HelloFax has stated that it meets HIPAA compliance standards.
Many telecommunications firms act as conduits for data transmission and are exempt from signing a business associate agreement (BAA) through the conduit exception rule. Information shared over the phone or using a standard fax machine is not subject to HIPAA compliance. However, other means of communication, including VOIP, SMS, and digital fax services, must meet HIPAA regulations.
HelloFax provides AES-256-bit encryption for information at rest and TLS encryption for information in transit, to meet the minimum HIPAA standards. Additionally, each document is encrypted with a unique key, and keys are encrypted with a master key that rotates frequently, which means that if unauthorized people gained access to the hard drive, they wouldn’t be able to decrypt the data.
HelloFax advertises “bank-grade” security, including physical and electronic protections. The data center apparently uses strict access controls. Because of these security measures, it may be possible to use the HelloFax system without violating HIPAA requirements.