HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.
Covered entities (CEs) and their business associates (BAs) must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).
We know the HIPAA industry is vast and that sending important documents securely to other providers or patients is fundamental to solid patient care.
This is especially true with the recent digital transformation in healthcare and the current need to function more remotely.
RELATED: Historic Expansions of Telehealth to Combat COVID-19
Today, we will determine if FaxBetter is HIPAA compliant or not.
Founded in 2006, FaxBetter is one of several online fax service providers that offer fax numbers for sending and receiving faxes through a web portal, by email, and/or via mobile apps. FaxBetter clients use the company’s web interface or a personal email account to send faxes.
The company offers users two options: Free or Premium. Both come with a toll-free fax number.
FaxBetter and the business associate agreement
A BA is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI on behalf of a CE.
In this instance, FaxBetter is a BA for a healthcare organization if it transmits or stores PHI for a CE.
RELATED: Is a Name PHI?
Generally, the HIPAA Privacy Rule allows CEs to disclose PHI to a BA if they receive assurance that the information is protected through a signed business associate agreement (BAA).
According to FaxBetter, the company will sign a BAA as long as a CE has a Premium account and follows several steps to access, send, and receive the BAA.
FaxBetter and security
Unfortunately, FaxBetter may be lax about security. For one thing, the company routinely reuses fax numbers abandoned by others and does not allow customers to bring their own.
Furthermore, password security is not strong.
RELATED: Increase Online Security With a Robust Password Policy
Passwords are not case sensitive and multifactor authentication is not enabled.
And finally, FaxBetter Support emphasizes that secure faxing is only available to Premium users, and it is not automatic (i.e., the client must enable it). Email faxing is incompatible with FaxBetter’s secure sending and receiving function.
FaxBetter does address HIPAA compliance but focuses more on the problems with physical fax machines versus electronic faxing, or efaxing.
Is FaxBetter HIPAA compliant?
The BAA is a key component of HIPAA compliance and FaxBetter does offer a BAA. Unfortunately, strong security is critical when sending or receiving a patient’s PHI. Without it, a breach or HIPAA violation could still occur.
While the CE might not be liable, the true cost may be damaging.
FaxBetter is HIPAA compliant but difficulties with security make its use problematic.
HIPAA compliant email—a better alternative to fax
Rather than waste time and energy with physical and electronic faxing, stick to sending and receiving important documents through HIPAA compliant email.
RELATED: Fax Machines Are Terrible for Healthcare – Here’s Why
Paubox will not only sign a BAA but will also work tirelessly to keep you safe without any added steps for the sender or recipient. With Paubox Email Suite, outbound emails are encrypted by default, and you send from your existing email platform (such as Microsoft 365 and Google Workspace). File attachments are also encrypted. Emails are delivered directly to your patients’ inboxes—no passwords or portals required.
When you need to send documents that contain PHI, HIPAA compliant email is the best secure method available.