Question: Our office recently switched to receiving faxes electronically. What is the best way to secure the information that’s being sent and received? South Dakota Subscriber Answer: Once a fax becomes electronic, it is considered electronic personal health information (ePHI). Therefore, you must develop proper access controls so that only authorized users can see that document. Best practice: Store faxes on a central server where users have the ability to know who the fax was destined for, and ensure that the server is well secured and protected. Remember: You must protect outbound faxes, too. Tip: Establish a validation procedure so that if a patient asks you to fax her something, you can determine that it is an authentic request. Bottom line: What you don’t want is someone to just call up and obtain confidential information. Make sure that you have procedures in place to ensure that you send faxes to the right place. And when an e-fax is received, be sure it has the same protections as the rest of your ePHI.