SRFax is committed to protecting all private health information.

SRFax is the only HIPAA-compliant fax for healthcare that will sign a Business Associate Agreement. Our secure online fax service, also referred to as a digital fax, is the gold standard in the industry, and our customer reviews confirm it. Our PDF to fax services are in compliance with U.S. law, and when you send a HIPAA fax through our service, you’re ensuring your own peace of mind.


Our HIPAA compliance statement ensures that all your health information will be completely secure. We pledge to safeguard your HIPAA fax information with a Business Associate Agreement, SSL encryption, firewalls, and even optional PGP encryption. Read on for full details concerning our security measures.


Under the HIPAA (Health Insurance Portability & Accountability Act), SRFax may be defined as a Business Associate. A Business Associate is a person or organization that performs certain services for a covered entity involving the use and/or disclosure of personal health information.


When protected health information is faxed from a computer, HIPAA compliance security measures need to be implemented by the covered entity and the Business Associate. According to the Security Standard Final Rule, a covered entity may permit a business associate to create, receive, maintain, or transmit electronic protected health information on the covered entities behalf only if the covered entity obtains satisfactory assurances, in accordance with 164.306(a) that the business associate will appropriately safeguard the information. This document is intended to provide assurance that SRFax will safeguard all information faxed to and from covered entities while using the SRFax service. SRFax has implemented both the physical, organizational and the technical safeguards necessary to protect the confidentiality and integrity of information being communicated using its service.


User Authentication

Users can access the SRFax service via Email or online only with a valid username and password combination which are SSL encrypted. An encrypted session ID cookie is used to uniquely identify each user. While logged into our servers, all communications will be encrypted at all times.


Application Security

Our robust application security model prevents any SRFax customer from accessing another’s data. This model enforced for the entire duration of a user session.


Organizational Safeguards

The information contained in faxed documents is proprietary to the customer sending the fax. SRFax employees do not have access to the SRFax production equipment, except where necessary for system management, maintenance, monitoring, and backups. The SRFax servers that process faxes are in a secure environment that is accessed by a team of approved professional engineers and security specialists only. As a result, all information passing through SRFax server environment remains protected and secure.

Physical Safeguards

All SRFax fax production equipment is housed at a facility that provides 24-hour physical security, redundant electrical generators and other backup equipment designed to keep servers secure and continually up and running. SRFax leverages the strongest encryption products to protect customer data and communications, including 2048-bit SSL Certification and 2048 Bit RSA public keys. The lock icon in your internet browser indicates that data is fully shielded from access while connected to our servers.


Perimeter Defense / Operating Systems

The network perimeter is protected by multiple firewalls and monitored by intrusion detection systems all sourced from industry-leading security vendors. In addition, SRFax monitors and analyzes firewall logs to proactively identify security threats. SRFax enforces tight operating system-level security by using a minimal number of access points to all production servers. We protect all operating system accounts with passwords, and production servers do not share a master password database. All operating systems are maintained at each vendors’ recommended patch levels for security and are hardened by disabling and/or removing any unnecessary users, protocols, and processes.


Reliability and Backup

All networking components, SSL certificates, accelerators, load balancers, Web servers, and application servers are configured in a redundant configuration. All customer data is stored on a primary database server that is clustered with a backup database server for redundancy. All customer data is stored on disk storage that is mirrored across different storage cabinets and controllers. All customer data is automatically backed up on a nightly basis and moved to secure, off-site storage on a regular basis.


No Storage Option

Clients have the option to set their account to delete fax data once it has been delivered or retrieved. Immediate deletion of the data once it has been delivered ensures maximum protection of any private health information. All of these security features are designed to exceed HIPAA Compliance specifications.


Tips for Safer Faxing

  • Assess the recipients security infrastructure
    Always ensure that the receiver has taken appropriate precautions to prevent anyone else from accessing the electronic or paper based faxed documents.
  • Confirm recipients fax number
    Before sending a fax, check that the receiver’s number is correct.
  • Always include a cover sheet
    Always complete a fax cover sheet that clearly identifies both the sender and the intended receiver. The cover sheet should include a standard confidentiality notice stating that the information contained in the fax is legally privileged, that the fax is intended for the named recipient only and a request to contact you directly if the transmission was sent in error.


PGP Encryption

SRFax also offers added security by allowing users to use PGP Encryption. All that is required is a PGP Public Key to be uploaded for each Email address. When a fax is received by SRFax, the Email notification is automatically encrypted using the PGP Key provided before delivery. The recipients PGP-enabled Email software will then decrypt it for viewing. Complete, end-to-end security is provided through this fully automated, widely available, and easy-to-use process.


Please contact us if you require more details on encrypting your faxes.