Body
Overview
Learn about alternatives to analog fax services and how to choose the option that best meet your needs. This page includes a decision tree, plus more details about each recommended service.
Please Note: To learn more about why the UO recommends replacing existing analog fax lines with alternative services, please visit
Moving away from fax.
Decision tree
This decision tree guides you through the recommended alternatives to analog fax services and when to consider each option.
Decision tree: Graphic version
Decision tree: Text version
Starting prompt: "I need to send or receive documents."
- Do you interact with other entities (e.g., healthcare providers, FBI, etc.) that require the capability to send or receive documents via fax for procedural, regulatory, or business reasons?
- Yes. Proceed to Step 2
- No. Proceed to Step 3
- I'm not sure. Proceed to Step 4
- Are the entities you interact with within the US and Canada?
- Yes. Proceed to Step 5.
- No. Proceed to Step 6.
- Do you need to send and/or receive documents with legally enforceable signatures?
- Yes. Proceed to Step 7.
- No. Proceed to Step 8.
- Do you need to send or receive sensitive data such as FERPA, HIPAA, GDPR, GLBA, or PCI?
- Yes. Proceed to Step 1.
- No. Proceed to Step 12.
- You can use an electronic fax service like Sfax (fees will be incurred).
- Please note: If this option is chosen, you may have to communicate your new fax number to your senders and recipients.
- How frequently do you need to send and/or receive documents via fax?
- Often (e.g., daily/weekly). Proceed to Step 9.
- Rarely (e.g., less than once a month). Proceed to Step 10.
- You can use Adobe Sign Enterprise (fees will be incurred).
- Do you need to send or receive PCI data?
- Yes. Go to Step 11.
- No. Go to Step 12.
- If you fax often (e.g., daily/weekly), you may continue to use traditional fax services (an exception must be granted).
- Please note: This will require a phone line on the forthcoming Cisco IP phone system. We expect costs for phone lines that serve fax machines to increase from the current rate of $25.50/month to a higher monthly fee.
- If you fax rarely (e.g., less than once a week), we recommend that you use a commercial fax service (e.g., UPS).
- If you need to send or receive PCI data, we recommend that you use SharePoint.
- Do you need to send or receive other sensitive data, such as FERPA, HIPAA, GDPR, GLBA, or PCI?
- Yes. Proceed to Step 13.
- No. Proceed to Step 14.
- If you need to send or receive sensitive data, we recommend encrypted email via Outlook on the web.
- Do you need to send or receive sensitive data for collaboration?
- Yes. Proceed to Step 15.
- No. Proceed to Step 16.
- Do users need to retain access to documents irrespective of whether the file creator remains at the UO?
- Yes. Proceed to Step 17.
- No. Proceed to Step 18.
- If you do not need to send or receive sensitive data for collaboration, we recommend that you use standard email.
- If you need to retain access to documents while collaborating, we recommend that you use either SharePoint or a departmental file share.
- If you do not need to retain access to documents while collaborating, we recommend that you use OneDrive or Dropbox.
Details about fax alternatives
This section includes more information about each recommended alternative to analog fax service.
Outlook on the web (encrypted email)
You can encrypt any email sent through UOmail via Outlook on the web. To use this feature, visit uomail.uoregon.edu and log in with your UO credentials. When you compose an email, you will see an option to encrypt the message at the top of the Compose interface.
Clicking the Encrypt button uses Office 365 Message Encryption (OME) technology to encrypt the message for internal or external recipients. The encrypted email is sent as an attachment and opened in the browser itself.
To view encrypted messages, recipients can either get a one-time passcode, sign in with a Microsoft account, or sign in with a work or school account associated with Office 365.
Advantages
- This service is available to all UO staff at no charge.
- Files and other information can be accessed securely from any location or device.
- Replies by recipients of encrypted emails can also be encrypted.
- Recipients do not need a Microsoft 365 subscription to view encrypted messages or send encrypted replies.
- This option is supported by the Information Services User Support Services team.
Limitations
- Unlike some other encrypted services, you cannot restrict the user from forwarding or printing the email.
Compliance
Regulation |
Compliant? |
Notes |
FERPA |
Yes |
-- |
HIPAA |
Yes |
OK to transmit, store, or maintain personal health information (PHI).
Access logs can be obtained from Microsoft on request. |
PCI |
No |
Although SharePoint is PCI compliant, OWA is not. |
GDPR |
Yes |
-- |
GLBA |
Yes |
-- |
Cost consideration
Costs covered by UO's Microsoft license.
Adobe Sign Enterprise (digital signatures and document workflows)
Adobe Sign Enterprise allows you to send electronic documents for legally enforceable digital signatures. As such, virtually any business process that requires handwritten signatures on paper documents can be modified to accommodate electronic signatures or replace paper documents altogether.
Adobe Sign Enterprise is distinct from the Fill and Sign feature available on Adobe Acrobat. Unlike regular PDFs, Adobe Sign allows a sender to designate specific areas of the document as signature and form fields; editing rights can be restricted to specific fields for specific users.
Advantages
- Unlike the existing fax system, Adobe Sign is compliant with GDPR.
- Adobe Sign is compatible with many existing business workflows — that is, automatically sending a document to multiple reviewers or signers in a sequential order.
