This article is authored by Corridor’s CEO, Rob Miller
Years ago I managed a software company that sold products directly to customers, a model then known as a mail-order business. The fax machine was the primary source of revenue and our team felt deep affection for the familiar squeal of a connection being made as that sound meant purchase orders would start appearing. On busy days the fax pages would mix together with some falling to the ground like little gliders, making for a fun detective challenge to locate an expected fax that had been accidentally scooped up or delivered to the wrong desk. Receiving sensitive faxes was especially challenging and required hovering over the fax machine, blocking access to anyone until it appeared.
Fast forward 30 plus years and fax machines have been completely expunged from the business landscape – replaced by the faster, more secure and infinitely more useful digital communications paradigm.
However the healthcare industry continues to rely heavily on this “secure” technology, despite stern warnings from privacy experts including the Office of the Privacy Commissioner of Canada, “Faxing personal information may increase the risk that highly sensitive details will fall into the hands of people who should not receive them,” Consider the risks: Faxing Personal Information. The healthcare industry across Canada, including medical offices, medical clinics, dental clinics, orthodontists, chiropractor clinics, pharmacies, and hospitals employ fax machines to transmit and receive important information including patient health history, patient information, test results, doctor’s letters, treatment requests and other forms of sensitive information.
Managing the flow of fax machines is the number one source of healthcare privacy complaints in Ontario according to Patricia Kosseim, Privacy Commissioner. At the conference “Building Trust in Digital Healthcare”, held at the end of January 2023 in Toronto. Ms. Kosseim commented, “that 50 percent of the complaints about healthcare privacy breaches made to her organization in 2021 stemmed from misdirected faxes. Her agency recently completed a report which concluded that faxes have no place in Ontario’s healthcare system,” (Panel identifies threats from faxes, snooping, cyber-attacks, Canadian Healthcare Technology). At the same time, she acknowledged that faxes are difficult to eradicate from the system because they are so deeply entrenched in everyday use by clinicians. “Axing the fax is not so easy,” she said.
There are limited ways healthcare offices can ensure the control and privacy of a piece of paper generated from a fax machine or even digital images from a faxing application. Who possesses the paper, how to route it to the appropriate person and where is it currently? Creating an audit trail of the journey of the paper once it has been created is basically impossible. Faxes definitely represent the weakest link in a privacy defense for any medical office.
The dilemma for any clinic owner or privacy officer is balancing the liability risk of fax information breaches with the need to continue the flow of vital information crucial to the healthcare of patients. Plans are being enacted to rid the healthcare environment of faxes, however that remains 3-5 years away.
Protecting Patients Health Record & Personal Health Information
With faxes representing such a vulnerable point in the privacy chain, the only viable strategy is to be diligent in protecting patient privacy and reducing risk by educating staff on proper procedures for handling sensitive information. What constitutes a privacy breach and how to prevent them must be practiced daily.
Comprehensive and regular training with course content authored by leading subject matter experts is the best way to protect your patients personal health information and ensure that your clinic is following all regulatory guidance regarding patient privacy. Quality privacy training with annual refreshers is the right way to protect patients, patient information and reduce risk of a privacy breach. Corridor Interactive is your partner to provide evidence based, premium online privacy training to stay compliant and reduce risk.
