Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United Kingdom

UK Just Banned the National Health Service From Buying Any More Fax Machines (qz.com) 111

The UK's NHS will be banned from buying fax machines from next month -- and has been told by the government to phase out the machines entirely by 31 March 2020. From a report: More than 9,000 fax machines are in use by the NHS, a July survey found. All will be replaced by email, according to a report from the BBC. The shift, ordered by UK health secretary Matt Hancock, is intended to improve patient safety and make communications more secure. Rebecca McIntyre, a cognitive behavioral therapist, told the BBC that using fax machines made it difficult to ensure patient's information was actually sent to the right place, and that it wasn't being seen by non-authorized people. "You would not believe the palaver we have in the work place trying to communicate important documents to services (referrals etc)," she said. "We constantly receive faxes meant for other places in error but this is never reported." Further reading: The Fax is Not Yet Obsolete.
This discussion has been archived. No new comments can be posted.

UK Just Banned the National Health Service From Buying Any More Fax Machines

Comments Filter:
  • UK vs. US (Score:5, Informative)

    by dtmos ( 447842 ) * on Monday December 10, 2018 @11:06AM (#57780136)

    The fascinating part is that, at least in the health care facilities with which I am familiar, the explanation given for not using fax machines in the UK is the same reason for not using email in the US: Just change "using fax machines made it difficult to ensure patient's information was actually sent to the right place, and that it wasn't being seen by non-authorized people" to "using email made it difficult to ensure patient's information was actually sent to the right place, and that it wasn't being seen by non-authorized people."

    The privacy of a phone call used for a fax is seen by these institutions as greater than the multi-hop routing of Internet email. (It used to be true that one knew (or could find out) a defined physical location for the ends of a phone call, but that, of course, is no longer true.)

    • Re: (Score:2, Informative)

      by AmiMoJo ( 196126 )

      While interception of email is possible (although you would hope that they were mostly using transport encryption these days) there are far bigger risks, e.g. sending to the wrong person or the wrong people seeing the paper as it comes out of the fax machine and sits in the in-tray. At least with email there is a decent audit trail too, fax machines at best might store the last N numbers dialed but certainly not the message content.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        My company has a big bank of fax machines in a locked room with badge-controlled access and all they are getting is customer orders. Surely something as sensitive as patient medical data could be physically secured as easily.

        • by necro81 ( 917438 )

          Surely something as sensitive as patient medical data could be physically secured as easily

          Could be but are not. (Spoken from experience as a former employee of medical facilities and as an observant patient.)

        • I never understood companies (or government departments) buying teams of fax machines to receive faxes. We've had these things called fax modems for decades already as well as software to receive faxes - some of them even integrate with Collabra, Exchange, Google Docs and that thing called Lotus (e.g.: GFI FaxMaker has been around over 20 years).
      • Maybe someone will revive Google Health?

      • I see it as an essential abject failure of the tech industry that most people have no way to securely send a simple document to someone else they know or have a real-world relationship with (doctor/patient, vendor/customer, service/client). Thinking about it, the closest I can come to a genuinely accessible solution is Signal [wikipedia.org]. What's even more sad is that the reason that this problem is unsolved is that the major tech players are so addicted to spying on their customers that they can't bring themselves to
      • by rtb61 ( 674572 )

        I would point to the fact, the Google as a corporation made the claim that email is equivalent to postcards, they wanted the excuse to examine everyone's email. So NHS by law can not send patient information to a GMail address because privacy laws are in force for the medical profession. In fact by law, unless the email is encrypted or goes direct to that persons in home email server which would be the equivalent of a fax machine in their home, would probably be illegal because the ISP has full access to em

        • by Mal-2 ( 675116 )

          Would it be so hard though to provide an email address on government servers which people have to log into like any other webmail provider? Then at least you'd know who was holding the data. If people choose to forward the emails on to external addresses, then they did that and it ceases to be a legal problem.

    • Re: UK vs. US (Score:2, Interesting)

      by Anonymous Coward

      It's an occupational hazard. I work for a major US health insurer. We are doing what we can to eliminate faxes and year by year they are less important, but can we talk about secure email? There are so many platforms and for each one you have to have a login. Once you are inside the secure site, the functionality varies. Some allow you to download the message and attachments all together. Others do not, which is a huge pain when some sends over dozens of documents and you are taxed with downloading each one

      • Yes, let's talk about secure e-mail. If you're talking about "platforms" you're doing it wrong because secure e-mail should be done within the e-mail client, not by using some kind of proprietary "secure-messaging" service.

        A good e-mail client supports both gpg and S/MIME encryption.

