Canada has long been a pioneer in health care. Between developing HAART therapy for HIV/AIDS treatment, the discovery of T-cell receptors in cancer research and insulin’s role in treating diabetes, Canada has a great history of forging into the unknown, using the latest technology to advance medicine. Yet in 2019, after astounding advances in digital communications, in one area we choose to remain in the past, holding on to the false idea that paper and fax machines are the gold standards in medical communication and security.
In a recent press release, Richard Kerr, chair of the British Royal College of Surgeons’ Commission on the Future of Surgery, said “it was farcical that the National Health Service [NHS] in Britain was investing in artificial intelligence and robot-assisted surgery, while at the same time persisting in using outdated technology [notably fax machines] to communicate and share information.”
Absolutely. It’s farcical in the U.K. and it’s farcical in Canada. We have repeatedly seen the failure of the fax machine as a secure and reliable method of communication.
There is no shortage of evidence indicating just how unreliable the fax machine is. A quick search for “fax breach” on www.CBC.ca highlights just a few examples:
- In a story from 2016, a Nova Scotia business owner received “dozens” of faxed patient information, over a period of 10 years.
- A Newfoundland business owner received faxed patient lab results on multiple occasions, from 2012 to 2015.
- In 2010 and 2012, a CBC newsroom received faxes containing patient information.
However, one particular story exemplifies this unreliability. A CBC article from January 2018 detailed an ongoing issue with fax communication in Saskatchewan. Daryl Arnold, a Saskatoon business owner, received faxed patient information on multiple occasions from a local hospital. According to the article, Mr. Arnold’s fax number is one digit different than that of a physician’s office in North Battleford.
Mr. Arnold contacted the Saskatchewan Health Authority about the breach. The article reports that the authority suggested Mr. Arnold attempt to remedy the issue by either changing his fax number or configuring his fax machine to block incoming faxes from Saskatchewan Health Authority numbers. The authority indicated that “it sends faxes to so many different numbers and that its fax machine is unable to block outgoing fax numbers.”
The Saskatchewan Information and Privacy Commissioner became involved when Mr. Arnold reported the breach. The Commissioner reports that the faxes contained “highly sensitive” personal health information.
However, a fax machine’s unreliability isn’t the only problem. Another concerning issue with fax communication is encryption. To put it clearly, there is no encryption to fax communication. Everything sent via fax is clearly viewable to anyone, not just the intended recipient.
Is your fax machine in a secure location accessible only by your staff? Do you have a dedicated staff member watching over the fax machine ensuring only the intended recipient is reading the received fax? It’s almost certain the answer to these questions is no. Many fax machines are probably close to the clinic’s front desk. Depending on how many staff you have, there have probably been times when the fax machine was left unattended, open to anyone who wants to view or grab incoming faxes.
I highlight these issues for one reason: every fax we send wastes our time, our staff’s time and violates the Health Information Act (HIA) at least in spirit, if not in practice.
Sending a fax to another healthcare provider is not as simple as dialing the number and sending the pages. While most, if not all, fax machines are programmed to print off a page indicating the successful transmission of your fax, there is no built-in mechanism to inform you that the intended recipient has read your fax. Instead, you or your staff may have to send a second message, by phone or email, asking the recipient if they received and read your fax.
In another common scenario, perhaps there was an issue with the phone line, maybe the recipient’s toner cartridge failed or the printer jammed, causing the faxed documents to be unreadable. Now you or your staff must send the fax again and like before, make that additional call or send that follow-up email to see if your second fax got through successfully.
Now, let’s imagine that your first fax was sent to an incorrect fax number, which we know is a pretty common occurrence. Does that fax contain a patient’s personal health information? If it does, have you taken “reasonable steps in accordance with the [HIA] to maintain administrative, technical and physical safeguards that will protect against any reasonably anticipated threat or hazard to the security or integrity of health information”?
So before you send that fax, ask yourself what administrative, technical and physical safeguards have you taken, to ensure that the security of the faxed information from the reasonably anticipated threat of sending it to the wrong place to be read by the wrong person?
How can we continue to claim the fax is a reliable and secure method of communication when there is so much evidence to the contrary? And how can we ethically continue to use the fax when there are proven, superior alternatives?
Secure communication products for healthcare are easily available and are specifically designed to replace the fax machine. Hightail, dr2dr Secure Messaging, Brightsquid Secure-Email and TELUS Health MedDialog are just a few of these products. Not only can they replace the fax machine in your practice today, but they can also do it without the need to alter your current workflow.
For example, let’s imagine the referral process with the fax: you see your patient and determine a referral to a specialist is required. In your EMR, you write a referral letter and print it out. Next, you or your staff fax the printed letter to the fax machine in the specialist’s office. Perhaps your fax machine prints off a sent confirmation page. However, since we have no way of knowing whether the fax was received in good order, you or your staff may call or email the specialist to confirm that they have received and read the referral letter. Incidentally, an EMR is not required. Most secure messaging portals—dr2dr for instance—use a web-based platform that requires no software installation.
Now, let’s imagine that process with a secure messaging solution: you see your patient and determine a referral to a specialist is required. You write the referral letter and save it as a PDF on your computer or directly attach it to the secure message. You send the message directly to the specialist and instantly receive confirmation that the message was sent. When the specialist reads the message, the secure messaging product’s built-in read receipts mean you get notified the second the recipient reads your message.
A secure messaging product will actually save you time, by removing the need to perform a second communication with the specialist. Also, you know that the transmission was secure.
Despite the existence of superior communication methods, the Canadian healthcare community continues to use outdated, unreliable and insecure technology. When it comes to communication in health care, we continue to use a technology that is clearly flawed.
In response to repeated breaches via fax, the Saskatchewan Health Authority reported that “there will be recommendations on how to ensure this error is not repeated.” But while we wait for these recommendations, the same, repeated failures continue to occur. It’s pretty obvious what the problem—and solution—is: we need to stop using fax machines. There is no reason to continue using the fax machine in 2019 when multiple secure, easy-to-use and versatile alternatives are available.
The NHS in the U.K. has committed to removing all 8,000+ fax machines from their facilities by 2020 as a direct result of grassroots action taken by U.K. physicians. They recognized a critical vulnerability and worked together to force change.
This can happen in Canada—it must happen.
Axe the fax. Let’s make this change together.
Dr. Sandy J. Murray