Important: HIPAApropriateness reviews, including their summaries, are for informational purposes only. They are neither consultation nor legal advice. Be aware that while we do our best to be thorough and complete, information may be missing or possibly even inaccurate. Products also change quickly, and the review may become out of date. By continuing to read, you agree to use the information in HIPAApropriateness reviews and their summaries at your own risk.

Vital Stats

HIPAA compliance with this product appears possible?: Yes.
Recommend for your HIPAA risk management needs?: Probably.
This is a basic review. It does not contain a final recommendation, caveats, or usage notes. For many professionals, however, the basic information may be sufficient to make an informed choice about this product.

Relevant Product Characteristics

  • This product does not appear to have been designed specifically with healthcare in mind. Note that many products that are useful and appropriate for health care professionals are not designed specifically with health care in mind.
  • The features and/or settings for this product are different for health care customers as compared to general customers.
    • Often this means the product adjusts for health care customers in order to meet HIPAA requirements, and/or to offer features that are only useable by health care practices (e.g. Square only allows health care customers to run HSA and FSA cards.)

Our Progress Notes

The logo for SR Fax

SRFax is a web-based faxing service with a ton of high quality features at a shockingly low price for their entry-level healthcare plan, on which they will execute a BAA! We really liked their simple interface which helps them stand out in a field mostly dominated by companies that haven’t updated their design since 1999. Their support was very responsive to our requests and quite knowledgeable about the ins and outs of their security options. SRFax had many recommendations about how best to protect PHI, so it’s clear that catering to the healthcare market isn’t just an afterthought for them.

SRFax will execute a customer provided BAA, but does not provide their own standard BAA. You might, at this point, be thinking “is that a cause for concern?” and “where do I get a BAA to provide them? Providing my own BAA sounds expensive.” First, we actually see it as a positive when a company will execute a BAA of the customer’s choosing/provision and don’t insist on their own. (That said, we do not see it as a negative when a company provides their own BAA. We just advise you, as with any legal agreement, thoroughly read it — like we do — to be aware of both your responsibilities under the agreement and any exclusions of what is covered/any potential loopholes for the company that is your business associate.) Second, HIPAACOW to the rescue! HIPAACOW is a volunteer organization in Wisconsin that produces utterly amazing, highly professional work that should by all rights cost us thousand of dollars. They give it out for free, though. So take advantage! One of the many items they offer is a sample Business Associate Agreement contract. Be sure to download the one that is updated for the 2013 HIPAA Omnibus Rule: HIPAACOW Security and Privacy Documents→

To request that SRFax execute a BAA with you, you can do so on their site by clicking here and selecting “request BAA” under “topic.”

This product offers a free service tier or a free trial account:

We encourage all clinicians interested in this product to try out the free trial or experiment with the free tier to see if it suits your needs.

If you discover anything of concern that isn’t addressed in this review yet, please tell Liath about it at [email protected].


Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss