What is an Example of a HIPAA Fax Cover Sheet Disclaimer?
The following is an example of a HIPAA fax cover sheet disclaimer that conveys all of this language:
“IMPORTANT: This transmission contains confidential information, which may be protected health information as defined by the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. This transmission is intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient (or an employee or agent responsible for delivering this facsimile transmission to the intended recipient), you are hereby notified that any disclosure, dissemination, distribution or copying of this information is strictly prohibited and may be subject to legal restriction or sanction. Please notify the sender by telephone (number listed above) to arrange the return or destruction of the information and all copies.”
Why Should Organizations Use a HIPAA Fax Cover Sheet?
Using a fax cover sheet can keep protected health information protected from public view when the fax is received. This is so whether a healthcare provider is faxing paper documents or sending a fax via email. Having a fax transmission protected from public view can prevent those individuals who are not authorized to access a patient’s PHI or ePHI from being able to see it (whether intentional or not) when faxes are sent.
Using a HIPAA fax cover sheet also ensures compliance with the access control standard of the Security Rule’s technical safeguard requirement. The access control standard requires entities to implement technical policies and procedures for electronic information systems that maintain ePHI, allowing access only to those persons and programs that have been given access rights.
What Other Measures Should I Take With Respect to Faxes and Fax Cover Sheets?
To reduce the possibility of unauthorized individuals gaining access to faxed PHI or ePHI, a healthcare provider can implement the following measures:
- Store fax machines used for transmitting and receiving PHI in areas that are not accessible to the general public.
- Verify the fax number to which the documents are being sent. Many fax machines contain an autodial function, which enables the machine to make multiple attempts to transmit a message until it is received. When using a fax machine with an autodial, healthcare employees should verify the fax number of the recipient to make sure the number is correct.
- Notify the fax recipient that you are about to send a fax transmission containing confidential patient information, so the recipient will know that a fax is on its way.
- Print out a delivery confirmation report for the message you have faxed. A delivery confirmation report indicates whether the fax transmission was successful. The report also indicates whether the recipient’s fax number was “busy,” or whether your machine is otherwise unable to transmit the message.