Habits are often hard to break. Some professional offices, particularly in the health care sector, when there is a need to send something private, send by fax. Their belief is, if they send by fax, the transmission is secure and private (HIPAA compliant).
While they may have maintained this way of communicating out of habit or by policy, the environment in which they are communicating has changed. No longer, at the receiving end, are people receiving faxes arriving at machines in their office. Often, especially with smaller businesses, business people put an electronic fax number on their business card and faxes en route to them are converted to email.
Once converted to email, there are many benefits – ease of sharing, ease of managing, no need to scan, among others. Yet, all the risks around data privacy that exist with normal email transmission now exist for the fax transmission.
For example, that tax return, patient medical record information, lab test result, investment portfolio or estate planning information that was sent by fax, once transmitted to the recipient, more likely than not arrives in the recipient email box.
What is worse, if that recipient connects their Gmail or Microsoft online email account to their electronic fax number, once it arrives, Google or Microsoft will scan the message and attachments for key words (i.e. medical diagnosis or financial net worth) to enhance marketing profiles of the sender, people named in the email content, and/or the recipient.
If physicians are sending medical records or private patient information by fax to smaller clinics, group homes, labs, or outpatient care providers, if this sent fax is converted from fax to email en route, it may be no more private than writing the patient diagnosis on a postcard and sending by US mail. And, we know from our readers, that many, many physician offices are sending private patient information by fax.
This almost certainly would be a HIPAA health care provider data privacy violation — but who is to blame — is it the sender sending the fax, or the recipient who offers a fax number that converts the fax en route to email? And, is each transmission a violation?
It may be time to break old habits and move away from use of fax machines for sending sensitive information; also, it may be time to stop offering a fax number that routes to email for receiving sensitive information. Sure, you can use your fax number for when you need it; but to protect your strategic information, or you clients’ private financial and/or health information, Tech Essentials recommends modernizing and moving to encrypted email.
With RMail encrypted email, the message is not only sent in a secure and data privacy compliant manner, the sender receives a receipt for each message providing auditable proof of privacy compliance and timestamped proof of content delivered.
Modernize from fax (and electronic fax) to RMail encrypted email.