HIPAA Fax Cover Sheets: They’re Important for Online Fax, Too

The way that organizations within the healthcare industry transmit Protected Health Information (PHI) is changing. Today, more and more organizations are shifting away from relying on traditional fax machines and moving to cloud fax services. For those in highly regulated industries, there are some aspects of HIPAA compliance and PHI security that cloud faxing inherently addresses, like network and transmission security.

Despite the fact that there are some aspects of using an online fax solution that will simplify HIPAA compliance and security within your organization, there are still steps that members of your organization need to take to ensure that all fax transmissions adhere to HIPAA standards.

Related article: Will HIPAA Compliance Crackdowns be Tougher in 2017?

Fortunately, one of the most crucial steps for your organization to take in HIPAA compliant faxing is also the simplest: A HIPAA compliant fax cover sheet, complete with disclaimer, should be included with every sent fax. It’s a simple item, but it’s one that can be too easily forgotten, especially when sending faxes online.

What do I need to include in my HIPAA fax cover sheet?

In order to be HIPAA compliant, your fax cover sheet should include the following items:

• Date and time sent
• Name of recipient
• Recipient’s fax number
• Sender’s name and organization
• Sender’s phone number
• HIPAA fax disclaimer

Don’t have time to make your own HIPAA fax cover sheet? Download a HIPAA fax cover sheet here.

So why do I need a HIPAA compliant fax cover sheet?

Whether you’re new to the world of HIPAA fax regulations, or you’ve just never thought about this question, remembering to always include a cover sheet is easier if you’re aware of how important this step is. Simply put, there are three primary reasons why a cover sheet is important for HIPAA compliant faxing:

• Protecting the fax document from view
• Providing contact info in case of an incorrect recipient
• Displaying the HIPAA disclaimer upfront

The first of these reasons is arguably the most important: When you send a fax containing PHI to a business or individual your organization doesn’t have a close relationship with, you have no way of knowing how that document will be received or who will be receiving it. If the recipient’s documents are received by a traditional fax machine, a cover sheet keeps PHI protected from view when that fax lands in the document tray. Even if the fax recipient is utilizing a service that delivers fax via email, it’s still possible that it will land in an inbox that multiple users have access to. If the wrong user opens the fax attachment, the cover sheet will still be the first thing they see, protecting the info in the fax itself.

The second reason a cover sheet is important to HIPAA compliant faxing is that it provides contact info for the sender. If a fax is erroneously delivered to an organization it was never intended for, the cover sheet clearly displays who sent the document and how to reach them.

Finally, including the HIPAA fax disclaimer will also be important should the fax be mistakenly delivered to someone other than the intended recipient. The HIPAA fax disclaimer directly notifies the recipient that reviewing, disclosing and distributing the information in the document are prohibited. For your organization’s own liability risks, this statement should never be left off your cover sheet.

Have more compliance questions? Download the Concord Cloud Fax Guide and learn more about how Concord manages HIPAA fax compliance, from network security to cover sheets.