HHS – April 2002
INSURER:  How are we supposed to do business under this Rule?  It would prohibit doctors from faxing information to us, or to each other, or to their patients.
The Rule does not prohibit faxing of individually identifiable health information.  Covered entities must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of PHI.
FALSE !
FALSE!   The Rule does not prohibit faxing of individually identifiable health information.  Covered entities must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of PHI.

“Reasonable safeguards” mean that covered entities must make reasonable efforts to prevent uses and disclosures not permitted by the rule.  For example, a fax machine on which a provider or plan routinely receives identifiable health information probably should not be placed in a public location that would allow inappropriate access to the information (e.g., in the waiting room or public hallway).