How to Fax Medical Records Securely
Medical records are among the most sensitive documents you can fax. In our experience working with healthcare providers, the biggest risks are misdirected faxes and missing audit trails. We designed AvoFax to eliminate both problems while keeping the workflow as fast as traditional faxing.
Estimated time: 5 minutes · 5 steps
Ensure you're on a HIPAA-compliant plan
Before faxing any medical records, confirm your AvoFax account is on a HIPAA plan with a signed Business Associate Agreement (BAA). This is a legal requirement under HIPAA whenever a covered entity shares PHI with a third-party service. Visit Settings > Plan to verify your compliance status.
Tip: If you're not sure whether you need a BAA, the general rule is: if the document contains any patient-identifiable health information, you need one.
Gather and prepare the records
Export the medical records from your EHR as a PDF, or scan paper records using the AvoFax mobile app's document scanner. Make sure you only include records that the recipient is authorized to receive — the HIPAA minimum necessary standard applies.
Verify the recipient's fax number
This step matters more than people realize. Misdirected faxes are the number one cause of HIPAA fax breaches. Confirm the recipient's fax number directly — don't rely on old records or web searches. If possible, save verified numbers in your AvoFax contact list to avoid retyping.
Tip: For new recipients, consider sending a test cover page first to confirm the number reaches the right person before transmitting PHI.
Attach a confidentiality cover page and send
AvoFax HIPAA accounts automatically include a confidentiality notice on the cover page. Review the fax preview to make sure all pages are included and legible, then hit Send. The cover page warns unintended recipients to destroy the fax and notify your office.
Confirm delivery and log for compliance
Check your Activity tab for the delivery confirmation. AvoFax logs the sender, recipient, timestamp, page count, and delivery status — this is your audit trail for HIPAA compliance. For record requests, note the confirmation details in the patient's chart.
Common Questions
What types of medical records can I fax with AvoFax?
You can fax any document type — lab results, imaging reports, referral letters, discharge summaries, progress notes, and more. AvoFax supports PDF, Word, JPEG, PNG, and TIFF files up to 20 MB per fax.
How does AvoFax protect medical records during transmission?
AvoFax encrypts all transmissions using TLS for the internet leg and T.38 protocol for the fax leg. Documents are stored encrypted at rest and access is controlled by workspace permissions and two-factor authentication.
Can I fax medical records to another state?
Yes. AvoFax works across all 50 US states and internationally. HIPAA compliance applies regardless of where the recipient is located, and AvoFax's security features protect the transmission end to end.
What should I do if I fax medical records to the wrong number?
Contact the unintended recipient immediately and ask them to destroy the fax. Document the incident in your HIPAA breach log. If the misdirected fax affects more than 500 patients, HHS notification may be required. AvoFax's delivery logs help you document exactly what was sent and when.
How long should I keep fax confirmation records?
HIPAA requires covered entities to retain certain compliance documentation for 6 years. We recommend keeping fax delivery confirmations for at least that long. AvoFax retains your fax history according to your plan's retention policy, and you can export logs at any time.