Looking for a Business Associate Agreement? Download our FREE starter template.
Total HIPAA Logo

HIPAA Compliant efax Provider Recommendations

Many HIPAA compliant organizations need to send and receive electronic Protected Health Information (ePHI) on a regular basis. HIPAA requires you to secure information at rest, in transit, and in storage. If you fax PHI, you must ensure the safety of this sensitive information in transit. HIPAA compliant efax services are an ideal replacement for traditional fax machines many businesses are phasing out.

Online fax, cloud fax, or efax is the use of the internet and internet protocols to send a fax, rather than using a standard telephone connection and a fax machine. In this blog post, we review five efax vendors (Concord Cloud Fax, Faxage, Innoport, SRFax, and Upland InterFAX) which provide HIPAA compliant efax services that keep your transmissions secure and protected at all times. Please note that these are unranked and listed in alphabetical order. All of these companies will sign a Business Associate Agreement with your organization, which is required by HIPAA.

Each vendor will be assessed based on three considerations: security and features, installation and use, and cost. This information will help you decide which vendor best fits the needs of your business.

Concord Cloud Fax — HIPAA Compliant efax Service

Concord Cloud Fax: Security and Features

Every day, Concord makes sending secure and HIPAA compliant faxes easier for over 140,000 users. With Concord’s secure Cloud Fax Platform, you can centralize your inbound and outbound faxing. The platform allows you to route faxes directly to the appropriate team or department.

Every document is text-searchable, which allows for quick and easy access. Concord also offers machine learning technology, which finds and extracts key patient data-points from documents and uses them to populate applications. This makes it easy for you to bring documents and patient data back into your application ecosystem.

Concord’s network security features include: AES 256-bit encryption, active intrusion protection, complex password requirements, and an enforced anti-virus policy across the network. All logins and access are logged and recorded in case of a breach or audit, or for general security purposes.

Communications are fully encrypted over TLS or via secure HTTP. You can set your image retention policy to automatically remove all images, dramatically simplifying security. Concord has also successfully undergone the SSAE 16 audit, to ensure organizational procedures, structure and technical infrastructure are optimized to protect consumer data.

Concord Cloud Fax: Installation and Use

Concord’s website has How To Videos that can guide you through sending, receiving, and printing faxes, as well as other ways you can customize your Concord Cloud Fax Web Portal. Concord Cloud Fax allows you to receive online faxes in your email inbox and manage them just like you would regular emails. 

Once your account is activated, simply attach the documents you’re faxing to an email message and send it to faxnumber@concordsend.com. The documents, which can be PDF, TIF, or XPS attachments, can be printed, saved, archived, or forwarded like you would with an email. Concord also notifies you via email as soon as your fax has been successfully delivered. You can also track all your outgoing and incoming faxes using the Concord Portal.

Concord Cloud Fax: Cost

With Concord, you can build your own HIPAA compliant cloud fax estimate using the “Build My Fax Service Quote” tool on the company’s website, or contact them to start your free trial.

Documo — HIPAA Compliant efax Service

Documo: Security and Features

mFax by Documo prides itself on its fax-only infrastructure. Because Fax over IP (FoIP) is known to have reliability problems, the backbone of their product is specifically built for fax, allowing them to maximize quality and deliverability.

Not only that, but you don’t have to worry about losing another fax ever again, because mFax offers automatic cloud storage, and you can access your fax history from any device. You can even manage users, assign fax numbers, and set account-level permissions through their robust, advanced admin portal.

When it comes to security, Documo is committed to safeguarding sensitive data. That’s why they built their platform on the Google Cloud Platform. They provide dedicated, state of the art firewall and intrusion detection systems, data protection with managed backup solutions, distributed DDoS mitigation, and daily internal security and vulnerability tests.

Their application security is top notch, as well. They provide 256-bit SSL encryption, 2048-bit private keys, and AES multi-layered encryption for all documents and data both at rest and in transit, as well as the ability to restrict account access to specific IP addresses. They use intelligent encryption with access controls to ensure data is only decrypted for authorized requests, and automated session time-outs.

