Solving the Complexity of Compliant Use of Fax in Healthcare

Using fax to share patient information impedes effective and safe coordination of care, and does little to protect patient privacy when used conventionally. If you were to follow the guideline for using fax to share patient information safely published by the OIPC of Alberta you’d likely give up on fax as too cumbersome and costly right away. In fact, if most practices look at their fax procedures, I think they’d discover that they aren’t complying with privacy laws. Read on to learn what you’re doing wrong and to find an easier way. You’ve likely been told that your office uses fax because it’s compliant. However, fax technology itself is not compliant, it actually exposes patient information quite easily. There are policies and procedures you must put in place around your fax machine to ensure patient information is protected. To reduce the risk of accidentally disclosing patient information when using a fax machine in healthcare, the OIPC recommends (in part) the following:

• “Before sending a fax, check that the receiver’s number is correct.”

This is excellent practice. True confirmation of the number should be done by calling the recipient as it is the only way to know if your records are up-to-date.

• “Always confirm the receiver has taken appropriate precautions to prevent anyone else from seeing the faxed documents.”

In practice, this requires you to call in advance of each fax to question recipients about the safeguards they have in place. If they haven’t taken proper precautions, you can’t send them a fax and still comply with the law no matter what precautions you take on your end. What if they’re unable to answer the phone, do you wait to send the fax?

• “Call the recipient to verify that he or she received the complete transmission.”

With this action, sending a fax has two phone calls added to the effort required to be compliant. Many clinics do follow up with faxes sent but only when there is no word back from the receiver after a certain length of time.

• “Any fax machine used to send or receive personal information should be kept in a location where unauthorized persons cannot see the documents. If there is no appropriate locations someone should be watchful of the machine while in operation.”

There are two complications here. First, while the majority of faxing may be done by one person in the back office of your clinic, locking away the main method of communication adds time and effort to the job of many staff. Second, requiring the fax machine be monitored while sending or receiving communications takes attention away from important tasks within your clinic.

• “Try to arrange a time to receive faxes containing personal information so you can be at the machine as they arrive.”

This is a volume issue. How many faxes to you receive in a day, and how likely are all the the clinics sending you faxes to respect your allotted fax receiving window? How would respecting this request from other clinics impact your processes?

• “Ask the sender to make sure you must supply a password to retrieve the document.”

This gets complicated for clinics. There are requirements for technology to support this functionality as well as training on both sides to ensure staff are able to comply with this guideline.

• “Be aware the your fax number can be re-assigned once you have given up the number.”

When a clinic shuts down or changes numbers, those numbers will be given to other businesses without notifying all of the people with that number programed into their fax machines that the recipient has changed.

eFax is not the answer:

While the advent of eFax has solved a few of these problems, fax is fax. The issue with changing or misdialing numbers prevails. As does the fact that you can only send or receive as many faxes as you have fax lines at any one time - and most clinics still have only one. Fax lines cause bottlenecks in clinic productivity that often see faxes left in the send pile for too long, or forgotten altogether. When fax servers go down or malfunction, all received but not delivered faxes are lost without record or notification going to the sender.

Eliminate complexity from compliant clinical communication.

There is a replacement for fax that alleviates the extra work required for compliance as well as the productivity hazards of relying on a limited number of fax lines. Secure email offers all of the advantages of efax, and provides the additional benefit of never blocking communications or getting lost. OIPC accepted secure email programs are safe to use when sending patient information and offer efficiency and ease of use. Well designed secure email services look and function just like email from the user’s perspective but protect patient data in a way that traditional email can’t. Secure-Mail, a service offered by Brightsquid, delivers the added benefit of blocking malicious software like ransomware that can quickly shut down clinics and expose data to unknown perpetrators. The Brightsquid service enables fast, modern communication between all members of the healthcare team, including patients. There are no concerns that someone isn’t properly equipped to receive your message. People you want to share information with don’t even need to have an account, a free one will be created for them when you invite them to the system. Technology is here to make your life easier and aid in the efficient and effective coordination of care. If the technology you’re using requires extra effort to ensure compliance with the law, it’s time to look for other options that can accelerate communications and increase your ability to provide the best quality care.