The Trouble with Legacy Faxing

If you are still using your fax for transfer of health data, is it encrypted?  If not, you may be in jeopardy of huge fines for violating HIPAA regulations.

Because the security of healthcare data is now crucial, I am sharing with you today a guest post from eFax, written by David Hold.

Fax Reliability Is Key In Data-Driven Healthcare Industry

If the business world has changed since the advent of modern faxing, it follows that the world of healthcare has transformed completely.

Fax evolved into a universal business tool almost 40 years ago following technological advances that standardized fax protocols among nations. These advances brought newfound speed and convenience to business communications that changed the way business itself was conducted.

In the 1990s, with the advent of faster and even more convenient email communication, fax was expected to fade into quaint oblivion. But a funny thing happened on the way to extinction. Fax got stronger.

Today, at a time when communications bridge the globe in an instant, good old fax is more relevant than ever, particularly to a healthcare industry that has rediscovered a need for its inherently reliable qualities – secure data exchange foremost among them.

The Role of Data Security

Highly regulated industries such as healthcare depend for their survival on secure information exchange.

Healthcare organizations, or “covered entities,” as they’re known, exchange large volumes of sensitive data daily: Billing and medical records, prescriptions and refill requests, lab requisitions, clinical field trial results, patient clinical data, plus insurance claims, denials, appeals, and invoices.

Traditional analog fax, relic that it is, still transmits over the public telephone network, and remains difficult if not impossible to intercept. For this reason it is regarded as a more secure form of communication than email. Recent high-profile incidents of massive cyber-attacks exposing the personal details of millions of customers and patients reinforce the view that email remains a highly vulnerable means of business communication.

Fax remains viable for other reasons too. A recent IDC study noted that 25% of large businesses surveyed prefer fax over email because they believe it reduces their risk of violating data privacy regulations. An additional 28% prefer fax because it makes document tracking easier and sends alerts as to the success or failure of a transmission.

Then there’s the regulatory factor: federal regulators who enforce healthcare data-privacy rules have exempted fax (and phone calls) from certain aspects of the HIPAA Security Rules. This has led to the widespread perception that fax is more compliant than other types of electronic communication for the transmission of protected healthcare information (PHI).

So fax persists. But the world has changed, and so have old notions about fax reliability.

The Trouble With Legacy Fax

What is legacy fax? If you still use a fax machine, multifunction printer, or rely upon on-premises fax servers to transmit your faxes, then you support legacy fax.

Why is this a problem? Because legacy fax can fail in ways that threaten an organization’s data security, and if in today’s data-driven world covered entities can’t keep the PHI of patients free from unauthorized exposure, they’d better, well, cover their entities: HIPAA violations are expensive and can torpedo your reputation, even your livelihood.

Fax Reliability Is Key for the Healthcare Industry


  • If you fax PHI to an unauthorized recipient you have just committed a HIPAA Privacy Rule violation. It doesn’t matter if it was done by mistake.
  • Documents containing PHI left unattended on fax machines are vulnerable to unauthorized viewers – another HIPAA privacy violation.
  • And if you don’t have a written policy that specifies a set of procedures to secure faxed PHI at both ends, you are not in compliance. (Big violation.)

But the problems of legacy fax go beyond security and compliance failures. If a company’s fax process lacks the redundancy and resiliency to survive adversity, employees find themselves unable to fax until problems are resolved. In a healthcare environment, this means being effectively shut down.

So in any conversation about fax reliability, the subject quickly turns to redundancy: A system lacking multiple fail-safe layers of protection is not only less secure, but also less compliant, and less capable of conducting business as usual.

That’s where the basic architecture of a good cloud fax system gets it right. And comes at no extra cost.

Faxing for the 21st Century

There are several reasons that a well-designed cloud fax service is superior to an on-premises product. For starters, online fax in the cloud is more robust, survivable, and secure. It also gives employees the means to fax from anywhere.

Cloud fax is also more cost-effective – you pay only for the fax capacity you need, and no longer have to maintain legacy hardware or software. What’s more, cloud fax is easier on the IT team, as all maintenance issues become the provider’s responsibility.

But the primary reason cloud fax is the only viable solution for a modern healthcare organization is that it offers the most reliable fax infrastructure available.

Assuming one chooses the right cloud fax provider.

eFax Corporate secure cloud faxing

eFax Corporate – Unmatched Network Reliability

eFax Corporate® has been delivering cloud fax solutions for over 22 years to help thousands of enterprise clients fax securely and with greater reliability than any other business-class provider.

Quite simply, eFax Corporate provides a level of redundancy that no one else can:

  • A network spanning four North American data centers. If one data center should fail, faxes are immediately rerouted through the other centers.
  • Carrier redundancy at each location. If one telecom carrier has network trouble, we immediately shift traffic to another carrier to transport faxes.
  • Highest-rated data centers. We use only Tier 3 and Tier 4 data centers for collocations, which means servers are supported by redundant cooling and power feeds, UPS systems, and backup generators to ensure continuous availability, as well as controlled access and other fail-safe measures to ensure security and continuity of cloud faxing capability.
  • Audited for SSAE-16 Type-2/SOC-2. Public data center/collocations are independently audited to meet industry standards for operations and security.

eFax Corporate provides further assurance of cloud fax reliability via:

  • A written Service Level Agreement (SLA) with verified network availability and fax delivery metrics that guarantee service performance.
  • Proprietary automatic traffic-routing algorithms seek out optimal network connections and automatically fail over to alternative networks for near 100% fax delivery.
  • No single point of failure for outbound fax traffic; if connectivity is lost in one location we automatically reroute traffic elsewhere to ensure faxes get where they’re going.
  • Faxes are routed through direct connections whenever possible, strengthening transmission reliability and limiting a fax’s exposure to the public Internet.
  • 24/7 monitoring of customer data by trained experts in our Network Operations Center (NOC), enhanced by live, award-winning customer support based in the U.S. and Canada.
  • An industry-best error-correction process quickly identifies a transmission error and resolves problems without service delays or the customer realizing there was an issue at all.

The Cloud Fax Choice for Healthcare

The integrity of healthcare data is now held as sacrosanct. If it is not delivered correctly, dependably, and completely, the consequence to organizations and individuals can be catastrophic.

Your organization can no longer afford to entrust critical fax transmissions to any other service than the most reliable healthcare and HIPAA compliant cloud fax provider in the industry.

For more information about eFax Corporate, please request a quote, or call 888-575-7958.

Whether you choose eFax or a different service, I hope this article serves as a wakeup call to you.  Think about your fax transmissions and any additional ways that you are transmitting your health data.  Are you doing everything you can to protect the integrity of your patients’ health information?  If not, this is something that should be on your “to do list” and the “do it now” list as well, before others start to notice and take action for (or against) you.


Please share your experiences and what you have done with your equipment to maintain HIPAA compliance in the comment box below.