Documo: Installation and use 

mFax allows you to send and receive all of your faxes online – in their portal, by email, or by integrating their API with the systems you’re already using. They aim to help your organization save thousands of dollars every month by outsourcing your fax infrastructure to mFax’s secure and reliable cloud network. You can easily schedule a demo with their team for more information.

Documo: Cost

mFax plans start at just $10 per month for individuals, increasing based on your number of team members and pages sent monthly. If you are faxing more than 2,500 pages per month, you can request pricing for a custom plan.

Faxage — HIPAA Compliant efax Service

Faxage: Security and Features

Faxage, which has been in business over a decade, has a proven track record of delivering quality, reliable, and secure online fax services. The company operates its own infrastructure, and provides full Internet Fax System Auditing to ensure that you know what your users are doing with your data. 

It also offers multiple security and encryption options, including: SSL/TLS encryption for all web and API based faxing, SSL/TLS email transport encryption, SSL/TLS secured Print to Fax print driver, password-protected incoming PDFs, PGP support for email fax sending and receiving, and email link for secure download of incoming faxes.

Faxage: Installation and Use

Faxage has a HIPAA Faxing Checklist in its website to guide users through the process of setting up their accounts, sending secure messages, and ensuring HIPAA compliance. There is also a HIPAA Compliance Setup Video available to walk you through the checklist. 

Faxage offers several ways of sending, receiving and viewing faxes, which can be done via secure email messages or through logging into your account on the Faxage website. When receiving faxes, you have the option of: TLS Secured email Transport, Secure email via Sending you a Link, Secure email via Password Protection, and Secure Email via PGP. You can send faxes using one of these options: sending faxes through the Faxage website, the Faxage Print to Fax driver, the Faxage API, TLS Secured Email Transport, and PGP Encrypt Your Attachments.

Faxage: Cost

Faxage offers different layers of pricing depending on your business’s needs, and a 30-day money-back guarantee for all plans. All Faxage Internet Fax accounts have access to the same set of features, regardless of the pricing plan chosen. These include: web faxing, email to fax, fax to email and API fax. You can also send and receive faxes using unlimited email addresses and use unlimited online fax storage at no additional charge.

FAX.PLUS — HIPAA Compliant efax Service

FAX.PLUS: Security and Features

FAX.PLUS allows you to send and receive faxes via your desktop, Android, iOS, email, Google products, multi-function printers, and even your own custom software via Zapier integration or programmable fax API.

FAX.PLUS’s online fax solution includes the following security features: unique user identification, administrator privileges to grant and remove access, 256-bit AES encryption, and other security controls which limit access to authorized personnel only. Users also have the option to not save their fax data on FAX.PLUS’s servers. Inbound documents are only sent to the intended recipient’s email, limiting exposure and disclosure risks associated with faxing to a physical fax machine.

FAX.PLUS also signs Business Associate Agreements (BAAs) with users of their Enterprise plan. This is an essential component of HIPAA compliance which should be done with all third parties with whom you work. 

FAX.PLUS: Installation and use

FAX.PLUS allows you to send faxes online to over 180 countries and buy a toll-free local or international fax number from 47 countries. If you want to keep your existing fax number, you can also port it into their platform. FAX.PLUS is easy to use and available across multiple platforms and devices, with plans that are scalable for your business.


FAX.PLUS’s Enterprise plan, which offers advanced collaboration for individuals and organizations, costs $59.99 per month. This is their highest priced plan, which includes Zapier integration, priority support, and other advanced security controls. FAX.PLUS’s most popular plan, the business plan, is $19.99 a month and includes all of the enterprise plan’s basic features, but is limited to five team members. See which plan is right for you!

Innoport — HIPAA Compliant efax Service

Innoport: Security and Features

Innoport is another cloud faxing service that offers HIPAA compliant faxing for businesses of all sizes. Innoport’s security features include: 128-bit encryption, fax to secure FTP, encrypted email TLS, and HTTPS API. Innoport also uses secure servers for information storage and retrieval, secure online account administration, and physical and technical safeguards that restrict access from unauthorized parties.