- Sending documents electronically can help ensure that only the intended recipients receive the information, as opposed to sending paper faxes that could arrive in a common area and constitute a FERPA or HIPAA violation.
Limitations
- Business units that adopt Adobe Sign for their processes will be billed by PCS under PCS's existing Adobe Sign license for now. Based on usage across campus, Adobe Sign may be set up as a service under Information Services for a per-transaction fee in the future.
- Business workflows need to be configured before documents can be routed to the appropriate recipients for review and signing. This may require end-user training.
- Support is currently limited to best effort. The Adobe Sign product is an additional product license, not included under the campuswide Adobe Creative Cloud license. UO units may be referred to the vendor for support, and what Adobe provides is also limited.
Compliance
Regulation |
Compliant? |
Notes |
FERPA |
Yes |
-- |
HIPAA |
Yes |
-- |
PCI |
Yes |
Excluding Adobe Send & Track (sending files as links) |
GDPR |
Yes |
-- |
GLBA |
Yes |
-- |
Cost consideration
The billing functionality in the Adobe Sign admin portal is not geared toward use by multiple departments. The PCS license covers 5,000 annual transactions and will be billed to units by PCS.
SharePoint portals (file management and collaboration)
Your unit can use Microsoft SharePoint websites to share information within and outside the University of Oregon. SharePoint is available throughout the UO as part of our existing Microsoft license. SharePoint is fully compliant with all major regulations and offers strong file management and auditing capabilities, as described below.
Advantages
- Full integration with Office 365 applications, such as Word Online. Aside from improving data security by reducing the need for file downloads, this feature also facilitates collaboration among multiple users.
- SharePoint saves file history for the duration of its existence in the system to maintain an audit trail. Users with edit access can also restore older versions of a file.
- Can retain documents permanently, or for a specified period followed by permanent deletion.
- Can use retention labels to apply retention policies to files as per regulatory requirements. Retention labels can be auto-applied according to user type, information type, keywords used, or to cloud attachments.
- Can control access rights (no access, read-only, edit, or full access) for each file for a group of users or a specific person. Can generate shareable links that work for specified users only, for university staff or for people with existing access.
- Can auto-apply sensitivity labels (watermarks) that are visible over the content of specific files, based on the file category or to specific users or user groups. Can require mandatory labeling for specific file directories.
- Can set data loss prevention (DLP) policies that scan file content for information that may violate data security and privacy regulations, such as FERPA, HIPAA and PCI-DSS. Sensitivity of these data scans can be controlled to minimize false positives or to minimize the risk of regulatory violations depending on your unit’s policies.
- This option is supported by the Information Services User Support Services team.
Limitations
-
By default, our SharePoint environment is configured to allow file sharing only within the organization. To collaborate with external users, they must first be added as guests via Outlook. Learn more at SharePoint site permissions.
Comparison with OneDrive
Please note that although SharePoint is recommended for sensitive files, OneDrive is not. Although OneDrive offers similar data security, the files in OneDrive are stored in an individual user’s account;if that person leaves the UO, access to their files will be lost. By contrast, files on SharePoint are linked to a portal, and users can retain access regardless of whether the file creator remains at the UO. [3]
Compliance
Regulation |
Compliant? |
Notes |
FERPA |
Yes |
-- |
HIPAA |
Yes |
-- |
PCI |
Yes |
-- |
GDPR |
Yes |
-- |
GLBA |
Yes |
-- |
Cost consideration
Costs covered by UO's Microsoft license.
Sfax (cloud-based fax)
Your unit may require the capability to send or receive faxes for procedural or regulatory reasons that cannot be addressed by other fax alternatives described above. For such business needs, Sfax (Secure Fax) is the recommended fax solution.
Advantages
- Sfax allows cloud-based capability to send and receive faxes from web browsers, desktops, and mobile phones. Since it sends electronic faxes, it can be used remotely and offers improved data security over paper fax. Inbound documents can be sent only to the intended recipient’s email address.
- Sfax is built around compliance with HIPAA security standards. A complete audit trail is generated for all activity that occurs on each document. Documents are encrypted (256-bit AES encryption) during transit and for cloud storage.
- Allows users to redact information from a document and sign electronically. Users can also add annotations using checks, marks, and notes.
- Administrators can control user access, manage security settings, and generate reports. Users can create private contacts and groups to minimize risk of human error in sending sensitive information to the wrong recipients.
Limitations
- Sfax can only fax documents to numbers in the United States and Canada.
- Existing fax numbers will stop working after migration to Sfax, and a communication plan may be required to ensure that the department continues receiving faxes at the new number.
- Support would be limited to what Sfax, the vendor, is able to provide, or tips from other UO units using the same service.
Compliance
Regulation |
Compliant? |
Notes |
FERPA |
Yes |
-- |
HIPAA |
Yes |
-- |
PCI |
Yes |
-- |
GDPR |
No |
Only supports faxing within the United States and Canada. |
GLBA |
Yes |
-- |
Cost consideration
Sfax does not offer an enterprise-wide license, and Information Services does not offer a cloud-based fax service. Units must therefore procure Sfax or a similar alternative via UO Purchasing and Contract Services (PCS).
References