Secure, compliant and reliable.

iFax leads the industry in HIPAA-compliant, secure document cloud faxing across various sectors. Our solution is trusted for its robust security features, including multi-level encryption, and is backed by unparalleled support.

how to send hipaa fax

Serving Fortune 100 companies, leading healthcare entities,
and thousands of global organizations since 2008

Security Compliance
Security Compliance
Security Compliance

UNPARALLELED RELIABILITY

Redundant Infrastructure

sending hipaa compliant faxes

Secure Data Centers

The iFax technology utilizes secure servers located in multiple data centers, ensuring N+1 redundancy for unparalleled reliability.

High Availability

We offer a 99.98% availability rate, minimizing downtime and ensuring consistent service delivery.

Tier-1 Carrier Network

Our network of premium Tier-1 carriers across North America ensures robust and reliable fax transmission.

Controlled Access

Secure Access Methods

Hosted faxes can be accessed manually or via API, and access to them is safeguarded by stringent security credentials and two-factor authentication (2FA).

Advanced Fax Delivery Technology

secure online faxing with ifax

Smart Routing and Error Correction

Our Smart Route™ technology includes failure correction and Error Correction Mode (ECM), optimizing delivery and ensuring the reliability of fax transmissions.

Optimized Routing

We have multiple fax protocols that automatically choose the most efficient and reliable routing, ensuring your information reaches its intended destination.

Dedicated Fax Lines

Fax-only lines are used to optimize both delivery and security, ensuring 100% dedication to fax services.

Transparency and Support

Audit Trails

We provide an exportable audit trail of faxes for transparency and accountability.

24/7 Support

Expert support is available 24/7/365 via email and live chat, for prompt assistance and customer satisfaction.

Commitment to Excellence

We are committed to maintaining our record of industry-leading reliability and support.

secure online faxing with ifax

DATA PROTECTION AND SECURITY

Encryption and Secure Communication

sending hipaa compliant faxes

End-to-End Encryption

Faxes and data transmissions are protected with 256-bit AES and TLS encryption, ensuring data security both at rest and during transit.

Secure Interfaces

Our web interface and API are accessible only through secure HTTPS connections.

Secure Infrastructure

Tier III Secure Servers

Our servers provide 24/7/365 protection, ensuring data security and integrity.

AWS Cloud Security

We employ comprehensive AWS Cloud Security measures across all data operations, including processing, storage, and access, backed by stringent identity and access authentication protocols.

Stringent Authentication and Access Controls

secure online faxing with ifax

Zero-Trust Framework

We implement aZero Trust’ framework, requiring authentication and validation for every individual API request, eliminating unchecked access.

Identity & Access Management

We integrated advanced strategies, including Single Sign-On (SSO) and Multi-Factor Authentication (MFA), to ensure secure access.

Comprehensive Network and Application Protection

DDoS Protection

Our service includes robust defenses against DDoS attacks.

Web Application Firewall

A sophisticated firewall protects our web platforms and APIs from common exploits and bot-based attacks.

secure online faxing with ifax

Robust Security Policies and Training

secure online faxing with ifax

Security and Privacy Policies

We maintain comprehensive security and privacy policies, with regular enforcement to ensure compliance.

Cybersecurity Awareness

Our workflow includes ongoing education and training to foster a culture of cybersecurity awareness and responsibility among our personnel.

Regulatory Compliance

Compliant Data Handling

All fax data is not stored or cached beyond what is necessary for transmission. Temporary data storage is cleared once transmission is complete, ensuring compliance with regulations such as HIPAA, SOX, and GDPR.

sending hipaa compliant faxes

Business Continuity and Disaster Recovery

sending hipaa compliant faxes

BCP/DR Strategies

We have established robust Business Continuity Planning and Disaster Recovery strategies in partnership with AWS Cloud Services, ensuring operational resilience and swift recovery in the event of disruptions.

We excel in securely managing Protected Health Information (PHI), adhering to the highest standards of data protection and compliance.

HIPAA Requires iFax Complies
Signed Business Associate Agreements (BAAs)
Signed BAAs are provided at no additional cost
Faxes must include a confidentiality notice
Embedded by default into every fax. Fully customizable.
Audit Trials
All fax transmissions, activity and associated IP addresses are recorded
in real-time to downloadable Audit Trails.
External audit and certification
Powered by the Compliancy Group™

Frequently Asked Questions

Online fax services need to process Personal Identifiable Information (PII) and Protected Health Information (PHI) as part of their fax transmission services. This information is necessary to ensure that faxes are delivered to the correct recipients.

