Faxing and HIPAA Privacy Laws
I need to inform physicians of certain tests that may be available to their patient. My cover fax sheet has a confidentiality notice on the front. I have been putting the patient’s name on the cover sheet and their diagnosis, which the doctor already has, at times. These are sent directly to the physician. Is this allowable? Should I have a cover sheet and then a second sheet with the information on it? Are there privacy laws regarding this or is it just understood? It is crucial that medical officers comply with HIPAA privacy laws, and there are even special HIPAA-compliant medical fax cover sheets at sites such as FaxCoverSheets.org for this purpose. However, the law does not address specific means of security so much as it expects reasonable precautions in making sure private information is not spread inappropriately. The Health Insurance Portability and Accountability Act of 1996 covers various things including patient privacy and security of medical records. But HIPAA also acknowledges that information much be shared among medical service providers, including via modern means such as fax and email. Since faxes, unlike email, can’t be encrypted, the main issues are usually securing the fax machine (making sure it’s not in a public area) and including language in the transmission alerting the recipient to its confidentiality. There is nothing in HIPAA that says the confidential information has to be on a separate page from the cover sheet. Perhaps this was an oversight, or perhaps someone involved in making the law recognized that requiring two sheets would be redundant and waste paper. Some HIPAA fax cover sheets, like this free one at FreeFaxCoverSheets.net, even has fields in which to write or type in the information released. As long as you also take simple measures such as making sure the recipient’s fax number is correct (program common numbers into your machine, and/or call to confirm a fax was received) and keeping an eye on the fax machine, just using one sheet should be fine. Here is some typical language found on HIPAA-compliant fax cover sheets: Do you have a question about faxing? Send me your fax question.
IF YOU RECEIVE THIS FAX IN ERROR, PLEASE CONTACT THE SENDER IMMEDIATELY AND THEN DESTROY THE FAXED MATERIALS.
CONFIDENTIALITY NOTICE:
The information contained in this facsimile message is privileged and confidential information intended for the use of the individual or entity named above. Health Care Information is personal and sensitive and should only be read by authorized individuals. Failure to maintain confidentiality is subject to penalties under state and federal law.
With all that being said, I’m not a lawyer, just a fax guy, so you might want to also check with your local physicians’ association or the medical board of your state.