How Can I Send Faxes in a way that is HIPAA Compliant?

By default, Twilio’s Programmable Fax product stores both the to and from fax numbers, as well as the fax media. To prevent automatic storage of the media for outbound faxes, include the StoreMedia parameter in your API request, with the value of False.

This usage is consistent with HHS guidance in its Guidance on HIPAA and Cloud Computing which states the following:

The conduit exception applies where the only services provided to a covered entity or business associate customer are for transmission of ePHI that do not involve any storage of the information other than on a temporary basis incident to the transmission service.

Note: The StoreMedia option is currently available for outbound faxes only. We are working towards an equivalent inbound solution. 

StoreMedia Overview

Disabling StoreMedia in this manner tells us to only temporarily store fax media within our in-flight database during the fax transmission. Once the message has been transmitted, the fax media will be deleted, and the media will not be stored within any logs.

Important: Once faxes are sent from the Twilio network to carriers, Twilio does not retain control over data security and privacy practices. Practices may vary by carrier; Twilio cannot guarantee which carrier will be used in the transmission of our customers’ faxes.

StoreMedia Example

Here’s an example cURL script (see line 5 for proper usage):

curl -X POST https://fax.twilio.com/v1/Faxes \
--data-urlencode "To=+13105555555" \
--data-urlencode "From=+12125551234" \
--data-urlencode "MediaUrl=https://www.mysite.com/docs/contract.pdf" \
--data-urlencode 'StoreMedia=false' \
-u "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:your_auth_token"

This example will transmit the file contract.pdf from the sender (212) 555-1234 (+12125551234) to the fax machine at (310) 555-5555 (+13105555555). To make this script work for you, make the following updates, and then paste it into a terminal window:

  • Line 2 update with a valid destination
  • Line 3 update with a valid sender number
  • Line 4 update with a valid file url
  • Line 6 update with your Account SID and Auth Token.

For additional help sending faxes, please see Simple Example for Sending a Fax.

Have more questions? Submit a request
Powered by Zendesk