PHIPA

Trusted Faxing for Healthcare Providers

AFAX™ is purpose-built for healthcare professionals, from solo clinics to multi-site hospitals and pharmacies, who need secure, reliable, and PHIPA-compliant faxing. It offers a fully digital faxing experience that is secure, efficient, and compliant with Canadian healthcare standards.

Whether you’re faxing patient charts, prescriptions, referrals, or lab results, AFAX ensures your communications are fast, encrypted, and compliant with all applicable healthcare privacy regulations.

PHIPA & PIPEDA Compliance by Design

AFAX™ is developed to meet the highest standards of privacy and security required for handling personal health information (PHI) in Canada. We are fully aligned with both the Personal Health Information Protection Act (PHIPA) and the Personal Information Protection and Electronic Documents Act (PIPEDA), as well as the oversight and guidelines provided by the Information and Privacy Commissioner of Ontario (IPC).

To safeguard your data and ensure compliance, AFAX incorporates:

• End-to-end encryption (TLS in transit, AES-256 at rest)

• Unique document-level encryption

• Secure storage in Canadian data centers

• Access control policies and full audit trails

• Administrative tools for compliance oversight, access logging, and incident readiness

These protections are crucial for healthcare providers, pharmacies, and other regulated organizations that handle sensitive personal health information (PHI).

 Built for Interoperability with Clinical and Health IT Systems

AFAX is designed with flexibility in mind, enabling integration into a wide range of healthcare and enterprise systems.

We support various integration pathways and are actively working toward deeper interoperability with platforms such as:

• Electronic Medical Records (EMR)

• Electronic Health Records (EHR)

• Pharmacy Management Systems

• CRM platforms

• Custom or proprietary enterprise software

While full native integration may not yet be in place for all systems or service providers in the market, our platform offers:

• A secure and developer-friendly RESTful API

• Options for secure file transfer (SFTP), email-to-fax, or hybrid workflows

• Custom integration support based on partner requirements

We work closely with healthcare organizations to ensure fax workflows can be automated and embedded effectively, even in complex or legacy environments.

Audit Trails, Access Controls & Secure Collaboration

Maintain complete visibility and control with AFAX’s built-in compliance features:

• Timestamped delivery and receipt logs

• User activity tracking

• Role-based permissions to restrict access

• Audit-ready reports for internal reviews or compliance audits

• Encrypted transmission history for full accountability

These features support proactive compliance with PHIPA and PIPEDA by maintaining secure and auditable access to all transmitted data.

Scalable for Clinics, Pharmacies, and Hospitals

Whether you're a solo practitioner, pharmacy manager, or part of an extensive hospital network, AFAX adapts to your team structure:

• Multi-user and department-based account management

• Secure access for remote and mobile staff, with role-based user control

• Centralized administration dashboard for compliance oversight

• No hardware or phone line requirements, fully cloud-based

Ready to Secure Your Faxing Workflow?

Join hundreds of healthcare professionals across Canada who trust AFAX for secure, digital faxing.

➡️ Start Try It! or book a demo today to seebyAFAX can work for your clinic, pharmacy, or healthcare organization.Start Free Try Now

Application Security 

 

AFAX software is developed entirely in-house by our Canadian engineering team, following modern secure software development methodologies. We do not outsource development, ensuring complete control over code quality and security.

We avoid using obsolete or deprecated third-party or open-source applications, which allows us to maintain tight control over the security of all components exposed to the internet.

Our development practices prioritize secure coding, regular code review, and vulnerability testing to safeguard user data and system integrity.

User Authentication

Access to fax documents is protected through multi-layer authentication and authorization mechanisms, including:

• Unique account numbers and strong passwords

• Optional multi-factor authentication (MFA)

• Role-based user access controls (RBAC)

All communication channels, both intranet and internet, are secured using 256-bit SSL/TLS encryption, ensuring secure data transmission at all times.

Organization Safeguards

 

AFAX enforces strict internal access policies to protect user data:

• Only the account holder and authorized users (added by the holder) have access to fax content.

• AFAX staff, including developers and support engineers, do not have access to fax documents.

• When needed for troubleshooting or system performance analysis, AFAX staff may access fax metadata^¥ only, which includes:

  • Fax number (sender/recipient)

  • Date and time of transmission

  • Fax duration and status

  • Transmission ID or reference numbers

This limited access ensures compliance with privacy regulations while allowing operational support.

Physical Safeguards

AFAX infrastructure is hosted in secure Canadian data centers that include:

• 24/7 building security and monitoring

• Controlled facility access (secured rooms and locked server cages)

• Redundant power systems, including UPS and generators

All systems are protected against physical threats, ensuring continuity and compliance with Canadian data residency requirements.

Availability, Reliability, and Backup

AFAX is built for high reliability, availability, and fault tolerance:

• Core infrastructure is deployed across redundant systems to mitigate the risk of service interruption or data loss

• Encrypted backups of customer data are maintained in off-site, secure locations

• Backup environments use the same encryption standards and access policies as our production systems

This ensures continuous service and recoverability in case of system failures.

🧾 Opt-Out Storage Option

AFAX gives customers control over how long their fax documents are stored:

• Users may choose to opt out of long-term storage, meaning faxes are retained only for the duration of delivery and related notification processes.

• After successful transmission and delivery confirmation, the fax document is automatically deleted.

This option provides additional flexibility for clinics and organizations with strict data retention policies.

🔐 Optional Encryption

For enhanced privacy and control, AFAX supports optional customer-managed encryption, including methods such as PGP.

• Customers can use their own encryption mechanisms to secure fax content before transmission further.

• Contact our support team for assistance with enabling or configuring this option.

Perimeter Defense | Operating Systems

 

AFAX’s infrastructure is protected by a combination of network-level and system-level defenses, including:

• Industry-standard firewalls and real-time intrusion detection systPlease reach out to our support team for helpof all operating systems, firmware, and BIOS based on vendor recommendations

• Restricted and password-protected remote access, limited only to authorized technical support personnel

This layered defense approach ensures the integrity and resilience of our platform.