How to Send a HIPAA-Compliant Fax
Healthcare providers fax more than any other industry, and HIPAA makes compliance non-negotiable. We built AvoFax's HIPAA features specifically for clinics, hospitals, and covered entities that need to transmit protected health information (PHI) securely and with a full audit trail.
Estimated time: 5 minutes · 5 steps
Sign up for an AvoFax HIPAA plan
AvoFax offers a dedicated HIPAA-compliant plan with encrypted storage, access controls, and a Business Associate Agreement (BAA). Visit avofax.com/pricing and select the plan that includes HIPAA compliance. We'll execute the BAA before your account goes live.
Tip: If you're evaluating AvoFax for your practice, our team can walk you through the compliance features. Reach out at [email protected].
Configure your workspace security settings
In your AvoFax dashboard, go to Settings > Security. Enable two-factor authentication for all users in your workspace, set session timeout policies, and review user permissions. These controls ensure only authorized staff can access fax content.
Compose your fax with PHI safeguards
Click Send Fax and enter the recipient's fax number. When attaching documents containing PHI, AvoFax automatically applies encryption in transit via TLS and T.38 fax protocol. Double-check the recipient number — misdirected faxes are the most common HIPAA fax violation.
Tip: Use AvoFax's contact list to save frequently-used fax numbers for pharmacies, labs, and referring providers. This reduces the risk of misdialing.
Add a HIPAA-compliant cover page
AvoFax includes a confidentiality notice on cover pages by default for HIPAA accounts. The notice states that the fax contains protected health information and instructs unintended recipients to destroy the document and notify the sender.
Send and verify the audit trail
Hit Send, then check your Activity tab for the full audit trail. AvoFax logs the timestamp, sender, recipient, page count, and delivery status for every fax — exactly what you need for HIPAA compliance documentation and audits.
Common Questions
Does AvoFax sign a Business Associate Agreement (BAA)?
Yes. AvoFax executes a BAA with all customers on HIPAA-compliant plans. The BAA is required under HIPAA before any covered entity can share PHI with a service provider.
Is fax still HIPAA-compliant in 2026?
Yes. The HHS Office for Civil Rights has confirmed that fax remains a compliant method for transmitting PHI, provided appropriate safeguards are in place — including encryption, access controls, and audit logs. AvoFax provides all of these.
What happens if a fax fails to deliver?
AvoFax retries automatically and logs every attempt. If the fax ultimately can't be delivered, you'll receive a notification with the failure reason. The document is never left in an unsecured state.
Can multiple staff members share a HIPAA-compliant fax line?
Yes. AvoFax workspaces support multiple users with role-based access controls. Admins can manage who can send, view, and download faxes, ensuring minimum necessary access.
How long does AvoFax retain faxes for HIPAA accounts?
Faxes are retained according to your plan's storage policy. HIPAA requires covered entities to retain certain records for 6 years. You can download and archive faxes at any time, and AvoFax's retention policies are documented in the BAA.