Yes, HelloFax meets HIPAA compliance standards and will most likely sign a Business Associate Agreement (BAA) for companies that meet a certain annual spending threshold.
Many telecommunication firms act as conduits for data transmission and are exempt from signing a business associate agreement (BAA) through the conduit exception rule. Information shared over the phone or using a standard fax machine is not subject to HIPAA compliance. However, other means of communication, including VOIP, SMS, and digital fax services, must meet HIPAA regulations.
Since HelloFax uses digital faxing, not regular fax machines, the service must provide privacy and security features if covered entities are using the system. HelloFax provides AES-256-bit encryption for information at rest and TLS encryption for information in transit, meeting the minimum HIPAA standards. Additionally, each document is encrypted with a unique key, and keys are encrypted with a master key that rotates frequently, which means that if unauthorized people gained access to the hard drive, they wouldn’t be able to decrypt the data.
HelloFax advertises “bank-grade” security, including physical and electronic protections. The data center uses strict access controls at all times. Because of these security measures, it is possible to use the HelloFax system without violating HIPAA requirements.
The company website doesn’t state that HelloFax will sign a business associate agreement (BAA). But larger companies with high annual spending have secured BAAs with HelloFax. Contact HelloFax support for a BAA.