Frequently Asked Question

Is Clearfly's fax service HIPAA compliant?
Last Updated 3 years ago

Clearfly's cFax service supports several configurations that are HIPAA compliant.

  • Secure ATA - Faxes are sent and received by a fax machine directly connected to the secure
  • ATA via a standard telephone cord. The ATA utilizes HTTPS via an Internet connection to encrypt all communication between the ATA and the cFax servers. When a fax machine sends a fax to the ATA, it is received by the ATA, transmitted via HTTPS to the cFax servers, and is then AES-256 encrypted at rest. The encrypted fax is not accessible by Clearfly personnel. The encrypted fax is then transmitted by cFax servers to the destination fax number via the PSTN. This process is reversed for incoming faxes.
  • Email - Clearfly's cFax servers support opportunistic TLS for sending and receiving faxes using
  • email. This allows cFax email communications to be encrypted when the user’s email servers support TLS. As with the ATA, all faxes are AES-256 encrypted at rest and are not accessible by Clearfly personnel. Outbound faxes are sent as an attached document emailed by the user to the cFax servers via a connection supporting opportunistic TLS. The fax is then decrypted and transmitted by cFax servers to the destination fax number via the PSTN. This process is reversed for incoming faxes.
  • Hybrid Email/Secure ATA - Users receiving inbound faxes via email have an option to configure a password on their cFax account which automatically
  • converts every inbound fax into an AES-128 encrypted and password-protected PDF document before being emailed as an attached file by the cFax servers to the user. The user configures the password needed to decrypt the document using the Portal. By using this feature for inbound faxes and the secure ATA for outbound faxes, a cFax user can still have security measures in place even when their email servers do not support TLS.

A HIPAA Business Associate Agreement (BAA) is available from your account manager upon request.

Please Wait!

Please wait... it will take a second!