Using InterFAX for privacy-sensitive content, such as patient information

Some users – such as US healthcare entities who are required to abide by HIPAA guidelines and EU data processors who are required to abide by EU Data Protection regulations – have enhanced privacy requirements from messaging providers, such as InterFAX.

NOTE: This process should be implemented when sending sensitive data that does not require any higher form of compliance – such as PCI-DSS (read more).

In anticipation of such requirements, InterFAX has have implemented several privacy-enhancing features and procedures, and suggest that you apply the following measures:

  1. Use SSL to send your message – We enable and require SSL-secured communication to our REST API at https://rest.interfax.net/ and our SOAP API at https://ws.interfax.net, so that private information can be submitted securely for faxing.
  2. Use the ‘delete fax after completion’ feature – This setting may be selected through your account sending preferences. It is intended to keep privacy-sensitive information on our servers no longer than is necessary to send a fax or to announce its failure (several minutes). When set, images of faxes sent through the service, as well as temporary files, will immediately be deleted from our servers upon completion.
  3. Don’t place private information into any data fields – Make sure that private information is only present in the body of your outgoing fax, and not in any URL parameter. All other parts of a transaction are retained indefinitely for billing purposes, so don’t insert confidential information anywhere except in the fax itself.