
  1. If your fax machine can store incoming faxes, disable auto-print and assign staff to regularly check and deliver them.
  1. Power off fax machines overnight to prevent unauthorized access during off-hours.
  1. Designate a staff member to monitor manufacturer updates and patches for fax machine security vulnerabilities.
  1. Always verify the recipient’s fax number before sending PHI, and request confirmation if the fax isn’t received within a specified time.
  1. Print and maintain fax logs regularly to document all sent and received faxes for record-keeping and audit purposes.

Faxes are an efficient method for sharing patient information with consultants. Educate staff on faxing safety and enforce policies to prevent HIPAA violations due to faxing errors.