smartphone Fax medical records, Download Faxend
Download
update Last updated:

How to fax medical records, HIPAA-compliant guide

To fax medical records, verify the recipient fax number, prepare a HIPAA-compliant cover sheet, redact non-essential PHI, and use a fax service with TLS encryption and audit logging. Faxend's $2.99 pay-per-fax (no subscription) supports patients, providers, and attorneys with TLS 1.3 transmission and optional BAA.

check_circle TLS 1.3 encrypted check_circle HIPAA cover sheet auto-added check_circle Audit log for every fax
Send medical records now arrow_forward
F

Reviewed by Faxend Editorial Team

Verified against IRS.gov · View sources

Why fax for medical records

Medical record exchanges happen daily across providers, payers, attorneys, and patients. Fax remains the most universal channel because:

  • Every healthcare organization has a fax line, EHR-to-EHR interoperability is rare across systems
  • Fax has explicit HIPAA safe-harbor when implemented with safeguards
  • Specialists, imaging centers, and pharmacies frequently require fax for incoming records
  • Faster than mail, doesn't require email security configuration
  • Provides instant transmission confirmation for records release tracking

Three common scenarios

ScenarioSenderRecipientBAA needed?
Patient requesting own recordsPatientProvider, attorney, employerNo (patient sending own PHI)
Provider sharing with another providerCovered entityCovered entityBAA between fax service and sender
Provider releasing to legal/insuranceCovered entityAttorney, insurerBAA between fax service and sender + signed authorization from patient

What to include in the fax

For complete medical records release, include:

  • Cover sheet with confidentiality notice (HIPAA-required language)
  • Signed patient authorization if you are not the patient (HIPAA Form Authorization for Use and Disclosure of PHI)
  • Specific records requested, name, date range, type (visit notes, imaging, labs, etc.)
  • Patient identifiers, full name, DOB, MRN if available
  • Sender contact, name, phone, fax for follow-up questions

Send medical records securely

TLS 1.3 encryption, HIPAA-compliant cover sheet, transmission confirmation. $2.99 per fax, no subscription.

Send Now → Download iOS

HIPAA-compliant cover sheet

To: [Recipient name and organization]
Fax: [Recipient fax number]
From: [Your name / organization]
Phone: [Your phone for callbacks]
Date: [Today's date]
Pages: [Total pages including cover]
Subject: Medical Records, [Patient name + DOB]

CONFIDENTIALITY NOTICE:
This facsimile transmission, including any accompanying
documents, may contain protected health information
that is privileged and confidential. It is intended
only for the use of the named recipient. If you have
received this fax in error, please notify the sender
immediately by phone, destroy the transmission, and do
not disclose its contents to any third party.

Step-by-step: faxing medical records

1

Verify recipient fax number

Call the recipient's office and confirm the fax number, especially the first time. Misdialed faxes are the leading cause of HIPAA breach incidents.

2

Gather signed authorization (if not patient)

If you are sending records on behalf of someone else (attorney, family), include a signed HIPAA authorization. Without it, providers cannot release records.

3

Redact non-essential PHI

Send only the records actually requested. Redact unrelated patient identifiers, family member info, or unrelated visits.

4

Open Faxend.com/send

Upload the records PDF. The cover sheet template above is built in, Faxend formats it automatically with your details.

5

Enter recipient fax + your contact info

Country: United States. Enter the verified fax number. Add patient name (or MRN), your contact, page count.

6

Send and confirm

Pay $2.99 (up to 5 pages) or larger packages for longer records. Save the transmission confirmation as your release-of-records audit trail.

Patient rights to records (HIPAA Right of Access)

Under HIPAA's Right of Access (45 CFR 164.524), patients have the right to:

  • Inspect and obtain a copy of their PHI in the form they request (paper, electronic, fax), provided the form is readily producible
  • Receive their records within 30 days of request (with one 30-day extension allowed)
  • Pay only reasonable cost-based fees (no per-page mark-ups beyond actual cost)
  • Designate a third party (attorney, family) to receive records via signed authorization

If a provider refuses or delays a records request, patients can file a complaint with HHS Office for Civil Rights at hhs.gov/ocr/complaints.

