Recently Asked Questions (RAQs)

In this RAQ’s section 2, “Libraries, Fax Lines, and HIPAA,” you say, there is NO CIRCUMSTANCE under which a public, academic or public library should be engaging in a HIPAA-governed communication.” You also say, “If your library is not transmitting this type of information, you can stop sweating about HIPAA, even if patrons are using your fax to send it.”

Just so that we are crystal clear: this means that if patrons need to use a fax machine to correspond with a doctor’s office, it’s okay as long as they are the ones who physically use the fax machine? If they require help, can staff tell them how to use the machine as long as we don’t handle the physical documents?

We are uncertain how to proceed with further digitization of our college’s student newspapers. Currently, the newspapers published between 1948 and 2016 are digitized. They were made available online through a page hosted on the college’s website as well as the NYS Historic Newspapers database.

Since the mid-2010s, articles from the newspaper have been published simultaneously online and in the print edition distributed across campus.

The college’s administration received a complaint from a company called Copytrack regarding two images used in past issues of the paper. The college’s response was to scrub the images from the online archive of past issues and restrict access to the archives, effectively removing the entire digitized collection of its archives from the newspaper’s website.

However, since the issues in question were from 2017 and 2018, the digitized collection still remains intact on NYS Historic Newspapers, where the library has it hosted. We’re uncertain what weight this complaint from Copytrack holds and hope to digitize the remainder of the publication soon, within the bounds of copyright restrictions.

After this copyright complaint, is it advisable to leave the collection in NYS Historic Newspapers and continue adding to it, or should we plan to take it down and only digitize future copies for in-house preservation purposes?

We currently offer a service that collects older static PDFs of library/research content and provide faculty with a URL (or permalink) to that resource in our library’s digital collections. This service provides the following enhancements:

• Increases accessibility as links will always test as accessible in Brightspace (DLE/LMS)
• Enhance student discovery of library resources.
• Provide more accurate usage metrics that influence library subscription decisions.

Occasionally, we come across an old scanned PDF of a book chapter or scholarly article that we do not subscribe to.

Our question is: If we publicly offer to remediate (as best we can) published content that we do not subscribe to or own so that faculty can place an accessible version of them in their course shells, are we violating copyright? Keep in mind these materials would only be shared with students of specific courses and would be available only through the learning management system that requires a login.

Outside of best practices for staff handling of sensitive documents, are public libraries otherwise bound by HIPAA, FERPA and SOX when sending faxes for patrons, in terms of the privacy protections provided (or not) by the type of fax technology?

Our library currently uses a traditional standalone fax machine (staff mediated) to send and receive public faxes across a dedicated copper phone line, so there’s a direct connection between receiver and sender, maintaining privacy during transmission. Faxing remains a popular service here largely for that reason -- patrons are often told by the fax destination that documents must be sent via fax and not scanned to email.

We’ve been told that copper phone lines will soon be eliminated, so we’re investigating fax-to-email services, which are cheaper than our current method and can use our public copier as the faxing device. However, the Forbes article linked below says faxing by email does not offer privacy protections: “Virtual fax introduces an intermediary into the fax process; there’s no direct connection between the sending and receiving parties. This can be problematic if your business has certain regulatory compliance requirements to support (for example, HIPAA, FERPA and SOX).” The article cites an encrypted kind of fax by IP, “T.38 Fax Lines,” which we suspect would not be cost effective for us.

Are libraries bound by HIPAA et al in the type of faxing technology they can use?

I’d like to ask this as generally as I can so that the answers are as applicable as possible, but I’m writing from a small college library in NY, so I’d like to get a sense for myself and my staff about what our rights, obligations and protections for students and patrons are as Librarians in the event of a “visit” or raid by Immigrations and Customs Enforcement.

We haven’t received guidance from our institution and we’re a small place, but want to be prepared in case our students or staff are targeted.

What are we required to do? What is ICE currently allowed to do on a college campus or in a library? How can we protect our students from these actions by ICE?

I don’t know and wouldn’t ask about a student’s immigration status, but I know for instance that we have graduate assistants and Faculty who are here on visas and who are non-white.