Innoport: Installation and Use

Innoport offers several ways of receiving and sending faxes. Fax to Email allows you to receive faxes as encrypted attachments in an email; FTP Fax Delivery lets you set up a FTP or secure FTP site for receiving faxes; and with Online Fax you can view faxes using a secure online portal. There are pages on Innoport’s website devoted to each faxing option, which walk you through how to create an account and begin using the service.

Innoport: Cost

Innoport’s pricing starts at $9.95 per month for a basic business plan. Personal plans are also available. You can also set up multiple user accounts with 5 different users having access to the service. The unlimited account offerings from other providers may be better for larger organizations. But Innoport’s account offerings should meet the needs of smaller healthcare businesses.

SRFax — HIPAA Compliant efax Service

SRFax: Security and Features

SRFax is a well-known online fax service that has been serving medical professionals for decades. The company uses SSL encryption, firewalls, and/or optional PGP encryption to safeguard your information. With SRFax, you can create multiple user accounts to help limit who has access to sensitive data and ensure that only the right people are viewing and handling faxes. This limits the potential for employee error that often leads to HIPAA violations. 

You can also restrict or control which PC’s are allowed to access your account. This may be done by IP address or IP address ranges and subnet masks. SRFax also offers integration of its API into your system, optional optical character recognition (OCR), access to a secure SRFax Printer Driver, and access to the secure SRFax Downloader.

All of SRFax’s plans except for the Basic Plan allow for an unlimited number of outbound users free of charge. The plans also allow you to add users with their own unique fax number, with a small fee for these additional users. Additional users can have their own login account but will not be able to view faxes other than their own.

SRFax: Installation and Use

SRFax’s efax service is easy to use; all you need is an email account or web browser. SRFax will assign you a unique local or toll-free number. Anyone faxing a document to this SRFax number will be received by the company’s servers. 

The account can only be accessed with a valid username and password combination which are SSL encrypted. An encrypted session ID cookie is used to uniquely identify each user. While logged into our servers, all communications will be encrypted at all times. As soon as a fax transmission has completed, SRFax’s system will convert the fax to a PDF file (or TIFF file if you prefer) and then send it as an attachment to you by email.

SRFax: Cost

SRFax offers a 30 day free trial with no start-up fees or hidden fees, and you can cancel at any time. The company has tiered pricing plans that can be tailored to meet the needs of businesses of all sizes. Whether you have a small medical office or a large business, SRFax is a good option to consider because of the company’s security features. The pricing for SRFax begins at just $7.95 per month for small businesses and can scale from there to meet any volume you may need to handle.

SRFax provides you with a local or toll-free fax number, unlimited online storage and an easy-to-use fax management system that works with any email service. You can also download the SRFax Printer Driver for free, which allows you to print any document directly to fax without using email or logging into your SRFax account.

Upland InterFAX — HIPAA Compliant efax Service

InterFAX Cloud Fax: Security and Features

InterFAX is a global provider of cloud fax communications technology specializing in solutions for healthcare businesses of all sizes. This reliable, flexible cloud fax option is easily scalable for offices that are planning for their operations to grow and offers effortless implementation ideal for running a business without interruption. Also, staff from multiple offices — or even remote workers — can quickly gain access to the InterFAX Control Panel from any device, as this cloud faxing service is securely accessible anywhere via the internet. 

InterFAX knows that safeguarding patient data is a critical component of your business which is why their solution employs HIPAA and PCI DSS compliant SSL/PKI encryption for all incoming and outgoing faxes. These security measures ensure the receipt and delivery of faxes to users without compromising patient data. 

Additional security features include comprehensive audit trails, automatic fax deletion upon delivery, enterprise user management, and secure servers. The company also offers an integrated faxing platform/API and automatic fax removal, which deletes sensitive messages from the server upon delivery. InterFAX will enter into a standard Business Associate Agreement (BAA) upon request, depending on your organization’s data security requirements.

InterFAX Cloud Fax: Installation and Use

InterFAX allows you to send faxes from your computer using any email program, web-based email service, or application that can send documents as email attachments. When a fax routes from the company’s servers to your email address, you can easily filter, route, forward, print, or delete it, just like you would a standard email.

