Hosted Fax Applications vs Fax Servers in a Healthcare Environment

Today I got an email asking about whether someone should use a hosted HIPAA compliant fax application or get their own fax server. Here’s the full email (with names removed):

I’m setting up a web based application for administrative work at doctors offices. I want to be able to allow these offices to purchase an electronic fax service that is HIPAA compliant and integrated with my application from me. I have tried to research this and have only gotten more confused. What should I do?

* Should I use one of these internet fax providers through a partnership program where I can brand the product to my own? Are they HIPAA compliant? and how come some of them like charges only $12.95 for unlimited faxing, and someone like who claims to be HIPAA compliant charges $99.00 for 1000 pages.
* Or should I use some sort of fax server.

Any help would be highly appreciated.

Best Regards,
Name Removed

Some very good questions. I will admit that I’m definitely not an expert on the hosted HIPAA compliant fax server market. I’d love for people to correct anything I’ve said which is wrong. Here’s what I wrote in response to the email:

I can understand your confusion. There are a lot of different options out there. I personally don’t know much about the fax service providers. I knew there were some out there, but I’ve never personally used one myself. I’m not sure I ever would use one at least for HIPAA related information. You’re probably ok if you have a business associates agreement, but here again I’m not a lawyer and laws may depend on which state you’re in.

As far as the pricing difference, I’m sure there are a number of factors, but it makes a lot of sense that a HIPAA compliant fax service would be more expensive than a non-HIPAA compliant service. Not necessarily because the technology is all that different, but because they “should” implement more safeguards to protect your data in order to be HIPAA compliant. Not to mention if a company can claim HIPAA compliant faxes, then they’ll probably charge more just because they can.

I personally prefer the fax server route. They are inexpensive (like $50 or less) and everything is stored in house. If you have a Windows Server 2003 server in your office, then the fax application to keep logs of all your faxes is also free. If you don’t have a server like that, then it will be a little more difficult but a good fax program only costs around $50-100 last I checked.

One thing you should know about a fax server (and probably the fax providers) is that you’ll need to have some sort of scanner to be able to scan things in order to fax them. Unless of course you’re planning to only fax things that are already electronic. Basically a fax server can fax anything you can print. If you can print it, you can fax it with a fax server.

Anything else that I left out about fax servers vs. hosted fax applications that people in healthcare should know?

About the author

John Lynn

John Lynn

John Lynn is the Founder of, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference,, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.


  • One alternative is to eliminate the fax machine altogether. Secure Services Corp’s software SHAPE Linx, for example, is designed to sit on a computer desktop and allow the user the ability to send individual documents or a single, combined document that is encrypted and sent through a secure “pipe”to another user. This encryption level rivals Department of Defense levels (AES-256).

    With a fax you are never quite sure who is at the other end to view these sensitive documents, but with SHAPE Linx you send the documents just as you would an e-mail only with the confidence that it’s going to the party you sent it to, in a secure and encrypted format.

    SHAPE Linx goes even further as it allows the annotation of documents and you can even add voice memos that are encrypted as well. The person receiving the e-mail (which you could send to their Outlook mailbox) would see the e-mail in their in-box and, if they don’t have SHAPE Linx, will receive a link to download a FREE reader that will allow them to view-only the documents. Without the reader it remains encrypted.

    So, not only does SHAPE Linx eliminate the need for the fax, but reduces the paper and paper-related costs while providing a HIPAA-compliant communication and collaboration tool. To learn more feel free to visit:

  • Bob,
    Very cool technology. Although I think the limiting factor is really that you can’t use that technology to send message to people you don’t know. I guess you could send the fax to an email of someone you don’t really know, but in the medical field you’re usually faxing to doctor’s offices, pharmacies or personal fax machines of people you don’t know. In most cases all you have is the fax numbers. It doesn’t seem like SHAPE Linx is able to do that right?

    For sending faxes between 2 locations on a consistent basis this might be a good solution depending on the cost. Fax’s are so cheap really.

