What are HIPAA Rules for Faxing Medical Records?

Many doctors, hospitals and healthcare systems are using electronic health records (EHR) to store patient information. But unfortunately, most EHR systems are unable to talk with other competing EHR systems. That’s why medical records today are often still faxed when they need to be shared between healthcare networks.

In the healthcare industry, faxing is still the king of communication methods as interoperability between EHR systems is limited. If you are looking for advice on how to more safely fax patient medical records, you’ve come to the right place. Here’s more information and tips for when a healthcare provider wants to send a medical record by fax. 

RELATED ARTICLE: Healthcare Print Trends for 2023 

HIPAA Compliance and Faxing 

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule was created to protect patient health information (PHI), reduce healthcare fraud and increase the efficiency of the healthcare industry.

This rule was meant for physicians, insurers, healthcare clinics, hospitals and related business entities such as information technology providers, billers and other agencies – organizations who regularly handle PHI. These guidelines are in place to ensure patient privacy. If not followed, the violating organization could face a stiff financial fine.

Faxing PHI is compliant with HIPAA guidelines. However, it isn’t a very convenient communication method, and it could accidentally present opportunities for PHI theft. While HIPAA guidelines require additional safeguards to be in place when faxing PHI, specific safeguard directives are not noted. 

MANAGED PRINT CASE STUDY: UW Health 

How to More Safely Fax Medical Records 

Constructing standardized procedures for faxing medical records could increase the safety of PHI and prevent medical records from being viewed by unintentional recipients. Here are some handy tips that will increase patient data security when you need to fax medical records.

1. Double check the fax number. If a patient gives you a fax number over the phone, always write it down and read it back to them to verify. In addition, after keying the number into your fax machine, verify what you typed in as compared to the number you had written down. After this final verification, you can press the button to send your fax on its way. These verification steps may take a little extra time, but they could be the difference between getting your fax to its intended destination or being received by a misdialed number.
2. Program frequently faxed phone numbers into the speed dial feature of your machine. Are there fax numbers that your office sends medical records to, frequently? Program them into your fax machine and you’ll only need to press one button on the machine’s speed dial feature to correctly send your fax.
3. Always send faxes with a cover sheet. Have a cover sheet ready to add to the top of a document. Your fax cover sheet should include your organization’s name, your organization’s fax number, your name, the number where you are sending the fax, the name of the person intended to receive the document and a short synopsis about why you are sending the document. Including this information in the cover sheet will help to route your faxed document to the correct person, as quickly as possible.
4. Place your fax machine close to a staff member desk, but not in an area that is visible to patients/visitors. Staff proximity is key to patient data security. In addition, place the fax machine in an area that is accessible to staff tasked with collecting and distributing faxes, but secluded enough that patients or others will not be able to see the pages as they are printed and collected in the machine’s output tray.
5. Have a procedure for when faxes will be collected from your machine. The best plan is to collect and distribute faxes as soon as they are received by your fax machine. This will reduce the amount of time documents are sitting on the machine and will keep them safer from unwanted eyes.
6. If your fax machine (or multi-function printer) is connected to a network, be sure to secure your endpoints to deter hackers from entering. Networked office equipment such as fax machines, copiers and multifunction printers are common targets for hackers. Be sure to secure your equipment by using customized passwords, follow me printing, an option for electronic faxes and network firewalls. 

A Fresh Outside Perspective 

Did you know that many healthcare organizations are unsure of how many fax, printer, copier, multi-function or other business technology devices that are at their organization?

Take a look at this print audit checklist, designed to help you identify vulnerabilities in your business technology and offer some insight into opportunities for improvement. A print audit will assess the condition, settings, security, supply and repair costs of your current business technology.

Or contact the experts at Gordon Flesch Company to schedule a 30 minute needs assessment for a fresh perspective to evaluate your current business technology and your future needs. A Managed Print Services partner might just be what the doctor ordered for your organization. Click the link below to learn more about how a professional review of your business technology could help you gain an advantage over your competition, while improving workflows and efficiencies.