You may schedule an informative, no-pressure InterFAX demo, where one of the company’s cloud fax service experts will walk you through an overview of the InterFAX platform and features. They will also share examples of best practices and lead discussions around ways your organization can customize InterFAX to streamline communications, increase productivity, mitigate risk, and save money to meet your desired outcomes.

InterFAX Cloud Fax: Cost

InterFAX’s solution is user-friendly, with convenient set up that can be deployed in minutes so as not to interrupt your daily operations. InterFAX is highly cost-effective, with no capital costs involved with set up. Free trials are available, and you can choose between a monthly subscription plan or a prepaid package. With InterFAX, you can take advantage of simple billing services, use a credit card, or buy prepaid credits; whatever your payment method, you will pay only for what you fax.

WestFax — HIPAA Compliant efax Service

WestFax: Security and Features

WestFax features easy migration and easy porting, by migrating customers from RightFax, Ring Central, and more. They are a 100% cloud-based platform, so your company does not have to worry about extra, expensive fax server hardware. All features you need are included by default. You even have a dedicated implementation team at your disposal, so you can be sure to have a smooth transition.

In terms of security, WestFax meets or exceeds the requirements of both the Security Rule and the Privacy rule. They ensure that usernames are unique, and that each session providing access to data is authenticated. Password complexity policies are enforced to ensure that passwords cannot be guessed or compromised. They also use an idle timeout feature that will automatically log out users after a specified period of time, and existing users are required to enter their username and password.

ePHI data is isolated to servers and storage systems in the WestFax “private cloud” environment. WestFax brings comprehensive compliance support that includes FISMA High/NIST SP 800-53, HIPAA, PCI-DSS Level 1, SOC 2 Type II, and SOC 3. WestFax supports TLS protected SMTP email with an optional REQUIRE TLS extension in accordance with the IETF RFC 320 – FTPS and SFTP with TLS for safe and secure transport of documents to and from your existing servers. You can browse WestFax’s HIPAA compliant fax solutions here and read the company’s HIPAA compliance statement here.

WestFax: Installation and Use 

WestFax has an entire section of their website dedicated to how-to videos, so you can easily have any and all questions about installation and use answered. However, if you still have questions, they have a dedicated tech support team, willing to help you get moving with WestFax.

WestFax: Cost

WestFax’s basic package starts at $14.99 and it even includes a free trial, so you can see if WestFax is right for you. Prices increase from there, based on the number of faxes sent and the number of users.


In conclusion, each of these vendors offer secure, HIPAA compliant efax services. Faxage, SRFax, InterFax, Concord Cloud Fax, and Innoport all provide affordable, easy-to-use efax solutions and robust security features and infrastructure. Feel free to compare these companies on the basis of the three categories we used here, or visit their websites to learn more about which company will best fit your needs.

Have you performed a Risk Assessment in the past year? Do you have updated HIPAA Policies and Procedures in place? Our HIPAA Prime™ program does all this and more! We create customized compliance documents and provide your staff with easy online training, ensuring compliance for your business.

Want to know more about how you can become HIPAA compliant?

Our HIPAA compliance services help ensure that your business follows the basic HIPAA rules and guidelines to protect sensitive patient information. Our team of experts is dedicated to providing affordable rates and personalized solutions to help you become HIPAA compliant. We understand that navigating the complex requirements of HIPAA can be challenging, which is why we offer a comprehensive range of services to meet your unique needs. From risk assessments to employee training, we have the tools and expertise necessary to help your business achieve and maintain HIPAA compliance. Contact us today to learn more about how we can help you protect your patients, your employees, and your business.

Sharing is caring!


Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.

Download Now

Let's keep in touch

Stay up to date on the latest HIPAA news, plus receive tons of free tools and info.

Navigating HIPAA Compliance in 2023

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!


Related Posts

What is Access Control in terms of HIPAA?

What is Access Control in terms of HIPAA?

Access control, in terms of cybersecurity, refers to the practice of managing and regulating who can access specific resources, systems, or data within an organization's network or information...

Comparing HIPAA and NIST

Comparing HIPAA and NIST

In the ever-evolving landscape of data security and privacy, two key frameworks have emerged as significant players: HIPAA and NIST. Both emphasize the importance of safeguarding sensitive...

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)