HIPAA Compliant Secure Faxing from Sfax

How concerned should you be about fax compliance?

Healthcare today is so dependent upon the accurate and confidential transmission of data that the slightest misstep can trigger regulatory penalties that devastate your business. So, yes, you should be very concerned about regulatory compliance.

But determining whether your fax solutions meet all necessary guidelines and legal requirements can be overwhelming, particularly as it concerns the treatment of Protected Health Information (PHI) by a covered entity (CE) or business associate (BA).

The Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA) establishes regulations for the use and disclosure of an individual’s PHI held by a CE, which can include clearing houses, employer-sponsored health plans, health insurers, and medical service providers.

A BA is held to the same high standard for the protection of patient privacy, and is defined as a person or organization (such as j2 Cloud Services) that performs certain services for a CE involving the use and/or disclosure of PHI. When PHI, or its electronic equivalent, ePHI, is transferred from one computer to another, HIPAA security measures need to be implemented by both the CE and the BA.

According to the Administrative Safeguards of the HIPAA Security Final Rule, a CE may permit a BA to create, receive, maintain, or transmit ePHI on the CE’s behalf only if the CE obtains satisfactory assurances, in accordance with 45 CFR §164.308(b), that the BA will appropriately safeguard the information.

Help Ensure HIPAA Compliance with Sfax

Sfax takes the complexity out of HIPAA compliance. We untangle the jargon and deliver all the necessary assurances to covered entities that keep your business on the right side of regulators and let you securely send, receive, annotate, digitally sign and manage faxes beautifully from the cloud.By using our range of physical, organizational, technical, and administrative safeguards, including the latest encryption and security technology, you protect the confidentiality and integrity of all the healthcare data processed, digitized, and stored by your business.


4 Questions to Ask any Fax Vendor

Do you have a secure cloud fax solution? Does it meet HIPAA fax standards? Below are the top four questions any fax vendor seeking your business must answer affirmatively:

  1. Are the solutions you offer specifically designed to be HIPAA compliant?
  2. Do you have an on-staff compliance team certified as HIPAA faxing experts?
  3. Do major healthcare organizations use your HIPAA fax solution? If so, for how long?
  4. Will you sign a Business Associate Agreement (BAA) as our HIPAA fax provider?

Sfax Helps You Meet Compliancy Standards

Our secure fax service stores your faxes digitally on our secure cloud using sophisticated 256-bit AES encryption and advanced security measures at our telco-grade colocations. Outsourcing your fax process to us lets your team eliminate the fax machines, fax servers, fax lines, and paper-based faxes that can leave your organization vulnerable to noncompliance with HIPAA.


  • HIPAA-compliant fax solution.
  • We will sign a BAA as your HIPAA fax partner.
  • Strongest Transport Layer Security (TLS) encryption available to protect your faxes in transit.
  • Strongest encryption available to protect your faxes at rest (AES 256-bit).
  • Eliminate your in-house fax hardware and software by outsourcing to a proven HIPAA fax partner.

HIPAA Requires

Sfax Delivers

Access Control: Requires covered entities to “Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in 164.308(a)(4) [Information Access Management].”

The Sfax cloud fax solution includes unique user identification, administrator privileges to grant and remove access, next generation (256-bit AES) encryption and other protocols to limit access to your organization’s authorized personnel only. Inbound documents may be sent to only the intended recipient’s email, limiting exposure and disclosure risks associated with faxing to a physical fax machine.

Transmission Security: The Transmission Security Standard, 45 CFR 164.312(e)(1) requires that a covered entity “Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.”

Sfax implements the highly secure Transport Security Layer (TLS) protocol approved and recommended by the National Institute for Standards and Technology (NIST) for document transmissions to ensure that your ePHI (and other business faxes) are never vulnerable at any point in transmission.

Data Encryption: Where implementation is a reasonable and appropriate safeguard for the covered entity, the covered entity must: “Implement a mechanism to encrypt and decrypt electronic protected health information.” 45 CFR § 164.312(a)(2)(iv).

Sfax keeps your faxes encrypted at all times — both in transit and at rest. Storage of documents uses the NIST-recommended AES 256-bit encryption and robust in-transit TLS encryption. All data is secured and stored at our geographically redundant, Tier III and Tier IV colocations, which themselves are protected by multiple security layers 24/7/365.

Audit Control: “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.” 45 CFR § 164.312(b).

Sfax employs multiple levels of audit control — from secure and automatic archiving of all faxes sent or received through Sfax for the life of your organization’s account, to transmission tracking with unique patient identifiers.