Medical Offices · Hospitals · Telehealth · Labs
HIPAA-Compliant Faxing
for Healthcare Providers
Transmit protected health information by fax with the safeguards HIPAA requires. Timestamped delivery receipt. Files deleted within 24 hours.
From $0.60 with credits · $1.29 pay-as-you-go · No account needed
Medical Offices · Hospitals · Telehealth · Labs
HIPAA-Compliant Faxing
for Healthcare Providers
Fax is still the standard for PHI transmission in clinical workflows — and HIPAA explicitly permits it with the right safeguards. Timestamped delivery receipts. Files deleted within 24 hours. BAA available on request.
Send a HIPAA fax now
Secure transmission · Timestamped receipt · No account required
📠 Send a HIPAA Fax →✓ No account or subscription required
✓ From $0.60/fax with credits · $1.29 pay-as-you-go
✓ Files deleted within 24 hours of transmission
✓ Timestamped delivery receipt by email
✓ SHA-256 cryptographic hash — verifiable at faxseal.com/verify
✓ Stripe-secured checkout
Faxing is HIPAA-permissible — with the right safeguards. HHS recognizes fax as an acceptable PHI transmission method under 45 CFR § 164.312. Required safeguards include recipient verification before sending, a confidentiality cover sheet, and documentation of all PHI disclosures. FaxSeal provides timestamped delivery receipts and deletes uploaded files within 24 hours of transmission. Request a BAA →
Healthcare fax use cases
Where fax remains the standard in clinical and administrative workflows
Referrals & prior authorization
Send patient referrals and insurance prior authorization requests to specialists, hospitals, and payers. Each fax generates a timestamped receipt confirming delivery.
Lab results & radiology reports
Transmit lab results and imaging reports to ordering physicians. Fax remains the standard in clinical workflows and is accepted by virtually every provider system.
Prescription transmission
Send prescriptions from provider to pharmacy, including controlled substance faxes permitted under DEA 21 CFR Part 1306. Each fax is logged with delivery time.
Hospital discharge summaries
Discharge teams fax summaries to primary care physicians, home health agencies, and SNFs to coordinate post-acute care and reduce readmissions.
Medical records requests
Patients and providers request records under HIPAA's right of access. A timestamped fax receipt documents when the covered entity received the request — starting the 30-day response clock.
Insurance & billing documents
Billing departments transmit EOBs, claim attachments, and coordination of benefits documentation to payers via fax — the format most clearinghouses still require.
Required safeguards for faxing PHI
Per HHS guidance on reasonable administrative and technical safeguards
Verify before sending
Confirm the recipient's fax number by phone or your records system before transmitting PHI. Misdirected faxes are the most common HIPAA breach involving fax.
Use a cover sheet
Include a HIPAA confidentiality cover sheet with sender/recipient details and instructions for the recipient to notify you if the fax was received in error.
Maintain transmission logs
HIPAA requires covered entities to document PHI disclosures for 6 years. A timestamped delivery receipt serves as your transmission log entry.
BAA with service providers
If a third-party fax service processes PHI on your behalf, a Business Associate Agreement (BAA) is required. Contact us to request one before sending patient data.
How it works
Prepare your document
Attach a HIPAA-compliant cover sheet identifying the sender, recipient, and a confidentiality notice. Keep PHI on separate pages from the cover sheet when possible.
Verify the recipient number
Confirm the fax number with the recipient before sending. Misdirected faxes are a leading source of HIPAA breaches — a quick call costs less than a breach notification.
Send & get your receipt
From $0.60 with credits · $1.29 pay-as-you-go. Timestamped delivery receipt emailed when confirmed received. Files deleted within 24 hours.
Retain the receipt
Store the timestamped receipt with your transmission log. HIPAA requires covered entities to retain documentation of PHI disclosures for 6 years.
Prepare your document
Attach a HIPAA-compliant cover sheet identifying the sender, recipient, and a confidentiality notice. Keep PHI on separate pages from the cover sheet when possible.
Verify the recipient number
Confirm the fax number with the recipient before sending. Misdirected faxes are a leading source of HIPAA breaches — a quick call costs less than a breach notification.
Send & get your receipt
From $0.60 with credits · $1.29 pay-as-you-go. Timestamped delivery receipt emailed when confirmed received. Files deleted within 24 hours.
Retain the receipt
Store the timestamped receipt with your transmission log. HIPAA requires covered entities to retain documentation of PHI disclosures for 6 years.
Building an EHR, telehealth platform, or health IT system?
The FaxSeal Partner API lets you send and receive HIPAA-compliant faxes programmatically — with per-fax delivery receipts, webhook callbacks, and BAA available. Integrate fax into your clinical workflows without managing a fax server.
Frequently asked questions
This page provides general information about HIPAA faxing. It is not legal advice. Consult your HIPAA privacy officer or healthcare attorney for compliance guidance specific to your organization.
Is faxing HIPAA compliant?
Yes — faxing is explicitly recognized as an acceptable method of transmitting PHI under HIPAA, provided you implement reasonable safeguards. These include verifying the recipient's fax number before sending, using a confidentiality cover sheet, and maintaining transmission logs. Unlike email, a properly sent fax has a lower risk of interception in transit.
Does HIPAA require a cover sheet for faxes?
HIPAA does not explicitly mandate a cover sheet, but the HHS Office for Civil Rights strongly recommends one as a reasonable safeguard. A cover sheet should include: sender name and organization, recipient name and fax number, a confidentiality notice instructing the recipient to notify you if the fax was misdirected, and contact information to report errors.
What counts as a HIPAA fax breach?
Sending PHI to the wrong fax number — a "misdirected fax" — is a breach under HIPAA and typically requires notification to the affected patient and, if it affects 500+ individuals, to HHS and local media. Covered entities must document the incident, assess harm, and send breach notifications within 60 days of discovery.
Do I need a Business Associate Agreement (BAA) with FaxSeal?
If you're a covered entity or business associate transmitting PHI and you use FaxSeal as part of that workflow, you should have a BAA in place. Contact [email protected] to request a Business Associate Agreement before transmitting patient information.
How long does FaxSeal retain fax documents?
Uploaded documents and transmitted fax content are deleted within 24 hours of transmission. Delivery metadata (timestamp, fax number, page count, SHA-256 hash) is retained for audit and verification purposes. This minimizes PHI exposure beyond what's needed for delivery.
Can I fax Schedule II controlled substance prescriptions?
No — DEA regulations prohibit faxing Schedule II prescriptions as the authoritative prescription (except in specific circumstances like long-term care facilities and hospice). Schedules III–V may be faxed as the original under 21 CFR § 1306.21. Always verify current DEA and state regulations before faxing controlled substance prescriptions.
Send a HIPAA-compliant fax now
Timestamped delivery receipt. Files deleted within 24 hours. BAA available. From $0.60 with credits · $1.29 pay-as-you-go.