We have a fax server that does not have IIS and is behind a firewall. Our Exchange server (which does have IIS and also behind the firewall) is covered by our SSL for the OWA and ActiveSync. I want to have the fax server integrate with Exchange in order to help us work towards having a smaller paper footprint. Our faxes contain PHI from insurance companies and medical facilities. I know that Outlook 2007 and Exchange OWA "encrypt" email if directed through port 443 but is it safe for sending faxes through the system or does it violate HIPAA?