Protected Health Information (PHI)
Faxtone is a secure, digital fax service over internet. Naturally all security measures and mechanisms are taken care to ensure that your faxes are secure when being transmitted from your desktop to Faxtone server or vice-versa.

Further, most important feature of Faxtone is the facility to send and receive faxes through email. Because of this all the required email security is taken care so that the HIPAA complaince requirements are met.

HIPAA defines PHI as the health information of an individual that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual. Individually identifiable health information includes many common identifiers such as name, address, birth date, Social Security Number, etc. Individually identifiable health information relates to the past, present, or future information regarding:
HIPAA HITECH legislation and etransmission of PHI - Important factors and main safeguards:
Administrative Safeguards:
  • Security Management Process. MDofficeMail has identified and analyzed potential risks to information and has implemented security measures to reduce risks and vulnerabilities. Faxtone will continue to analyze new threats and take appropriate steps.
  • Security Personnel. MDofficeMail has designated a security manager who will be developing and implementing security policies and procedures.
  • Information Access Management. Access to any information on the MDofficeMail system requires appropriate privileges.
  • Staff Training and Management. Our staff consists of dedicated personnel who are appropriately trained and managed.
  • Quarterly Evaluation. Network security scans are performed. Periodic assessment of our procedures and policies is done.
Technical Safeguards:
  • Access Control. This includes Unique User Identification, Emergency Access Control, Automatic Logoff, and Encryption and Decryption.
  • Audit Controls to track user access and file access.
  • Person or Entity Authentication
  • Transmission Security including Integrity Controls and Encryption.
  • Device and Media Controls including data backup, data storage, and data disposal.
Physical Safeguards:
  • Device and Media Controls including data backup, data storage, and data disposal.
Where can I find the official document for the Federal HIPAA HITECH legislation?
The HITECH legislation is Title XIII of the 2009 American Recovery and Reinvestment act. It can be found on page 112 in the official document at:
Is it secure to send and receive fax through a secure email? Is that HIPAA compliant?
The Security Rule of the original HIPAA legislation permits Covered Entities to use email as a way to electronically transmit protected health information (PHI) and requires that steps be taken to protect those transmissions. The requirements are detailed in the Technical Safeguards of the HIPAA Security Rule, section 164.312
How Faxtone is HIPAA compliant when it is used along with MDofficeMail?
MDofficeMail (and in turn Faxtone) is HIPAA compliant by virtue of the following features:
  • HIPAA Business Associate Agreement is signed with accounts.
  • SSL connection is strictly enforced for all services, both at sender’s end as well as the recipient's end, which cannot be modified even by the Domain Admins.
  • Encryption is strictly enforced for all outbound messages.
  • Messages can be viewed or downloaded only through an SSL connection.
  • Recipients can reply securely without having a secure email account.
  • Facility to validate new recipient. New recipient needs to enter a 6-digit code to access email received. This randomly generated, recipient-specific code can be provided only by the sender.
  • Minimum password length and complexity is enforced.
  • Automatic Webmail session timeout is enforced.
  • Emails sent to MDVault can be force expired at anytime.
  • Emails sent to MDVault will automatically get deleted after a fixed time.
  • Automatic session timeout is enforced for message viewing page of MDVault.
  • Legal archiving: All the emails are archived remotely for a specified length of time, which can't be edited or deleted.
  • Emergency Access Procedure: PHI in email communications can be accessed from any location via the Internet. There are also mechanisms for authorized administrative to access account data.
  • Audit Controls: Audit reports of all logins to WebMail, POP, IMAP, and SMTP services are available to administrators. The reports include the date, time, and the IP address from which logins were made.
Is a dedicated server required for HIPAA email compliance?
No, there is no explicit requirement. HIPAA law is 'technology neutral' in that it makes no specific requirements for the implementation of technical security, e.g. the level of encryption (128 bits or 256 bits), the encryption type (RSA, AES, etc.), the level of auditing, etc. The security restrictions MD Officemail enforces ensure that your shared hosting account meets the Technical Safeguards of the HIPAA Security Rule.
User Login
User Name
Forget Password?
All Rights Reserved @ 2013