facsimile (fax) devices
Facsimile (fax) use is not considered an "electronic transmission" under HIPAA, and so is not addressed by the its security regulations.
(Telephone voice response or "faxback" systems -- a request for information made via voice/keystroke input using a fax machine, with requested information returned via that same machine as a fax -- are also excluded from the definition of electronic transmission.)
Nonetheless, faxing practices for protected health information (PHI) must be compatible with the HIPAA privacy regulations.
Those privacy regulations do not address facsimile transmission directly. But common sense interpretation dictates many of the components of any "faxing policy" under HIPAA. Faxes of PHI should:
Though commonly denigrated as a "transitional" technology (that is, soon to be replaced), fax transmission is likely to remain an important communications mechanism for some time. Attention to fax security thus remains very important.
last modified: 20-Jul-2002 [RC]