eFax is one of the best-known Internet faxing services that allows medical practitioners to send and receive faxes online without using a physical machine. Instead, you can send faxes from any device connected to the Internet, including computers, laptops, tablets, and phones.

Healthcare systems still exchange and share medical information using fax, and now via electronic faxing over the Internet, popularly with eFax. But what most patients and providers must have concerns over is whether eFax is HIPAA compliant.

If you happen to love fax technology or want to transition to electronic faxing, read on to learn what you need to know about Internet faxing and if it's compliant with HIPAA regulations when using it for healthcare purposes. 

What do healthcare professionals fax?

Healthcare professionals (HCPs) still use fax technology to share medical documents, such as:

  • Physician orders
  • Authorization and supporting documentation
  • Patient records and laboratory tests
  • Payer forms and other documents
  • Pharmacy prescriptions and additional information
  • Referrals

Research suggests that at least 70% of HCPs still use fax to share documents even as electronic health records (EHRs) and other health information technology (IT) advancements offer mobility, flexibility, convenience, and security. 

But some providers believe EHRs and IT advancements do not meet their expectations when it comes to moving information across boundaries of healthcare systems, such as:

  • Between hospital systems
  • Between providers
  • Between competing technology platforms

That's where the fax machine comes in, bridging the gaps in its clunky way. Faxing is practical—but limited, slow, inefficient, and increasingly seen as a roadblock to improved care and more ambitious goals for the use of health information.

There is a firm reliance on faxes in sectors of the healthcare system where the adoption of EHR systems lags. The public health sector, for example, depended on faxed case reports from providers in the early stages of the COVID-19 pandemic to keep up-to-date on the rapidly spreading disease.

The backlog in the widespread adoption of EHRs among healthcare providers results from federal funding problems for EHR adoption provided through the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act. 

Other health systems maintain fax machines to enable them to routinely share health information outside the healthcare system, such as with law enforcement agencies, social services agencies, employers, and other entities that don't use EHR systems. 

However, as most industries decreased their use of fax machines over the past decade, the healthcare industry transitioned to electronic faxing. That trend resulted from the healthcare systems realizing how inefficient and costly old faxing technology is and how it endangers patient privacy and safety, bringing forth the popularity of eFax. 

With the reliance on faxing in healthcare and the use of eFax, complying with HIPAA looms over providers who choose to communicate protected health information (PHI) via fax.

How does eFax work?

eFax lets you exchange documents with your colleagues and other healthcare professionals without a fax machine. All you need is an Internet connection. eFax stores everything in its cloud, and you can access it whenever you want. You can create up to five user profiles per account and send the same fax to multiple recipients at once. 

The following are three ways to send faxes via eFax:

  1. Via an eFax account

An eFax account provides you with a messaging tool to send faxes using the recipient's fax number. You can attach up to 10 documents, enter the number or choose one from your existing contacts, and send. The recipient gets the documents on their fax machine.

  1. Faxes via Email

You can use eFax to send documents directly to the recipient's machine using your email. Attach the documents you wish to send and enter the recipient's fax number in the "To" field followed by "@efaxsend.com" and send the email as you usually do.

  1. Via the eFax Mobile App

eFax offers a mobile app that you can install on your tablet or smartphone to send documents from your phone on the go. You can even e-sign them directly in the app. Your recipient receives the papers on their fax machine.

If you want to receive faxes via eFax, you can. 

Your eFax account comes with a number (like a regular fax number) you can use to receive a fax from anyone, even those without an eFax account, and receive all faxes sent to you in your email inbox as a PDF or TIFF attachment. You can view your incoming faxes online through the eFax message center or directly through the eFax mobile app.

To receive an eFax from a regular fax machine, you must call-forward your existing fax number to your new eFax number or in certain circumstances, have your existing fax number ported to eFax Corporate.

Is eFax HIPAA compliant or not?

One reason why healthcare providers prefer fax machines is that they don't store data. Internet faxing services do, though, which makes data sent this way potentially vulnerable to cyberattacks — a concern most people have when using online faxing services, such as eFax

Online faxing platforms like eFax must be HIPAA compliant for healthcare providers to use them.