    “not only does SHAPE Linx eliminate the need for the fax, but reduces the paper and paper-related costs while providing a HIPAA-compliant communication and collaboration tool.”

    If an office is using a fax server, then SHAPE won’t reduce the paper and paper-related costs anymore than the fax server has already done. Plus, a fax server/fax machine is HIPAA compliant also. If it wasn’t, then every medical office in the country would be out of HIPAA compliance.

    Thanks for pointing me to the technology. Interesting stuff.

  • I’m looking at it from the oposite perspective, if you have any insight for me. I want to have medical records faxed to me at a new office and store them electronically in anticipation of interfacing them wiht an EMR in the future. Services like smatfax and jfax will allow me to obtain a fax # that when sent automatically stores the document as an email attachment. I can then store each record as separate file on my desktop to access later. The question is, is this email Hipaa compliant. If it is stored in my Yahoo or Aol email, is that considered secure enough?

  • One of the things a healhcare organization has to consider is if the faxes that are sent out or come in have to be signed, commented on via some text or have other markings on them. Fax Servers and basic fax services do not offer this. From what i understand about Sfax, the cost is acually less expensive on a per page basis than other fax services but you can digitially sign and annotate documents without the need to print them. Printing defeats the purpose of fax servers and fax services.

  • Jay,
    Sending a fax by email to a Yahoo or AOL email account is probably not considered HIPAA compliant. If it was an internal email account using some sort of email encryption, then you’re probably safe. I just think most third party fax companies is not a good idea unless they are focused on health care and are willing to sign a business associate agreement and provide you a secure way to get the fax from them (ie. secure ftp).

  • Dave,
    Actually a lot of EMR companies do have the ability to sign an electronic fax in the EMR. Definitely not all of them do, but many have this type of “digital signature available. In fact, I think this is one of the most creative areas for a bunch of the EMR companies out there.

  • If a fax machine is connected to a computer, one could receive the fax without printing it, stored in the machines memory, and accessed through the computer. (Set Memory to empty when accessed in the fax machines preferences.)

    Paper can be scanned to the computer and faxed off the desktop or through a fax/printer program. This can be accomplished on phone-lines, DSL or Cable, right from your computer interface. That’s how it works with a Mac.

    Of course the fax machine itself could serve-up the scanned paper directly.

    Sending faxes via email is touch and go. If the receiver has their own Domain name or email server they most likely will have control over the email volume where normally, ISP email or freEmail, like yahoo limit volume to 10 mb. Domain email accounts can be secured with a CERT, and electronic signatures are available.

    Faxes are photos and require larger volumes than text files so, fax through email doesn’t always work.

  • As far as I know (and I’ve done my homework) there are very few EMR providers that have fully integrated fax soltuions. Most do have electronic signatures which are worthless to fax unless its integrated. The Sfax product that we use is sold as a stand alone (good for practices without an emr) and integrated with many of the leading EMR providers. I think the website is

  • dave,
    You could be right that many don’t have deep integrations with a specific fax application, but there really isn’t a need for deep integration. The fax server software that comes with Windows Server 2003 is rather robust and many EMR companies have some great document management capabilities. That’s essentially what you’re doing with received faxes is managing them as documents in the EMR.

  • My thoughts come in the form of a question. If a fax is received by an administrative assistant and then forwarded through email rather than printed and delivered, how do we maintain the HIPAA security? Does the HIPAA standard then apply because it is converted to an email?

  • Jen H,
    Good question.

    The HIPAA standard applies if the fax/email contain any PHI (protected health information). So, if you get a fax that has a person’s PHI on it, and then you send it through email that would be a violation of HIPAA. Unless of course you’ve set up a secure and encrypted email solution. Which on an internal network is easier to do or there’s a number of other secure email solutions mentioned in this thread:

    The only possible caveat could be if the patient has given you permission to send their PHI over email. To me that’s a grey area that may or may not be a violation of HIPAA. Personally, I wouldn’t take that risk, but you could interpret their consent as making it ok.

    Either way, read the link I posted (including the comments on it) and the email and HIPAA interaction discussed at length.

Click here to post a comment