PIPEDA | PHIPA Compliant Faxing

Secure your EMR, Pharmacy, and Physician Clinics Faxing.

If you are looking for a streamlined electronic fax solution, including integration with your existing EMR system, AFAX has got you covered.

AFAX follows and complies with guidelines set aside by the IPC (Information and Privacy Commissioner of Ontario) for the Personal Health Information Protection Act (PHIPA).

To comply with those guidelines, we have implemented all security measures necessary for the privacy of any information storage or transfers within the AFAX™ Platform, including the account holder’s information and all electronic fax documents.

Security and privacy measures are fundamental to our application infrastructure; we use our proprietary software code and safeguard application data using industry-standard firewalls. We utilize unique encryption keys for every faxed document stored on our servers, and access is restricted to document owners or other authorized account holders.

To keep your faxes secure in transit, we work with trusted technology partners for our data communication and telecom requirements. We have designed and implemented multi-layer authentication security to the AFAX web portal and for our enterprise customers using Windows / macOS applications to access AFAX services.

Here is a summary of the steps we have taken to ensure PHIPA compliance:

Start Free Try Now

Application Security 

AFAX software and applications are built considering all security aspects of modern software development methodology.

Our core application is developed in-house using our software engineers, not outsourced.

We are not using any open-source or third-party applications which are obsolete or deprecated. This allows us to ensure the security of all aspects of our application and software utilities exposed to the public.

User Authentication

Access to Fax documents is only possible through multi-layer authentication and authorization. The use of unique account numbers, passwords, and multi-factor authentication schemes keep your account secure.

 All intranet and internet communication channels are secured via 256 Bit SSL Encryption.

Organization Safeguards
The unique encryption algorithms and methods used within the AFAX Platform do not allow access to the content of the fax documents except for the account holder and other authorized users added to the account by the holder.
Our support staff, including our software developers and system engineers, can only access the fax
 metadata¥ for troubleshooting and feature implementation purposes.
¥ Fax Metadata includes information found in the fax header: the recipient(s) fax number, date or duration of the fax, the status of the fax, or any reference number(s).
Physical Safeguards

Our facilities and data center is located in Canada. Our physical building has 24x7 security, secure room access, and locked cages. We keep redundant data backups in the event of system failure, and all electrical power sources are protected with generators and UPS. 

Availability, Reliability, and Backup

Most of our system infrastructure is built and implemented on redundant platforms to avoid permanent data loss whenever the technology is available.
We keep backups of customer data in remote storage with the same encryption and security access measures as our leading site.

Optout Storage Option

We provide our customers with the option to opt out of storing their fax documents with us. This means that our system will only retain the fax document for the duration of the fax transmission plus any period required for successful customer notifications.

Optional Encryption

AFAX provides our customers with an added layer of security by allowing the optional use of personal encryption methods, including PGP encryption.
Please contact us if you require more detailed information on encrypting your faxes.


Perimeter Defense | Operating Systems

Our network is secured by industry-standard firewall applications and monitored by intrusion detection systems in real-time.

We keep all of our hardware firmware, BIOS, and Operating Systems up-to-date by applying the vendor’s recommended security patches. All necessary system software and applications are password protected with limited remote access to technical support personnel.