HIPAA compliant faxes sent over T.38 SIP trunks have encrypted signaling and media, with no data stored on either end.
The fax machine remains the dominant method of communication in healthcare. Though fax is considered outdated in other settings, it remains a reliable way of sharing sensitive information between providers.
According to Bloomberg Law, 70% of healthcare organizations still use fax. Large competing health platforms with proprietary data formats have made it difficult for providers to share information without a standardized go-between, so fax remains a crucial intermediary in this process.
Related articles
As communications become more internet-centric, healthcare organizations are looking for modern solutions that meet applicable regulations (as discussed below) and user needs. The shift away from the traditional Public Switched Telephone Network (PSTN), coupled with advancements in fax technology, has helped force this issue.
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule (the “Privacy Rule”) is the national standard for protecting a patient’s medical records—including when transmitted via fax.
The Privacy Rule permits certain uses and disclosures of protected health information but only if the disclosing party has (1) applied reasonable safeguards and (2) implemented the minimum necessary standard, where applicable.
Since faxing is still the primary vehicle for transferring protected health information between providers, it is imperative that providers follow HIPAA regulations and implement reasonable safeguards.
There are two competing offerings in modern Fax-over-IP (FoIP): (1) “real-time” or (2) “store-and-forward.” The difference between the two is that real-time does not temporarily save the transmitted information at any point.
T.38 FoIP is a form of real-time FoIP suitable for providers. It is a fax service that can employ encryption for secure, real-time transmissions with confirmation of error-free transmission.
As discussed above, healthcare fax solutions must maintain reasonable safeguards in order to ensure that providers remain HIPAA-compliant when sending medical information via fax, including:
Because real-time faxing using T.38 FoIP does not require the storage of protected patient data prior to transmission, there are fewer opportunities for data to be accessed or used in contravention of privacy laws.
Faxes sent over T.38 SIP trunks can have encrypted signaling and media, with no data stored on either end. This eliminates the possibility of a hacker altering or compromising the privacy of the content.
Additionally, to ensure the accurate transmission of all pages, leading fax providers leverage T.38 error correction. This increases the overall success rate of the delivery of information without retransmitting multiple pages.
Finally, real-time FoIP can provide confirmation of error-free transmission so both parties have evidence that no information was lost during transit.
Real-time fax using T.38 FoIP is the gold standard of HIPAA-compliant faxing. By design, it provides greater security around patient data in contrast to email and other online transactions. Using a fax provider with T.38 error correction can also solve other healthcare communications issues, as theUniversity Gastroenterology saw after switching to Telnyx.
Learn more about Telnyx for Fax, or talk to our fax experts today.
Handling HIPAA fax compliance questions? Join our subreddit.
