Insights & Resources5 min read

Real-Time Fax is HIPAA-Compliance Ready

Faxes sent over T.38 SIP trunks can have encrypted signaling and media, with no data stored on either end.

Odhran Reidy
HIPAA Compliance banner
The fax machine remains the dominant method of communication in healthcare. Despite faxing being viewed as outdated in other settings, it remains a relied-on and reliable way of sharing sensitive information between providers.
According to a Vox investigation from 2018, fax accounts for about 75% of all medical communication. Large competing health platforms with proprietary data formats have made it difficult for providers to share information without a standardized go-between, so fax remains a crucial intermediary in this process.

Fax is still evolving:

As communications become more internet-centric, healthcare organizations are looking for modern solutions that meet applicable regulations (as discussed below) and user needs. The shift away from the traditional public switched telephone network, coupled with advancements in fax technology, has helped force this issue.

How HIPAA Regulates Faxing:

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule (the “Privacy Rule”) is the national standard for protecting a patient’s medical records - including when transmitted via fax.
As a quick background, the Privacy Rule permits certain uses and disclosures of protected health information but only so long as the disclosing party has (1) applied reasonable safeguards and (2) implemented the minimum necessary standard, where applicable.
  1. A covered entity must have in place appropriate administrative, technical, and physical safeguards that protect against uses and disclosures not permitted by the Privacy Rule, as well as that limit incidental uses or disclosures. Reasonable safeguards will vary from covered entity to covered entity depending on factors, such as the size of the covered entity and the nature of its business.
  2. Covered entities also must implement reasonable minimum necessary policies and procedures that limit how much protected health information is used, disclosed, and requested for certain purposes. These minimum necessary policies and procedures also reasonably must limit who within the entity has access to protected health information, and under what conditions, based on job responsibilities and the nature of the business.
Due to the fact that faxing is still the primary vehicle for transferring protected health information between providers, it is imperative that providers follow HIPAA regulations and implement reasonable safeguards.

How Real-Time Faxing Achieves HIPAA-Compliance:

There are two competing offerings in modern Fax-over-IP (FoIP): (1) “real-time” or (2) “store-and-forward.” The difference between the two is that “real-time” does not temporarily save the transmitted information at any point.
T.38 FoIP is a form of “real-time” FoIP suitable for providers. It is a fax service that can employ encryption for secure, real-time transmissions with confirmation of error-free transmission.
As discussed above, healthcare fax solutions must maintain reasonable safeguards in order to ensure that providers remain HIPAA-compliant when sending medical information via fax, including:
  • Using only secure, real-time transmissions;
  • Automatically encrypting faxes sent over the internet; and
  • Delivering confirmation of error-free transmission.
Because “real-time” faxing using T.38 Fax-over-IP does not require the storage of protected patient data prior to transmission, there are fewer opportunities when using “real-time” fax for data to be accessed or used in contravention of privacy laws.
Faxes sent over T.38 SIP trunks can have encrypted signaling and media, with no data stored on either end. This eliminates the possibility of a hacker altering or compromising the privacy of the content.
Additionally, to ensure the accurate transmission of all pages, leading fax providers leverage T.38 error correction. This guarantees the overall success rate in the delivery of information without retransmitting multiple pages.
Finally, real-time FoIP can provide confirmation of error-free transmission, so both parties have evidence that no information was lost during transit.

Real-time fax using T.38 Fax-over-IP is the modern gold standard of HIPAA-compliant faxing. By design, it provides greater security around patient data in contrast to email and other online transactions. Using a fax provider with T.38 error correction can also solve other healthcare communications issues, as happened when University Gastroenterology switched to Telnyx.
Learn more about Telnyx for Fax, or talk to our fax experts today.
Share on Social

Get Started for Free!

Create a free account to set up voice, messaging, IoT, video & more.