Faxes are Secure, Right?
It is hard to believe that, in this day and age, people are still using faxes, but they are surprisingly popular, still, in businesses.
And extremely error prone. There is no error checking mechanism in a fax machine.
You type in a number, stick the pages in and they are transmitted to the other end. Where ever or whoever that might be.
Sometimes, if the other end is not where you were expecting, it is not a problem. Maybe they throw the faxes in the trash. Maybe they shred them. Maybe, if you lucky, they call the sender and tell them that the faxes did not reach the intended recipient.
But what if you are a health authority and the information is confidential patient information. And the actual recipient is a computer shop – not one where the patient is.
This was reported in Canada this week. The Saskatchewan Health Authority sent confidential patient information to local computer shop. The store owner said that his fax machine received a 21 page fax from a local hospital destined for a local doctor.
The hospital has a solution to the problem – the computer shop should change its fax number (and somehow notify its customers of this). Wonderful solution. The shop owner was actually pretty accommodating about that. Pay for the costs of the change and he would do that.
The computer shop says that it has received numerous faxes from the Health Authority over the last year.
We hear about this often. Sometimes in the case of lawyers, they and even the courts, accidentally fax information to the opposing counsel or even unrelated third parties. In situations like that, a simple mistake can result in a waiver of attorney client privilege. That can get very messy.
In the cases where the party sending the fax is typing in the number directly, mistyping a digit will send the fax to the wrong place.
In some cases, the fax number is stored in the fax machine’s address book, but was entered incorrectly.
In a few cases, we have even heard of situations where the recipient phone number has been forwarded to another number, accidentally.
Given all these opportunities for error, why do companies continue to use fax machines, especially for sensitive information?
The simplest answer is that fax machines are universal. Doctors and others have been using them for 50 years and don’t like to change. Fax machines – at least simple ones – are pretty cheap and the training process is pretty simple.
But another reason is the perception that faxes are secure. They are not. There are a few, really high end fax machines that encrypt the faxes, but they are probably like one in 100,000 that can do that and that the users know how to use that.
Mostly it is because people don’t like change.
We use encrypted email all the time. But it is a bit of a hassle. We use different encrypted email products with different clients. You have to look at multiple email apps to make sure that you haven’t missed any emails.
So people, always looking for the easiest, least hassle solution, resort to faxes.
In the case of faxing medical records to the wrong person, even accidentally, it is likely a violation of privacy laws.
In this case, the computer shop owner notified the sender multiple times (remember the sender suggested that the shop owner change his phone number) and the sender refused to do anything.
Well now the computer shop owner has notified the Saskatchewan information and privacy commissioner. I don’t know what the penalties are going to be, but perhaps, now, given a combination of bad PR and fines, the hospital will come up with a better solution. That are not very hard to find.
Are you still using fax machines to send sensitive information?
Information for this post came from CBC.
by 