HIPAA Fax Cover Sheet

What is a HIPAA fax cover sheet? Does my medical office really need a special fax cover sheet to be HIPAA compliant?



The Health Insurance Portability and Accountability Act of 1996, commonly known as “HIPAA” (Public Law 104-191), governs several areas of the provision of medical services in the USA. In addition to safeguards regarding health insurance coverage for workers who change jobs, it also dictates behavior regarding medical information and records as they pertain to individual patients or clients of health-related entities.

Maintaining privacy and security of medical records is of great concern to individuals, and HIPAA and its implementing regulations make it incumbent upon those who maintain that information to keep it confidential and secure. While it recognizes that it is vital to be able to share that information among health practitioners, medical providers, and other related entities, it requires that steps be taken to assure that only those who have a real need for individual information have access to it.

Recognizing that we live in an electronic age, it is reasonably expected that health care providers may well use electronic means to transmit vital medical records and information to other practitioners, hospitals, pharmacies, and other providers. The expectation is also there that due diligence will be exercised in securing that information during transmission, and that reasonable precautions will be taken to prevent this type of information from being more widely disseminated.

To that end, there are a number of prudent precautions that should be taken in securing medical records and information. While information can be encrypted for security during its transmission via electronic mail, for example, there are no such provisions possible for use while transmitting via fax. Security and confidentiality of facsimile transmissions generally focus on the security of the fax machines that are involved in a given transmission, as well as including appropriate language in the transmissions themselves, adequately identifying them as confidential information. Among the safeguards that are generally recommended by experts in this area are the following:

  • Fax machines used for transmitting and receiving confidential patient information should be located in areas not accessible to the general public.
  • Verify the fax number to which patient information is being sent. When using fax machines with an autodial facility, it is important to verify the recipient’s fax number from time-to-time, to make sure that it is still the correct number.
  • Notify the recipient that you are about to send a fax transmission that contains confidential information, so that they will know to check the output of their fax machine.
  • All fax transmissions of confidential information should include a fax cover sheet. There is no “official” version of what a HIPAA fax cover sheet should contain, but there is a consensus that it should at least identify the information contained in the transmission as being confidential, as well as reminding the recipient that there may be serious legal consequences to the mishandling of this information.

Two examples may be illustrative of the appropriate verbiage to use.

The Illinois Department of Human Services, in an insurance form, uses this:

IMPORTANT: This facsimile transmission contains confidential information, some or all of which may be protected health information as defined by the federal Health Insurance Portability & Accountability Act (HIPAA) Privacy Rule. This transmission is intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient (or an employee or agent responsible for delivering this facsimile transmission to the intended recipient), you are hereby notified that any disclosure, dissemination, distribution or copying of this information is strictly prohibited and may be subject to legal restriction or sanction. Please notify the sender by telephone (number listed above) to arrange the return or destruction of the information and all copies.

The Department of Public Welfare for the Commonwealth of Pennsylvania, in a HIPAA Privacy Rule Implementation memo, requires that employees use the following text on fax cover sheets when sending this type of information:

IF YOU RECEIVE THIS FAX IN ERROR, PLEASE CONTACT THE SENDER IMMEDIATELY AND THEN DESTROY THE FAXED MATERIALS.

CONFIDENTIALITY NOTICE:
The information contained in this facsimile message is privileged and confidential information intended for the use of the individual or entity named above. Health Care Information is personal and sensitive and should only be read by authorized individuals. Failure to maintain confidentiality is subject to penalties under state and federal law.

Do you have a question about faxing? Send me your fax question.