The survival of highly regulated industries such as healthcare depend on secure information exchange.
Healthcare organizations, or “covered entities,” as they’re known, exchange large volumes of sensitive data daily: billing and medical records, prescriptions and refill requests, lab requisitions, clinical field trial results, patient clinical data, plus insurance claims, denials, appeals, and invoices.
Traditional analog fax, relic that it is, still transmits over the public telephone network, and remains difficult, if not impossible to intercept. For this reason, it is regarded as a more secure form of communication than email. In fact, a report on the health industry’s use of fax machines showed 75 percent of medical communication in the United States takes place via fax. Recent high-profile incidents of massive cyber-attacks exposing the personal details of millions of customers and patients reinforce the view that email remains a highly vulnerable means of business communication.
However, fax remains a viable means of exchanging protected healthcare information (PHI) for other reasons too. A recent IDC study noted that 25% of large businesses surveyed prefer fax over email because they believe it reduces their risk of violating data privacy regulations. An additional 28% prefer fax because it makes document tracking easier and sends alerts as to the success or failure of a transmission.
Then there’s the regulatory factor. Federal regulators who enforce healthcare data-privacy rules have exempted fax (and phone calls) from certain aspects of the HIPAA Security Rules. This has led to the widespread perception that fax is more compliant than other types of electronic communication for the transmission of PHI.
So fax persists. But the world has changed, and so have old notions about fax reliability. In fact, the issue has taken on greater importance with the Centers for Medicare & Medicaid Services Administrator Seema Verma challenging software developers to make physicians’ offices fax-free by 2020.
The Trouble with Legacy Fax
If you still use a fax machine, multifunction printer, or rely upon on-premises fax servers to transmit your faxes, then you support legacy fax.
This is a huge problem! Why? Because legacy fax can fail in ways that threaten an organization’s data security, and if in today’s data-driven world covered entities can’t keep the PHI of patients free from unauthorized exposure, they’d better, well, cover their entities as HIPAA violations are expensive and can torpedo your reputation, even your livelihood.
Government regulations require that specific industries, such as healthcare and financial services, comply with data privacy regulations. These compliance requirements serve to protect private, confidential, and sensitive information from unwanted intruders that could attempt to intercept files in transit. Though organizations can take measures to ensure that their email solutions are agreeable to these demands, an email message will typically pass through multiple servers before it reaches the final point of delivery. This indirect transmission method leaves mission-critical documents and other unstructured data potentially vulnerable.
Last year, the Federal Bureau of Investigation implemented a new policy prohibiting Freedom of Information Act (FOIA) requests via email. Now, people requesting public records must use fax machines, standard mail, or the FBI’s online portal to communicate with the agency’s records management division. While many thought it was a step backward for the FBI to use “archaic technologies” such as fax, industry veterans applauded the FBI’s decision to use one of the most trusted document delivery methods available today.
Communicating via email has many severe disadvantages and vulnerabilities including imminent threats of cyber hacking and hard-drive or server crashes which can compromise sensitive and confidential data. Despite its antiquated image, fax can ensure security, compliance and the guaranteed delivery of business-critical information more than email. Fax’s key role in healthcare data security best practices is the reason why the online fax market is projected to be worth $2.4 billion by 2022.
To guarantee the secure transfer of information between two endpoints, the ideal fax solution must utilize well-defined end-to-end encryption methods such as those defined in the Elliptic Curve Integrated Encryption Scheme (ECIES). This hybrid encryption scheme uses Elliptic Curve Cryptography to generate a shared secret between peers to seed the encryption process with unique keying material, while signing and authentication mechanisms assure the validity of the data in transit.
End-to-end encryption not only protects data at each endpoint, it also protects data at rest. Since information is never de-encrypted and re-encrypted, even if a third-party were to snoop on the information in transit, it would be indecipherable. Most importantly, end-to-end encryption schemes allow secure transmissions even over unsecured channels.
Hybrid Cloud Technology
While traditional fax transmissions are hampered by limitations associated with PSTN and telephony infrastructure at “analog modem speeds”, the cloud (a digital network) can offer a different and more effective approach. By leveraging the cloud and delivering all faxes via HTTPS, outdated fax boards, media gateways, and the complex telephony stack are completely eliminated.