Is GotFreeFax HIPAA compliant?

Featured image

Share this article

GotFreeFax logo

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.

Covered entities (CEs) and their business associates (BAs) must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

We know the HIPAA industry is vast and that sending important documents securely to other providers or to patients is fundamental to patient care.

This is especially true with the recent digital transformation in healthcare and the current need to function more remotely.

RELATED: Historic Expansions of Telehealth to Combat COVID-19

Today, we will determine if GotFreeFax is HIPAA compliant or not.

About GotFreeFax

Based in British Columbia, Canada, GotFreeFax is one of several online fax service providers that offer fax numbers for sending and receiving faxes through a web portal, by email, and/or even via mobile apps.

GotFreeFax only offers users the ability to send (not receive) faxes through its web interface.

Available plans are free (limited to recipients in the U.S. and Canada), premium, or business prepaid.

GotFreeFax and the business associate agreement

A BA is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI on behalf of a CE.

In this instance, GotFreeFax is a BA for a healthcare organization if it transmits or stores PHI.

RELATED: Is a Name PHI?

Generally, the HIPAA Privacy Rule allows CEs to disclose PHI to a BA if they receive assurance that the information is protected through a signed business associate agreement (BAA).

There is no mention of a BAA (or HIPAA) anywhere on GotFreeTax’s website.

GotFreeFax and security

Unfortunately, GotFreeFax does not specify its security protocols beyond gateway and database safeguards. The company affirms that it encrypts all paid faxes but not how.

Free Whitepaper “Kill the Fax”

PayPal handles all payment-related transactions, and the company does not process or access a client’s financial information. However, as we’ve stated in the past, PayPal is not HIPAA compliant.

RELATED: Guide to Online Payment Options & HIPAA Compliance

Furthermore, password security for paid business accounts is precarious; all that’s required is an account number (or email) and PIN. GotFreeFax does not ask for two-factor authentication.

Finally, its Privacy Policy states that GotFreeFax collects user information, such as name, email address, and fax information, to:

  • Personalize user experience
  • Improve its website and customer service
  • Send emails to customers
  • Administer contests, promotions, and surveys
  • Help with other site features.

Is GotFreeFax HIPAA compliant?

The BAA is a key component of HIPAA compliance and GotFreeFax does not appear to offer a BAA. If a breach or HIPAA violation occurs, the CE is liable.

RELATED: Healthcare Data Breaches – A Haunting Reality

And ultimately, hidden security policies, weak password protection, and collected user information (i.e., PHI) must be concerning.

Conclusion

GotFreeFax is not HIPAA compliant.

HIPAA compliant email—a better alternative to fax

Rather than waste time and energy with physical and electronic faxing, stick to sending and receiving important documents through HIPAA compliant email.

RELATED: Fax Machines Are Terrible for Healthcare – Here’s Why

Paubox will not only sign a BAA but will also work tirelessly to keep you safe without any added steps for the sender or recipient. With Paubox Email Suite, CEs have all outbound email (and file attachments) encrypted by default; users can send messages from existing email platforms (such as Microsoft 365 and Google Workspace). Emails are delivered directly to your recipients’ inboxes—no passwords or portals are required.

When you need to send documents that contain PHI, HIPAA compliant email is the most secure method available.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022