The fax — that 1940s technology that exploded in the 1980s that works by copying an image and sending it over a phone line via beeps and beeps — is still used by a vast majority of health care providers, insurance companies, and pharmacies.
And it just isn’t going away any time soon.
In 2019, seven in 10 hospitals still relied on fax machines and phone lines to transfer and retrieve patient records or order prescriptions, according to the latest figures from the Office of the National Coordinator for Health Information Technology (ONC). The agency believes progress has been made since then, but claims that fax machines remain the most common form of communication for sending health records and prescriptions.
Fax machines pose a risk to patient privacy because data sent over phone lines is not encrypted and accessing a piece of paper can be easier than hacking into an electronic file. Patient records can and have also been sent to the wrong fax number. But the dangers of a widespread patient data breach remain virtually non-existent compared to what can happen when hackers gain access to healthcare systems.
What happened to EPDs?
While mandated electronic health records (EHR) were supposed to digitize healthcare and communications, not all providers have fully transitioned to digital archiving. In fact, within the US Veterans Affairs Administration (VA), the fax machine continues to be a major part of health care information exchange.
In 2018, the VA began migrating from its own 40-year-old EHR — the Veterans Health Information Systems and Technology Architecture (VistA) — to a new Cerner EHR. (Oracle has since purchased Cerner.)
Last year, Neil C. Evans, a special adviser to the VA CIO’s office, said the agency’s new EHR system “is a way to place the fax machine in the legacy of technology.”
That has yet to happen. The VA is still struggling to roll out its Cerner EHR across its departments while continuing to use its homegrown VistA EHR. And so, with disparate EHR systems, data transfer consistency has yet to become a reality.
“Yes, most healthcare providers still use paper and electronic faxes,” said Mutaz Shegewi, research director for Worldwide Healthcare Provider Digital Strategies at IDC. “I wouldn’t be surprised if the use of faxes increases in a digitized format.
“EPDs have come a long way, but there is still a lot of work to be done. Interoperability is still a problem because most EPDs are not fully compatible with each other,” Shegewi said. “So you have disparate data silos.”
The interoperability issue
Health Information Exchanges (HIEs) would largely solve the EHR interoperability problem. But they failed because they were mainly based on technology providers and interoperability standards varied from organization to organization.
At one point, vendors actively blocked the transfer of data between disparate EHR systems. By retaining ownership of their software and being unable to exchange data, or actively blocking the use of protocols that would otherwise allow it, vendors could corner their respective markets.
Cris Ross, CIO of the Mayo Clinic, said at a conference of the Healthcare Information Management Systems Society (HIMSS) that healthcare interoperability is not a “crisis” but more of a “perpetual rainy day.”
“Health information sharing failed mostly because there was no business model,” said John Halamka, president of the Mayo Clinic Platform, a group of digital and long-distance healthcare initiatives. “Of course, it is a social good, but who is going to pay for it?
“It comes back to the question of where are the standards? Where are the mandates? Where are the business cases?” Halamka continued. “For all the talk about faxing as an insecure, unreliable technology from the 1980s, at least everywhere [healthcare] disciplines, it seems quite universal.”
Experts agree that while nearly ubiquitous, fax machines or servers live in the analog world. They often digitize an image, convert it to an analog signal for transmission, and then convert it back to a digital format for viewing or printing.
“It’s like standing between two French speakers with Spanish in the middle. That doesn’t seem very efficient,’ Halamka said. (Halamka co-chaired the Obama administration’s Health Information Technology Standards Committee, which created the standards used in the HITECH Act of 2009; its purpose was to promote and expand adoption of health information technology.)
But healthcare providers, insurance companies, and pharmacies all have the telephone terminals to enable faxing, so there remains an “if it ain’t broke, don’t fix it” mentality.
Even with interoperability and anti-information blocking mandates such as TEFCA (Trusted Exchange Framework and Common Agreement) and QHIN (Qualified Health Information Network), technical framework issues remain.