Common mistakes

Sending entire chart when only specific records are requested. Send only what was asked for, broader disclosure can be a HIPAA violation.

Forgetting the confidentiality notice on cover sheet. While not strictly required by HIPAA, it's strongly recommended and your organization's policies likely require it.

Faxing to shared front-desk fax. If the recipient's fax line is in a public area, the records may be seen by unauthorized staff. Confirm the recipient has a private fax or designated PHI inbox.

Not retaining transmission confirmation. The confirmation is your proof you released records on the date you say. Keep it for at least 6 years (HIPAA retention).

Sources

Frequently asked questions

Can I fax my own medical records to my attorney?
Yes. Patients can fax their own medical records to anyone they choose without a HIPAA authorization or BAA, HIPAA's restrictions apply to covered entities sharing PHI, not to patients sharing their own information. Use a HIPAA-compliant cover sheet with confidentiality notice.
Is faxing medical records HIPAA-compliant?
Yes, when the fax service uses appropriate safeguards (encryption in transit, audit logging, access controls) and a BAA is in place between the covered entity and the fax service. Faxend supports both, TLS 1.3 transmission and BAAs available on request.
How long does the recipient have to confirm receipt?
There is no HIPAA requirement for the recipient to acknowledge receipt of a faxed medical record. Your fax service's transmission confirmation (showing successful delivery) is sufficient documentation. Save it for your records-release audit trail.
Can a doctor refuse to fax my medical records?
Generally no. Under HIPAA Right of Access, patients have the right to receive their PHI in the form they request, including fax, provided the form is readily producible. Providers must respond within 30 days. Refusal without legal grounds can be reported to HHS OCR.
How much does it cost to fax medical records?
Faxend charges $2.99 for up to 5 pages, with options for larger faxes. There is no subscription. Some providers charge their own records-release fee per HIPAA cost-based fee guidelines, but the fax transmission itself via Faxend is just $2.99.
What if I'm faxing on behalf of a deceased family member?
You need legal authority, typically as the executor or administrator of the estate, or as the personal representative under HIPAA (45 CFR 164.502(g)). Include documentation of your authority (death certificate plus executor letter) when requesting records from a provider.
Is it safer to fax or email medical records?
Fax is generally safer than standard email because the transmission is point-to-point and HIPAA explicitly addresses fax safeguards. Encrypted email (Direct messaging or TLS-secured) can also be HIPAA-compliant but requires both sender and recipient to have compatible setups.
Do I need to fax medical records, can't they be emailed?
If your provider has Direct messaging (a HIPAA-secure email standard) and the recipient supports it, that works. In practice, most providers default to fax because it's universally compatible. Many also accept secure patient portal downloads, ask your provider what options they support.
What information should never be faxed?
Genetic test results, HIV/AIDS records, mental health records, and substance abuse treatment records have additional state-law protections in many jurisdictions and may require explicit written consent before faxing. Cancer registry data and child welfare records also have heightened protections. Check state law before faxing.
Can I redact PHI before faxing?
Yes, and you should. Redact information beyond what was specifically requested, for example, redact other family members' names or unrelated visits if only certain visits were requested. Use black redaction (not yellow highlight, which can be reversed).
What if my fax fails to transmit?
Wait 15 minutes and retry, the recipient line may be busy. Verify the fax number with the recipient. If failures persist, the recipient's line may be down, call to confirm and consider mailing as backup. Faxend's confirmation page documents your attempts.
Does HIPAA require a specific cover sheet?
HIPAA does not mandate a specific cover sheet format, but a confidentiality notice is strongly recommended and is industry standard. The notice should identify the transmission as confidential, intended only for the recipient, and include instructions for inadvertent recipients to destroy and notify the sender.

Fax medical records in 60 seconds

Upload records, enter the recipient fax number, we add the HIPAA cover sheet and confirm transmission. $2.99 per fax, no subscription.

Send Records Now arrow_forward Download Faxend

Related guides

HIPAA-compliant fax app

What HIPAA compliance means for online fax, encryption, BAA, audit logging.

Fax doctor referrals

Streamline doctor-to-doctor referral workflows with secure fax.
Send fax →