You can get almost any product in the world online. You can order food from your favorite restaurants on your phone. You can get psychiatric consultations, telehealth services and meet the love of your life by swiping right on the appropriate apps.
But when it comes to transferring patient health information (PHI) between providers, far too many enterprises are still choosing to "swipe right" on the fax machine.
This ancient secret of physicians' clinics, skilled nursing facilities and assorted other providers became the center of discussion on August 6, when the administrator of the Centers for Medicare and Medicaid Services, Seema Verma, called upon doctors' offices to completely eliminate fax machine usage by 2020.
For those outside of the health care and health IT worlds, this seems like a no-brainer. Yet many providers have held onto this antiquated system of communication for decades -- in part out of comfort, in part out of wanting to keep an ironclad grip on their patients’ records.
That’s changing with the continued calls for interoperability and patient transparency from CMS, but those of us in the health care IT sector understand migrating away from fax isn’t as easy as flipping a switch. At least three critical IT challenges need to be surmounted first.
Many physicians' offices and larger health systems point to the rules of the Health Insurance Portability and Accountability Act (HIPAA) as one of the holdups to eliminating fax entirely. These fears are not unfounded. In early August, TechCrunch ran a report detailing myriad cybersecurity threats lurking in the modern health care system, including phishing, ransomware and attacks that target the internet of things (objects such as imaging equipment and patient monitoring devices, that possess online connectivity).
The fax machine is sometimes seen as more secure precisely because of its analog status in a digital world. Cyberattackers have set their sights on digital ecosystems, so the thinking is that these communication dinosaurs provide a bulwark against Phishing.
But let’s think about that. Is a fax sent to a random number, where anyone could walk by and pick up the paper, secure? How do you know the number hasn’t changed? HIPAA allows the transmission of fax with reasonable safeguards, but too few providers take into consideration what these safeguards actually entail.
Typical steps include affixing a mandatory cover sheet that explains the sensitive nature of the incoming fax, verifying fax numbers on a regular basis, preprogramming commonly used fax numbers and keeping one’s own fax machine in a secure location accessible only to appropriate staff members, just to name a few. How many facilities can honestly say they take all of these steps?
Cybersecurity is an ongoing battle with the threats facing hospitals, and it will continue to occupy a necessary place in the budget. Investments in cloud infrastructure, two-factor authentication and other advanced security protocols are necessary, and physicians' offices need to examine their budgets to make room for these investments.
Think this sounds too expensive? It’s also important to weigh this implementation cost against the per-fax rate each facility is currently subject to. Make sure when calculating your prospective IT security investment that you take the very real costs of paper and page transmission into account.
The Late Bloomers
In Geoffrey A. Moore’s seminal work, Crossing the Chasm: Marketing and Selling Disruptive Products to Mainstream Consumers, he sets up a scale of adoption for new technology that moves from the innovators and early adopters all the way to laggards, those who need to be pulled kicking and screaming into the modern era.
Unfortunately, health care is officially the laggard when it comes to adoption of electronic communications of PHI.
Health systems that have gone all-in on digital communication still need to communicate with the laggards using a fax machine. The good news is this has an easier solution than the ongoing cybersecurity arms race. Numerous applications can send a fax to an email address and send an email directly to a fax number.
Adoption is straightforward. You purchase your preferred solution, pay a flat monthly rate for a certain number of pages (with a predetermined per-page rate for anything over that) and you’re good. Looking for the perfect solution? PCMag has a great comparison right here, taking into consideration cost as well as ease of use and other factors.
This technology is a great way to bridge the gap as you wait for the laggards to adapt to digital messaging.
If I’m sending an email between a Windows laptop and a Mac, that email will go through. So why should sending PHI be any different?
That’s really the ultimate goal of CMS and its crusade against the fax, but it’s also the trickiest to accomplish. The drive toward interoperability has led heavy hitters in the EHR space like Cerner, Epic, VistA and others to invest billions of dollars into creating interoperable platforms that can transmit data securely between one another, according to the Fast Healthcare Interoperability Resources (FHIR) Specification.
The best solution for physicians' offices and other health care entities is the simplest: Begin the process of moving everything over to an EHR and getting rid of paper faxes entirely. Choose an IT solution and stick with it.
That means long nights of scanning documents for some and growing comfortable with a new way of doing things for others. It may sound rough, but it’s absolutely necessary. We have a millennial and Generation Z workforce coming in behind us that reacts to a fax machine the same way I react to a Victrola. They’re not willing to stand in place feeding documents into a machine for hours on hand. By sticking with the fax, you could be losing some of your best and brightest people.
IT challenges exist, but they’re not insurmountable. Help CMS Administrator Seema Verma out -- it’s time to swipe left on the fax machine.
Originally posted on Forbes Technology Council (view original).