“Remember, skilled nursing homes aren’t covered by TEFCA, and pharmacies use e-prescribing versus insurance paperwork…, and then you have payers — there’s a whole different set of rules for them,” Halamka said. “The bottom line is there isn’t a comprehensive set of regulatory restrictions and standards for all of these providers.”
Fax is being used less for care coordination between healthcare facilities and EHRs are seeing increased use, but when it comes to post-acute care, the pharmaceutical industry and insurance payers, fax is still the rule, Halamka said.
“So yes, it’s a problem. Yes, we have to fix it. But right now it doesn’t feel like it’s been on anyone’s radar screen as a high priority and I haven’t seen any regulatory or funding changes,” Halamka said.
Older fax systems… just work
Brett Frisch, Account Manager at iFAX Solutions Inc. in Philadelphia, PA, sells fax technology. The nation’s largest pharmacies — Walgreens and CVS — rely on fax servers for prescription orders, and while phone lines can be pricey, they’re still cheaper than ripping them off and replacing them with some other method of electronic communication, at least for now.
“It’s like we’re the cockroach of the tech industry. We’ve outlasted tapes, CDs, VHS, and Blockbuster video. It’s outdated equipment,” says Frisch, whose company sells the software that enables fax transmissions between servers. “Everyone in the industry keeps saying the technology has five years to go. Then another five years pass and then another five years, and that was 15 years ago.
Commercial fax machines talk through local area network (LAN) servers, but the difference between a paper fax machine and a commercial fax system is not that much different. It is still data sent over a telephone line or server node. The only difference is with a fax server, scanning documents is not required.
And fax systems, Frisch argued, are very secure.
“You can’t really break into a phone line. When a fax is sent, it’s like a phone call,’ Frisch said. “If I sent you a fax, there’s no way to tap your line. It goes from one fax machine or server to another. It’s like a phone call. You could tap a call during the day, but [it’s] extremely hard to do.
“There is simply no way to securely connect every doctor and pharmacy. If you invent it, you’ll be immensely rich,” Frisch said.
iFax Solutions users fax about 10 million prescriptions per month, Frisch said. And while the fax server market is relatively small in terms of suppliers – there are only a dozen of them – it is by no means small in customers. Esker Fax, RightFax, Biscom and eFax are among the top competitors, serving the who’s who of healthcare and pharma.
The world’s largest pharmacies, hospital systems, post-acute care facilities and healthcare providers continue to use fax communications.
EHR security is still an issue
While EHRs were supposed to solve communication problems between providers, pharmacies and insurance payers, they also became a popular target for cyberattacks.
In 2021, according to a survey, 34% of hospitals reported being victims of a ransomware attack aimed at denying them access to their EHR systems in order to force them to pay a ransom to have it restored. The actual number of ransomware attacks could be higher because victim organizations do not always report the incidents or when ransoms are paid.
Another challenge to interoperability between healthcare providers and others is that individual departments within a hospital may also use disparate computer systems, creating internal data silos. Radiology may have its own medical imaging software and services, while the cardiology department may have its own system, for example.
The 21st Century Cures Act was created to improve interoperability and information sharing between disparate EHR systems and to discourage information blocking. There have also been vendor-driven initiatives such as the CommonWell Health Alliance, a non-profit founded by Cerner Corp. to promote the interoperability of EPDs.
In fact, according to an ONC report to Congress last year, by 2021 nearly two-thirds of physicians will be engaging in some form of electronic exchange using EHRs — either sending, receiving, or requesting health information from patients — with healthcare providers outside their organization.
But interoperability problems persist. As a result, healthcare organizations, pharmacies and insurance companies are still more comfortable with proven technology, even if it’s legacy, IDC’s Shegewi said.
“Interoperability is still a challenge. And for that reason, many providers still resort to fax,” he said. “Security and privacy are also part of it. Fax and telephone are often considered more secure compared to electronic methods, especially by those more accustomed to traditional ways of doing things. It’s just hard to disrupt and let go of old ways.”