PII, such as names and contact information, are needed to create and manage user accounts. It also helps ensure that users can send and receive faxes correctly. PHI, on the other hand, is typically part of the content of faxes, particularly for healthcare providers using the service. While the fax service must transmit this information, it does not access, use, or store this information for any purposes outside of transmitting the faxes.
Furthermore, any such processing of PII and PHI is performed under strict security protocols, including encryption and access controls, in accordance with HIPAA-compliance regulations.

Yes, our policy includes, but not limited to, website recovery services Professional indemnity, media content, cyber and privacy liability and website recovery services.

Yes, this function is carried out by a dedicated team of security professionals, responsible for maintaining the integrity and security of all digital data in the company.

 

This team is responsible for activities such as:

  • Regular security audits and risk assessments to identify potential vulnerabilities.
  • Developing and updating company-wide information security policies.
  • Overseeing compliance with regulatory requirements (e.g., GDPR, HIPAA).
  • Incident management and response, including steps to mitigate the impact of any security breaches.
  • Employee training and awareness about information security.

The process includes identifying, classifying, prioritizing, remediating, and mitigating vulnerabilities. This process is often carried out on a regular basis, with more frequent scans and assessments for high-risk or high-impact systems.

The remediation of identified vulnerabilities usually depends on their severity. High-severity vulnerabilities, which pose a significant risk of data breach or system disruption, are generally addressed immediately. Lower-severity vulnerabilities may be addressed in scheduled updates or patches.

In addition, a robust vulnerability management process also includes a feedback loop to the organization’s risk management function. This helps to ensure that the broader implications of identified vulnerabilities (and their remediation) are understood and appropriately managed.

Upgrades: These are major improvements to our systems that might include adding new features, enhancing existing ones, or improving the overall system performance. Upgrades are typically planned well in advance. We aim to schedule them during periods of low system usage to minimize disruption to our services. We also provide our customers with advanced notice whenever possible.

 

Patches: These are smaller updates meant to fix specific issues like security vulnerabilities or software bugs. They’re typically rolled out more frequently than upgrades, as they are often reactive to new threats or issues discovered in our system. We conduct extensive testing before deploying patches to ensure they do not negatively impact system performance or functionality.

 

Maintenance: This is a routine procedure to keep our systems running smoothly. Maintenance tasks may include tasks like checking system health, cleaning databases, optimizing system performance, or validating security protocols. These tasks are also usually performed during off-peak hours to minimize potential disruptions.

iFax is built on Amazon Web Services (AWS) and has it’s primary data center in Oregon. Other facilities are spun up across other domestic and international regions upon demand. We ensure that data generated by customers in the United States is exclusively stored and processed within the US jurisdiction, aligning with local regulatory and compliance mandates.

In the event of loss or theft of a device that could potentially access customer data, we follow strict protocols to mitigate any risks:

Incident Reporting: All employees are required to immediately report the loss or theft of any device

Remote Wipe: Upon notification of a device loss or theft, our IT department initiates a remote wipe, if possible, to erase all information and prevent unauthorized access to any sensitive data.

Access Revocation: We also immediately revoke access permissions linked to the lost or stolen device, blocking any potential unauthorized attempts to access our systems or data.

Investigation: We conduct a thorough internal investigation to understand the circumstances of the loss and the potential data exposure.

Notification: In the unlikely event that any customer data is at risk, we follow legal and regulatory requirements to promptly notify the affected customers and guide them through any necessary steps.

Prevention Measures: Post-incident, we review and update our security policies and procedures as necessary to prevent similar occurrences in the future.

Yes, our firm performs regular penetration testing as part of our comprehensive security measures. We conduct penetration tests at least once a year and after any significant changes or upgrades to the infrastructure/application. However, please note that for security reasons and company policy, we do not disclose the exact dates or specific details of these tests to the public.

Unmatched security and full compliance, all with iFax.
Protect the privacy of your clients, eliminate costly penalties, and maintain a secure reputation with iFax.
Arrow-up