        • I wish I could mod you up.... there are standards for encrypting email that have been around since the 1990s, but no one cared back then and our current "app" culture rather use a trendy, usually proprietary, app instead following a standard...but then again most healthcare providers around here are already using electronic records (which currently send faxes to external providers), you's think there could be an Owncloud/Dropbox/Gdrive style sharing via https link/api (maybe some inter-provider standard for
    • The difference is, each individual has a private email address whereas fax machines are shared for a whole department and anyone walking by can read them. Both are equally vulnerable to misdirection due to the errors by the sender (wrong digit in fax number or wrong character in email address). Both phone and email are (typically) unencrypted, and as long as the government wants to maintain the ability to snoop, that's unlikely to change.
    • by Anonymous Coward

      The UK civil servantry has no trouble sending sensitive data every which wrong way, regardless of medium.

      Fax sent wrong, email accidentally the whole contact list, dvds lost in the mail, usb left on the bus, papers left in taxis, laptops stolen from cars, briefcases left on trains, it's all been sent wrong, left behind, lost, stolen, or whatever else, at one time or another. Usually unencrypted, of course.

      So this is just a big fat gesture in lieu of doing something useful. Like "banning all diesels", "banni

      • by jabuzz ( 182671 )

        Worse than that, a whole range of devices from photocopies to multifunction printers come with a built in fax facility. So you would have to ban all dual usage devices too which I doubt they are doing.

        • by tepples ( 727027 )

          If the regulation were "Buy no more dedicated fax machines, and fill the telephone connector of fax-copiers with epoxy," would you find that practical?

    • by gmack ( 197796 )

      It really doesn't need to be either fax or email. Here, my doctor has a 2FA dongle to access his account with the Government of Quebec, yet the pharmacy faxes him prescription update requests and his receptionist faxes his reply. I don't see why they can't have some secure, medical professional only system for sending medical related information.

    • Both methods of Faxing and Emails are bad options for sharing Medical Data.
      The better method which would actually require strong IT in healthcare would be appropriate HL7 communications either via Clearing House or direct VPN connection between systems.
      This technology isn't new, but it better for sending healthcare info, as the data can be parsed and categories more easily into the EHR and EDM systems.

    • They usually pre-program "speed dials" on these things to help ensure that most records don't get sent to the wrong place.

      Twenty-ish years ago I got an HP Digital Sender - paper in one side, email out the other - and integrated it with the employee directory of the hospital I was working for. Everybody loved the speed and reliability, plus the clarity was way better than FAX, but nobody wanted to type in a whole name on the chicklet keyboard when they were used to one-button dialing. Even 10 numbers was s

      • haha nice! I still have my HP 9100c on the home network. They did colour scanning as well which was not nearly as common at the time.

    • by sjames ( 1099 )

      Of course, when you fax, it just drops into a tray. Often a FAX machine is shared, so anyone can rifle through the faxes that have arrived.

      • by Mal-2 ( 675116 )

        Many times, I have called someone to let them know I would be sending a fax. If they ask me to wait ten minutes because they can't hover over the machine right now, then I wait ten minutes.

    • Flawed because the NHS has a 'walled garden' of a secure network within which data is secure.

  • But email is not secure.
    • by Luthair ( 847766 )
      The BBC article which the summary references yet doesn't link to (presumably because qz spammed this submission) specifically mentions how faxing to the wrong place is a common occurrence.
    • -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA1

      GPG and S/MIME encryption is a thing that exists.
      -----BEGIN PGP SIGNATURE-----

      iQEzBAEBAgAdFiEE0YU0isbenb1PGb7IaCsut4kt6eEFAlwOoLwACgkQaCsut4kt
      6eH+5Af8CvAPqfbIMUt7dxCgECFrzweDYo641tDoD1eW0AUrCC25+Aiy9x98zJyZ
      KV2EjL9TGCtrq83z5mJlwCd3mXXCGpcLp1nMG9Pi7X0ddXEdN2XQWlkvzpCIeygx
      I/AKbY9foiKQ6YsrUS7GtKR7ErN5QaooGKFGciAa4a5pZHdDBqDwTehC8blkGyHI
      S1RDIGUJpqIKT+wVPHdMoPj6TEJBy+S0AvKX/trBd+EqYOYF4OU9vWncKLYnFxDT
      cFqDcICSoCyxFLQBlsz/P0mlycx76yFY3/UBSjHXhaYlUsmibtf3LwIasDzA4CEp
      cgE479

  • Unless certificates are issued to all staff in the form of Class III cards, same as the US military use, and all emails are encrypted using certified correct chips (software is too easily infected as heartbleed showed) then you provide only the illusion of assurance.

    • by necro81 ( 917438 )

      Unless certificates are issued to all staff in the form of Class III cards, same as the US military use, and all emails are encrypted using certified correct chips (software is too easily infected as heartbleed showed) then you provide only the illusion of assurance.

