ActiveXCHANGEHealthcare securityHealthcare statisticsHIPAA ComplianceInteroperabilitypatient privacyPatient safety

Secure Healthcare Faxing and Information Exchange: Is Your Fax Machine Sabotaging Your HIPAA Compliance?

By December 27, 2017 No Comments

HealthWare Systems Blog

Secure Healthcare Faxing and Information Exchange

Is Your Fax Machine Sabotaging Your HIPAA Compliance?

Posted on Wednesday, December 27, 2017

Providers strive to protect patient privacy with secure healthcare faxing and information exchange. Unfortunately, the tool often used for the job is the outdated and unreliable fax machine. According to a national survey of physicians, 63% say they use fax machines as their primary way to communicate with other physicians.

While many would like this technology retired for good, for now it seems the fax machine may continue to be a necessary evil in the industry; therefore, it’s important for healthcare facilities to consider its effect on patient privacy and HIPAA compliance, as well as solutions for ensuring secure healthcare faxing and information exchange.

Security & HIPAA Compliance Issues


Here are just a few ways your fax machines may be putting your facility’s security at risk:

A person presses a button on a fax machine and part of the blog title appears – Secure Healthcare Faxing and Information Exchange: Is Your Fax Machine Sabotaging Your HIPAA Compliance?

Do you have tools in place that enable secure healthcare faxing and information exchange?

Wrong numbers – Fax machines are not immune to human error. All it takes is for an employee to press one incorrect button, and a patient’s identity and private health information are exposed to a random recipient whose trustworthiness is unknown.  Even if you provide a cover sheet that explains the fax is classified and for a specific recipient, you have no control over the actions of the person on the other end.

Lost or incomplete documents – With numerous, multi-page documents coming in at the same time, pages can get mixed up and sorted into the wrong pile.  Someone without the proper authorization can unintentionally gain access to confidential material, jeopardizing patient privacy.

Physical location – Where do you keep your fax machines?  Have you placed them in busy areas where everyone can easily access them, like many organizations have?  While this may be convenient, anyone could walk by and read, or even steal, sensitive documents.  A fax can also be received outside of regular office hours, when there are even fewer workers around to notice potential theft. 

Physical disposal – Are you certain your staff members dispose of every single sensitive paper document in the proper shred box, and that they are never placed in a regular garbage can? (And how much money are you spending on a HIPAA-compliant document shredding company?)  Additionally, thermal fax machines contain a carbon copy of every fax they’ve ever sent or received.  If this type of machine is not properly discarded, it can end up unsecured in a landfill or sold to anyone who could effortlessly retrieve all the information that ever passed through the device.

Inadequate audit trails – Fax machines can confirm that a document was received by another fax machine, but cannot guarantee that the intended person at that organization picked up the document or that no one else read it. They also don’t keep track of which individual sent each fax.

The Solution for Secure Healthcare Faxing and Information Exchange


Fortunately, it is possible to utilize fax communication while also protecting patient privacy and avoiding a HIPAA violation that must be reported, requires you to implement a costly corrective action plan, and could lead to being placed on the CMS compliance watchlist.  Here is how an electronic document management solution can save your facility from the concerns listed above when it comes to secure healthcare faxing and information exchange:

Restricted transmission – Correspondence is limited to only those recipients on your pre-programmed, approved list of destinations; wrong number entries simply don’t happen.

Electronic access – There is no need to worry about physical paperwork disappearing; physician orders and other forms are electronically routed to appropriate departments using paperless workflow for all data. Different authorized departments or users can access the same documents simultaneously, so printing hardcopies is unnecessary.

Encrypted storage – Documents can be indexed for permanent, encrypted storage and future retrieval using the search function; lost orders are eliminated.

Audit trails – HIPAA-compliant audit trails are assigned to each document.

IT systems integration – An electronic document management solution like ActiveXCHANGE can be seamlessly integrated with most existing hospital information systems and technologies, including RightFax.


HIPAA compliance requires healthcare facilities to apply “reasonable safeguards” when communicating about patients’ medical information, which is a bit of a subjective phrase.

Why not eliminate the ambiguity surrounding HIPAA compliance with an electronic document management solution that protects your facility from the above risks and ensures secure healthcare faxing and information exchange?


By Stephanie Salmich

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.