Can you fax medical information?

Am I allowed to fax sensitive medical information? And if so, is there a protocol?

That depends on who you are and whether or not the medical information has been released. I’ve talked a lot about HIPAA regulations before, but this subject bears being laid out all at once. You can send personal health information (PHI) on a number of conditions:

1) You are the patient in question or a medical practitioner to whom the patient has released the records.
2) You are faxing the information to a covered entity. A covered entity is someone to whom the patient has released their PHI. This could be a medical practitioner, employer, family member, guardian, or friend.

If those two conditions are both met, there are several steps you will have to go through to ensure security. First, when it comes to medical information, you need to follow the “minimum necessary” standard. This rule requires that you limit the amount of PHI that you reveal over fax to what is absolutely necessary. (This doesn’t apply if you’re transferring a patient’s records to a new physician, as they will need all the information.)

Once you’ve created a fax with the relevant information, you will need a fax cover sheet. The free fax cover sheets at have several designs made specifically for complying with HIPAA requirements. Make sure that the cover sheet does not share confidential information of any kind.

When the packet is put together, call ahead to your intended recipient and make sure that you have the correct fax number and that the recipient will be the only person at the fax machine. Have them send a confirmation fax once the information is received and removed from the fax machine.

That should about do it! Always make sure that sensitive information is protected to the best of your abilities.

Do you have a question about faxing? Send me your fax question.