HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards. Covered entities (CEs) and their business associates (BAs) must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).
We know the HIPAA industry is vast and that sending important documents securely to other providers or to patients is fundamental to patient care. This is especially true with the recent digital transformation in healthcare and the current need to function more remotely. RELATED: Historic Expansions of Telehealth to Combat COVID-19 Today, we will determine if SRFax is HIPAA compliant or not.
About SRFax
Headquartered in British Columbia, Canada, SRFax is one of several online fax service providers that offer fax numbers for sending and receiving faxes through a web portal, by email, and/or even via mobile apps. SRFax clients can use the company’s web interface or a personal email account to send faxes. Founded in 2004, there are six subscription plans that include additional fax pages, users per account, and fax numbers. SRFax also offers customizable plans for healthcare organizations to help with HIPAA compliance.
SRFax and the business associate agreement
A BA is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI on behalf of a CE. In this instance, SRFax is a BA for a healthcare organization if it transmits or stores PHI. RELATED: Is a Name PHI? Generally, the HIPAA Privacy Rule allows CEs to disclose PHI to a BA if they receive assurance that the information is protected through a signed business associate agreement (BAA). According to its Security & Privacy web pages, SRFax will sign a BAA. Moreover, SRFax is emphatic that all faxes sent and received comply with HIPAA and PHIPA (Canadian legislation, Personal Health Information Protection Act).
SRFax and security
SRFax appears committed to safeguarding sensitive information (i.e., PHI) and “provides several robust security measures to keep your account safe” such as:
- Single sign-on and two-factor authentication
- Encrypted session ID cookies
- End-to-end encryption
- Secure Sockets Layer certification
- Application security
- Physical safeguards
RELATED: Increase Online Security With a Robust Password
Policy All settings and controls depend on the client’s plan and are adjustable by the user. For example, a client can choose to delete all fax data once a call is terminated.
Free Whitepaper "Kill the Fax" Download Now
Finally, SRFax does not collect user information for marketing or third-party use.
Is SRFax HIPAA compliant?
The BAA is a key component of HIPAA compliance and SRFax offers a BAA. Without it, if a breach or HIPAA violation occurs, the CE is liable.
RELATED: Healthcare Data Breaches – A Haunting Reality Furthermore, SRFax displays its stringent cybersecurity practices on its website and seems to understand what HIPAA compliance means. Conclusion SRFax is HIPAA compliant.
HIPAA compliant email—a better alternative to fax
However, rather than waste time and energy with physical and electronic faxing, CEs should stick to sending and receiving important documents through HIPAA compliant email.
Paubox will not only sign a BAA but will also work tirelessly to keep you safe without any added steps for the sender or recipient. With Paubox Email Suite, CEs have all outbound email (and file attachments) encrypted by default; users can send messages from existing email platforms (such as Microsoft 365 and Google Workspace).
Emails are delivered directly to your recipients’ inboxes—no passwords or portals are required. When you need to send documents that contain PHI, HIPAA compliant email is the most secure method available.
Try Paubox Email Suite for FREE today.
Kapua Iao