The Health Insurance Portability and Accountability Act (HIPAA) is a United States federal law outlining standards for covered entities to protect sensitive medical data, such as PHI. The HIPAA rules allow the exchange of PHI electronically (ePHI) as long as covered entities establish the necessary physical, administrative, and technical safeguards that ensure the availability, integrity, and safety of ePHI. Covered entities include healthcare professionals, healthcare plan providers, and healthcare clearinghouses. 

The HIPAA regulations consider software providers, such as eFax, as business associates (BA) of covered entities, and the rules require BAs to sign a business associate agreement or BAA with covered entities. Signing a BAA is one of the safest indicators that an application adheres to HIPAA regulations; the signed document guarantees HIPAA compliance. eFax is willing to sign a BAA with covered entities, meaning it is a HIPAA compliant platform. 

eFax satisfies the obligatory HIPAA requirements:

Access Control

There are appropriate mechanisms that allow you to control access to your cloud-based eFax account, and eFax implements unique identification and admin rights to permit or deny access to comply with this standard. 

Transmission Security

eFax employs the TLS protocol recommended by the National Institute for Standards and Technology (NIST). TLS ensures that PHI is safe during transfer.


eFax utilizes AES 256-bit encryption, which is considered the industry standard. eFax stores your data in its two redundant colocations protected by several security layers.

Audit Control

You can track all your data transmissions, which allows you to examine any activity taking place on your account. eFax backs up all your data. Each document you send is stored forever for access in case of an emergency.

Is eFax what you need for healthcare information sharing?

There is no doubt that eFax satisfies your need to communicate your patients' PHI in a HIPAA-compliant way. However, eFax makes sense only when you know exactly what you're due to receive and send. That means that if you communicate with another office regularly (to get labs, for example), eFax might be an alright solution for you.

Nonetheless, even in its modern, Internet-based version, faxing is still outdated. eFax enables your medical practice to exchange documents securely, but that's all it does. You need to use another platform or communication method for any other tasks, such as telemedicine visits with patients or appointment reminders.

Plus, if you need to send documents and the recipient does not have a fax machine or eFax (and does not want to use it), you must resort to other means, like snail mail or a delivery service.

And then there is cost. eFax may be the best-known online faxing service, but it is also the most expensive. For example, the eFax Plus plan starts at $16.95 per month, after a $10 set-up fee. Considering that you only get 150 incoming and outgoing pages, that is pretty pricey. For anything more, you get charged extra.

Apart from the number of pages, there is also a limit on the number of users per account. You can only connect five email addresses to it. That may be fine for some, but if you need to make the faxing service available to more people, you need another account.

Considering its limitations and high price point, eFax is not a very good value for the money. 

Instead of eFax or any form of faxing, healthcare practices should consider a software program that can safely exchange PHI with other providers and patients plus much more to have an efficient workplace that embraces new technological advancements.

Now that you know everything about online healthcare faxing and HIPAA compliance, what are the alternatives to eFax?

eFax may be HIPAA-compliant, but it does not offer the tools a modern healthcare practice needs. Curogram is a 21st solution for sharing documents with ePHI with all the perks a secure patient engagement and communication platform can offer. It lets you send and receive sensitive patient data in a completely safe way from its web-based dashboard or mobile app.

Curogram can do for you what eFax does but much more efficiently. It also has a variety of other functions that you can't get with a faxing service and is 100% HIPAA compliant.

Curogram makes it easy to communicate with other practices. Instead of calling to make arrangements about faxing the documents containing PHI, you can do everything from the Curogram dashboard.

If you need to receive test results from a lab or exchange medical records with another clinic, you can find them in your partner directory on Curogram and message them from there. You can send each other files through the platform without violating the HIPAA rules. You don't have to involve emails or clunky old machines. That also means that your documents are in one place and not scattered around your office.

Going beyond document sharing, Curogram is a complete telemedicine solution.

Our healthcare system suffers from interoperability issues and a lack of collaboration tools for medical professionals. The fact that various practices still run on fax machines is proof enough that we need to do more to enable secure and efficient inter-office communication. 

Curogram can revolutionize the way doctors collaborate and help them work in sync to provide better patient care.