Is it legal for patient medical information to be transmitted by Fax machine?
by Charles Gaines
I am starting a home medical billing business and I plan to have my providers transmit patient information by Fax machine. Is this legal under HIPAA?
To my knowledge faxing patient information is not specifically prohibited by HIPAA. Many health care providers and billing services have to routinely receive and send patient information by fax. Of course patient PHI (Protected Health Information) is protected under the HIPAA privacy rule. It’s important to do everything possible to prevent the patient information from going to the wrong fax.
The fax machine should be located in a secure location. The information should be filed or dealt with promptly and not left in an area accessible by those who aren't authorized or have a "need to know".
Most fax machines have the ability to program regularly used numbers. I would set this up and verify it. That would help prevent mis-dialed numbers.
Also its good practice to include a cover-sheet that identifies the fax as containing confidential health information.
When faxing out its also a good idea to make sure the receiving fax is in a secure location and that the people the fax is intended for receives it.
Some organizations develop a faxing policy for their business. Here’s a good example of a fax policy for patient health information from UCLA Healthcare
Here’s another good discussion of faxing health information and HIPAA
by GFI who sells network fax server software.