      I do not disagree. But practically speaking this seems like an impossible goal.

      Given the fractured nature of healthcare in the U.S., getting everyone on the same page regarding encryption and certificates is more or less impossible. And a

      • Given the fractured nature of healthcare in the U.S., getting everyone on the same page regarding encryption and certificates is more or less impossible.

        It's only impossible in the sense that it would require an act of our currently dysfunctional congress. Congress could make a standard required with the stroke of a pen and everyone would have to get on board. It really wouldn't be all that hard. But of course we have elected a quorum of of asshats who think that somehow this would be a bad thing.

  • by Anonymous Coward

    My wife works at a hospital in the US, where the hospital still uses paper charts, and sends faxes *internally* to different departments.

    The problem has never been technical. Email + Smart Card + Encryption is simple to set up, and baseline simple to use. The resistance is administration, staff, doctors, coworkers, etc. You've got to remember, that medical people are generally smart and capable, but figuratively suck-ass-at tech. I'm talking rebooting-a-computer-is-hard suck-at-tech. Think about traini

  • Fax still works (Score:5, Insightful)

    by Socguy ( 933973 ) on Monday December 10, 2018 @11:51AM (#57780426)
    As someone who now works in health care (not the UK), I can say that this is dumb. Fax machines are actually very convenient since most documents are still filled at least partially by hand. In order to email, I would have to log onto a computer, wait for it to secure-boot then scan the doc in then open email, attach and send. For privacy reasons every time I walk away from a computer, it must be logged off. The other issue with sites that use email is that any documents with personal information (that would be all of them) must be encrypted using a unique password that must be pre-arranged with the recipient. Therefore, before I can email someone their document, I must call them and work out a password with them This would not be any great burden if it was only once a day but with the amount of documents flying around, the simplicity of dropping a document in the feeder and pushing a single button is invaluable.

    The other reason that email is frowned upon in the healthcare industry is that it's far too easy to print multiple identical copies of documents. Patients more and more often want their prescriptions emailed to them and I have to tell them no. How great would it be to get a prescription for Oxy over email and then print a hundred copies, one for each pharmacy in the city?
    • by mccalli ( 323026 )
      You need to do none of that. Worst case, get a scanner that can email directly. And you're done.
      • In the US healthcare Insurance industry, there is just no substitute for FAX. Your insured cardholders often have papers that need to be transferred to your company. These cardholders are from all over the globe, may not be computer savvy enough to figure out scanning and encryption, and only need to transfer the documents when they submit a claim - possibly only once or twice. The FAX is the fastest, simplest answer. You just cant spend hours on the phone trying to tell a novice how to scan a document and
        • by es330td ( 964170 )

          In the US healthcare Insurance industry, there is just no substitute for FAX.

          The same is true in my industry, financial services. Only a fax provides positive confirmation that a message was received in good order. When a person is making a six figure investment both sides need to have the confidence that information was sent AND received as intended.

          • Only a fax provides positive confirmation that a message was received in good order.

            No it does not. It provides confirmation that the message was delivered to a particular fax machine but provides no information beyond that, including whether or not it printed legibly on the other end.

            When a person is making a six figure investment both sides need to have the confidence that information was sent AND received as intended.

            If that's the goal a fax is definitely not the technology you want. You have absolutely no idea who picked up that piece of paper on the other end and what they did with it. Might have gone straight to the trash for all you know. Pretending that a fax is some sort of reliable means of logging communicatio

          • by lgw ( 121541 )

            Phone calls are probably easier to hijack than email these days. Fun fact: authorities in in Las Vegas area have given up on maintaining control of the phone system (organized crime redirects calls to call-girls to their own girls). At least email can be encrypted.

            Of course, almost all "six figure investments" are made with a click in a broker's web UI (or an ibank's internal web UI).

      • You need to do none of that. Worst case, get a scanner that can email directly. And you're done.

        If you are speaking from a capability point of view, then you are entirely correct. But the parent was talking about the layers of regulations that hamstring data sharing in medicine.

        All that hullabaloo the parent mentioned is real and my staff spends hours each day fooling around with it. Oh yes, and it is the law too (at least in the US).

        • by mccalli ( 323026 )
          I'm in the UK - here there are plenty of email solutions here for health care, and I can order repeat prescriptions through an app. Please understand - I'm interested and learning from the comments about the US health care system. However the story comes from the UK - there's literally no reason here at all to be using a fax machine since there's plenty of already in use alternatives.
    • The other reason that email is frowned upon in the healthcare industry is that it's far too easy to print multiple identical copies of documents. Patients more and more often want their prescriptions emailed to them and I have to tell them no. How great would it be to get a prescription for Oxy over email and then print a hundred copies, one for each pharmacy in the city?

