Compliance Notes: Is Your Fax HIPAA Secure?

Fax machines are used everywhere…and many fax transmissions contain Protected Health Information (PHI). Under the HIPAA Privacy Rule, each of us is responsible for the privacy and safety of patient information on incoming – and outgoing – fax transmissions. Here are some tips on protecting Fax PHI:

  1. Be Safe: Assume the fax includes PHI. PHI elements can include patient demographic information, names, account numbers, addresses, diagnoses, billing information, and more.
  2. Don’t leave Fax PHI unattended. If you expect a fax, don’t allow it to remain unattended on the machine or in a received fax tray any longer than absolutely necessary. If sending a fax, send it and retrieve the original immediately.
  3. Set up an Incoming Fax Tray. Protect incoming PHI by setting up a received fax tray with a lid or cover. If a fax is not immediately picked up, any staff member can place the incoming fax, face down, in the tray and cover it. The intended recipient can retrieve the fax.
  4. Respect PHI. Each of us is not to read incoming faxes or patient PHI that is not intended for your own appropriate business use.
  5. Monitor Faxed PHI. Are faxes with PHI left unattended? Identify the staff member responsible and encourage better PHI stewardship.
  6. No Unattended, Accessible Fax Machines. Conduct a HIPAA Privacy Fax Review. Fax machines should never be unattended in areas where they could be accessible to the public.

Contact the Augusta Health Compliance Office! Message Scott Jones at, call 540.245.7455, or call AH extension 7455. Our Confidential Compliance Hotline is available 24/7/365 at 855.298.5598, or visit Reports may be made anonymously!