by Rick Kuwahara COO of Paubox
Article filed in
Still sending PHI over fax? We need to talk
by Rick Kuwahara COO of Paubox
If you are reading this and your company is still using a fax machine to send and receive documents that include PHI, then please sit down.
We care about you.
But clearly it’s time for an intervention.We understand. There was a time when the fax machine was shiny new and fast.
That time was 1924 when Calvin Coolidge received the first wireless image on his Photoradiogram.
That’s right, you are sending patients sensitive information on a piece of technology that predates social security numbers by nearly 15 years; and we are being kind by ignoring that the first patent for what would become the fax machine was issued in 1846.
Please, you need to know that we aren’t being ageist. The fax machine is simply a bad idea in 2016.
We live in a world where encrypted emails can leave our smartphones, hit an antenna, fly to space, come back to earth, hit another antenna and then hit the recipient’s phone in the time it takes you to punch in a ten digit phone number on a plastic box sitting on top of your filing cabinet.
There are literally petabytes of data whizzing around your head while you wait for the only machine in existence still allowed to make that weird dial-up sound.
But you say fax machines are less expensive? More convenient?
Sure you could buy a fax machine for as low as 30 dollars and a box of paper for roughly 15 bucks. But what about the cost of maintaining the paperwork that is sent and received? Each state requires that medical records be maintained for a certain number of years and according to CMS.gov:
HIPAA rules require a Medicare Fee-For-Service provider to retain required documentation for six years from the date of its creation or the date when it last was in effect, whichever is later. CMS requires that providers submitting cost reports retain all patient records for at least five years after the closure of the cost report. And if you’re a Medicare managed care program provider, CMS requires that you retain the patient records for 10 years.
That’s a long time to maintain records. How much does ten years of filing cabinets, paperwork inventory and office space cost?
Guaranteed it’s a lot more than a few encrypted hard drives in a secure server farm in multiple states. Especially when you already have a host of computers, tablets and smartphones at your disposal.
Sure, fax machines are HIPAA compliant…in theory.
Yes the machines themselves typically only store phone records (phone numbers, dates and confirmations) and the idea of a phone tap to collect the data being transmitted is a bit far-fetched, but the sheet of paper with Mrs. Smith’s PHI that’s dangling off the edge of the fax machine isn’t.
Once the information is delivered there are no real technical safeguards to ensure that the information sent is protected. At best you can hope that the recipient’s fax machine (or yours for that matter) is in a secure room under lock and key, and how often does that happen?
So, what exactly is the upside of your fax machine?
Cost? Not really.
Security? Not at all.
So for the love of your practice and sweet Mrs. Smith, do us all a favor and let go of a technology that is on life support and join us in the digital age. There are lots of ways you can securely and easily send and receive sensitive information through encryption providers like Paubox.
It’s faster, cheaper and more secure than any fax machine and will change your operations for the better!