go to University of Miami home page
go to site home pagego to reports pagego to laws and regulations pagego to glossary indexgo to FAQ indexgo to training matls indexgo to web links pagego to bibliography pagego to contact directory page

Home > Glossary Index >



facsimile (fax) devices

Facsimile (fax) use is not considered an "electronic transmission" under HIPAA, and so is not addressed by the its security regulations.

(Telephone voice response or "faxback" systems -- a request for information made via voice/keystroke input using a fax machine, with requested information returned via that same machine as a fax -- are also excluded from the definition of electronic transmission.)

Nonetheless, faxing practices for protected health information (PHI) must be compatible with the HIPAA privacy regulations.

Those privacy regulations do not address facsimile transmission directly. But common sense interpretation dictates many of the components of any "faxing policy" under HIPAA. Faxes of PHI should:

  • be sent only to known locations, where the physical security and monitoring practices of the receiving fax machine are known;
  • rely on preprogrammed (and tested) fax numbers set on the sending machine, to reduce dialing errors;
  • not be sent to unattended fax machines, or where the physical security of the receiving system is unknown;
  • include a "confidentiality request" that information sent to an incorrect destination be destroyed, and requesting notification to the sender of such errors;
  • come from a sending fax machine that is itself physically secure and appropriately monitored.

Though commonly denigrated as a "transitional" technology (that is, soon to be replaced), fax transmission is likely to remain an important communications mechanism for some time. Attention to fax security thus remains very important.

see also:

last modified: 20-Jul-2002 [RC]


<< Back | P/DP Home | Glossary Index | Site Help | Search
  Privacy Policy Copyright Disclaimer Contact Info