Fax machines can provide a unique service. Anything manually faxed from one fax machine to another one is secure. It's not hackable in the way e-mail is. Since it's sent over a phone line there is no record of the file on any computer, server or PC, anywhere.
While the FBI could probably tap your line and capture any faxed documents, but that’s highly unlikely unless you are a major criminal.
Online faxing has that issue of everything being sent to an e-mail account and being hosted on an e-mail server somewhere. So, it could be compromised in the same way that any e-mail account could be. Thus, the original machine to machine technology looks great today. It's still used in various secure environments today for that very reason.
The way faxes are secured in the digital world is thru a ‘secure portal’ access. In the medical field, there is a regulation for HIPAA Faxing. The fax is only accessible through a password-protected portal. You get a notice that you received a fax and then you have to log into a secure portal to retrieve the fax. That helps protect against an unauthorized user, or employee. However, common practice is that once the fax is retrieved the user saves it on their local computer. If the computer gets compromised the fax is there for anyone to see. So, machine to machine faxing is the only reliable way to secure a document.
In the medical field, doctors offices are known for hiring their admin staff at close to minimum wage. Some offices outsource their medical billing to processors overseas. These employees have discovered a second income stream; selling patient ID’s on the dark web using their cell phones. The current value of a matching social security card, date of birth, etc. is about $5-. With 20 patients a day they can earn and additional five hundred dollars a week. So, while your medical information is probably secure, these offices are not a safe place for your personally identifiable information.