What makes a fax HIPAA compliant?

HIPAA compliance requires a combination of technical safeguards (encryption, access controls, audit logs) and administrative actions (signed BAA, staff training, and physical security).

Do I need a BAA with my fax provider?

Yes. If you transmit Protected Health Information (PHI) through a third-party service, they are considered a Business Associate. A signed BAA is legally required.

Is email-to-fax HIPAA compliant?

Only if configured correctly. The connection between your email server and the fax provider must enforce TLS encryption. Standard, unencrypted email is not compliant.

HIPAA Compliant Fax: The Complete Guide & Checklist (2025)

A practical guide to sending HIPAA‑compliant faxes. Learn about encryption, BAAs, audit logs, and secure email‑to‑fax, plus a streamlined workflow using mFax.to.