by Kapua Iao
Article filed in
Is FaxBetter HIPAA Compliant?
by Kapua Iao
HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.
We know the HIPAA industry is vast and that sending important documents securely to other providers or patients is fundamental to solid patient care.
This is especially true with the recent digital transformation in healthcare and the current need to function more remotely.
Today, we will determine if FaxBetter is HIPAA compliant or not.
Founded in 2006, FaxBetter is one of several online fax service providers that offer fax numbers for sending and receiving faxes through a web portal, by email, and/or via mobile apps. FaxBetter clients use the company’s web interface or a personal email account to send faxes.
The company offers users two options: Free or Premium. Both come with a toll-free fax number.
FaxBetter and the business associate agreement
A BA is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI on behalf of a CE.
In this instance, FaxBetter is a BA for a healthcare organization if it transmits or stores PHI for a CE.
RELATED: Is a Name PHI?
FaxBetter and security
Unfortunately, FaxBetter may be lax about security. For one thing, the company routinely reuses fax numbers abandoned by others and does not allow customers to bring their own.
Furthermore, password security is not strong.
Passwords are not case sensitive and multifactor authentication is not enabled.
And finally, FaxBetter Support emphasizes that secure faxing is only available to Premium users, and it is not automatic (i.e., the client must enable it). Email faxing is incompatible with FaxBetter’s secure sending and receiving function.
FaxBetter does address HIPAA compliance but focuses more on the problems with physical fax machines versus electronic faxing, or efaxing.
Is FaxBetter HIPAA compliant?
The BAA is a key component of HIPAA compliance and FaxBetter does offer a BAA. Unfortunately, strong security is critical when sending or receiving a patient’s PHI. Without it, a breach or HIPAA violation could still occur.
While the CE might not be liable, the true cost may be damaging.
FaxBetter is HIPAA compliant but difficulties with security make its use problematic.
HIPAA compliant email—a better alternative to fax
Rather than waste time and energy with physical and electronic faxing, stick to sending and receiving important documents through HIPAA compliant email.
Paubox will not only sign a BAA but will also work tirelessly to keep you safe without any added steps for the sender or recipient. With Paubox Email Suite, outbound emails are encrypted by default, and you send from your existing email platform (such as Microsoft 365 and Google Workspace). File attachments are also encrypted. Emails are delivered directly to your patients’ inboxes—no passwords or portals required.
When you need to send documents that contain PHI, HIPAA compliant email is the best secure method available.