      Are your faxes printed on magical paper that prevent copying?

    • There are email services in existence as I write this that don't allow copying, forwarding, and self-destruct upon opening/reading messages received. Based on the knowledge of this it seems trivial to me for there to be email services specifically for the healthcare industry that operates the same way, plus fully encrypted with strong encryption. Could be designed to be as simple to use as normal email. For once this is a problem that technology can actually solve properly.
    • As someone who now works in health care (not the UK), I can say that this is dumb. Fax machines are actually very convenient since most documents are still filled at least partially by hand.

      Washing your hands frequently is also inconvenient,but best serves your patients.

      In an age of enlightenment with regards to patient privacy and accountability, fax just doesn't have the ability to do the job right. Adequately, yes, I grant. But all of the processes you name could benefit from modernization.

    • by Jahta ( 1141213 )

      Plus the Fax network wasn't affected when the NHS computer systems were taken off the air by the WannaCry malware.

    • Email is forbidden and fax machines persist (in the US) primarily due to HIPPA regulation 45 CFR 164.312(e)(1).

      (1)Standard: Transmission security. Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.

      Email can not guarantee that all hops in the SMTP path are encrypted. Fax bypasses this regulation because POTS is not considered an electronic communications network. There are work arounds. Encrypted attachments are OK, but better are secure email services where the message recipient receives an HTTPS link to download the message and they manage user accounts and passwords. I assume these ar

    • > Fax machines are actually very convenient

      My grandmother was in a US hospital recently, in another state. She was traveling with my parents and fell ill there. Since my grandmother was living with my parents at the time, all of her medical records were back home, and the out-of-state hospital had no way to get her records from the local hospital that produced them, so they called me to drive over to my parentsâ(TM) house to fetch them.

      I did that, then called the out-of-state hospital to ask what em

    • Fax machines are actually very convenient

      Not for the patient.

    • by JSG ( 82708 )

      In the UK, the prescription document is simply a thing to hand over to a pharmacy - mostly vestigial. The prescription itself is transmitted electronically. Nowadays you don't even have to sign a prescription charge waiver form: the machine knows already. To be honest, I haven't actually seen a prescription form for quite a while. It is almost as though at least part of the NHS has noticed that it is 2018 8)

    • by Mal-2 ( 675116 )

      You don't need fax machines to receive or send faxes, though. Nor do the documents received ever have to be printed. A fax server on the local network is actually a lot more convenient, both sending and receiving.

    • by havana9 ( 101033 )
      How in Italy have solved the problem. Every recipe, except those for OTC drugs, have a barcode, and when you go to a pharmacy they scan the barcode and the software checks if that is valid. This works both with handwritten recipes, that you normally get on an home visit, or a printed or PDF recipe. If you need opiates or other controlled drugs you have to ask the pharmacy in advance, and they normally phone the doctor for confirmation.
      This is a recipe that could be handwritten [piemonte.it] You can clearly se on the rig
  • by Anonymous Coward on Monday December 10, 2018 @11:52AM (#57780430)

    eFax would make their heads explode.

  • It amazes me that there is even any need to fax patient information at all in the UK. They have had centrally run and managed and funded healthcare since the end of WWII ! I would have thought they would have some terminal text-based records system from the 1980's that was universally deployed. I mean the closest thing I have experienced to the UK system is the US military's system, which has been computerized with centralized records since I was a baby in the 80's (parents were in air force). Sure, th

    • by lgw ( 121541 )

      It's almost as if competition spurs efficiency. Nah, that's crazy talk.

      • It's almost as if competition spurs efficiency. Nah, that's crazy talk.

        You are certainly correct, but the use of fax in the healthcare industry has more to do with another huge painful thing that the government does to us: unintended consequences.

        HIPPA laws greatly restrict the use of electronic distribution of patient records. Thus, we fax everything. Again, to your point, reality is not optional.

  • "They don't really need to stop this, as all modern, 2018 medical facilities are happy with fax machines," said a representative for the firm contracted to supply fax machines, The McFly Corporation.

  • Industries that still rely on fax machines usually have little incentive to improve productivity, especially if the status quo can be deemed good enough. This is particularly true for government agencies. When politicians attempt to foist productivity improvements on the bureaucrats the outcome often doesn't bode well. It typically takes some kind of crisis for such improvements to be implemented.
  • Most healthcare providers around here already have electronic records (EPIC being dominant platform). Why not some open, standardized protocol for exchanging health data between systems? Records could be shared just like sharing a file in Owncloud/Gdrive/Dropbox....It would provide an audit log of every access and could be simpler than faxing

news: gotcha

Working...