Is Fax Secure?

“Change happens when the pain of staying the same is greater than the pain of change.” Uber-life coach, Tony Robbins, probably wasn’t thinking healthcare and fax security when he uttered these words, but he could have been!

So, is fax secure?

Despite recent headlines about fax security, fax-related data breach vulnerabilities and the growing momentum of CMS’s Axe the Fax movement, physicians are clinging to the fax as Western Union clung to telegrams well into the telephone age.

Different from the charm and personal intimacy that gave the telegram life beyond its measurable productivity, the case for prolonging the life of the fax has been largely undermined by revelations that fax’s iron clad security is more perception than reality.

Clearly, the pain of transitioning off the fax is, for many healthcare providers, far greater than then pain of allowing it to coexist amidst a tangle of aging and vulnerable communications technologies.  Practitioners that have, by conscious decision or by inaction, opted to stay with fax should heed the experience of their peers that have abandoned it.  Among their stories:

  • Misdirected faxes failed to reach their intended destination
  • Faxed medical directives arrived at the destination endpoint but sat in an inbox and weren’t acted upon on a timely basis
  • Transcribing faxed records to EHR resulted in unacceptable data entry errors

With a few exceptions – including a patient who died after his urgent hematology results were faxed to the wrong number – the harm resulting from the aforementioned mishaps haven’t dialed-up the pain to a level of change-inducing suffering.

Where other pain stimuli have failed to effect change, government initiatives aimed to hit where it hurts most – providers’ bottom lines – seem to be having an impact.

Prior to CMS’s EHR Incentive Program (aka: Meaningful Use/Promoting Interoperability) referrals – the life’s blood of any medical practice – were routinely and almost universally exchanged by fax.  Thanks to payment incentives around inpatient care transitions, the referral function has migrated from the fax to the EHR.

Since EHR-originated data is structured in a standards-compliant (C-CDA) format different from the static, scanned images transported by fax, the fax-to-EHR migration is more than a modification in exchange endpoints and method.  It represents a sea of change in data liquidity and mobility enabling a new model (health information exchange or HIE) for sharing clinical data.

Referrals are a two-way street, and with hospitals the lead change agents, trading partners that resist the fax-alternative movement do so at serious risk to precious revenue streams.  While some hospitals may drop or downgrade referral partners that don’t offer fax alternatives, Sutter Health, a California-based Health System has a more accommodating approach.

Describing Sutter Health’s adoption of Direct Secure Messaging as an alternative to fax, Referral Program Manager Christopher Mack, commented in a recently published interview that “If we get a secure fax and we recognize that the fax is coming from a referring provider whose electronic records might have Direct messaging, we make a call out to them and try to engage them so that they understand that there might be more efficient pathways. And just that explanation alone can be transformative for the referring provider.”

Fax users that might be counting on the uptake of Direct Secure Messaging and other alternatives to slacken as CMS incentive programs run their course should think again.  According to Sutter Health, Direct Messaging exchange cut the length of the referral processes from several weeks to a few days.  The resulting time savings and speed of care delivery make a compelling business case with a measurable return on investment (ROI).

To learn more about alternatives to fax, please check-out these reference materials:

Fax Free Healthcare. CMS’ 2020 Vision blog

21st Century Data Sharing Techniques for Healthcare whitepaper

Direct Secure Messaging datasheet

HIPAA compliant email encryption

Share This