The Department of Health has told the NHS to phase out fax machines by 2020 and switch over to “more modern communication methods” in a bid to improve patient safety and cyber security.
The announcement follows a recent report from the Royal College of Surgeons that as many as 9,000 fax machines were still in use in 2018.
Richard Kerr, who is the chair of the RCS’s commission on the future of surgery, told the BBC that the continued use of the outdated technology by the NHS was "absurd", saying it is crucial that the health service invested in "better ways of communicating the vast amount of patient information that is going to be generated" in the future.
With the NHS now banned from buying fax machines as of next month under radical plans to overhaul outdated technology and IT systems, Tony Pepper, CEO of Egress Software, looks at what this change will mean for NHS staff and they way they share patent data:
“It is difficult to believe that such an outdated and unsecure system is still being used by the NHS when we consider the confidentiality of the information contained within patient records. According to the BBC, as many as 9,000 fax machines were still in use as of July 2018, which should set alarm bells ringing about the scale of this issue," says Pepper.
"We know from attacks like WannaCry that healthcare organisations are a significant target for cyber-criminals – but this news also shows that more needs to be done to improve the NHS’s internal security posture, particularly when it comes to electronic communication and data sharing. The ICO’s latest trend report shows that disclosure of data and lack of security were the two highest causes of data security incidents in the healthcare sector, between July and September 2018.
“Fax machines provide a large surface area for human error and consequently data breaches when used to transfer sensitive data, as they can’t offer assurance over how the data is picked up and used at the receiving end, or a safety net to allow for user error when dialling. When used to transfer confidential information, there is a significant risk of a data breach."
Pepper believes that with the mandate to phase out fax machines by 2020, and the recommendation to use email encryption instead, the NHS has the opportunity to close this gap in their data security. However, he warns that they will need to fully understand how NHS staff share data and who with. "In particularly, they will need to look beyond NHSmail, which is a closed platform for organisations that deliver publicly funded health and social care in England and Scotland," said Pepper.
"While in cases where both recipients have NHSmail accounts, we can have assurance that patient data is protected, systems will need to be introduced that can secure data when shared outside of this community, particularly with the patients themselves. Such solutions need to ensure that data is only sent to and accessed by the intended recipient, applies the correct level of security, and is easy to use.
“The NHS has a responsibility to guarantee that patient information is always securely collected, stored and shared. To achieve this, it must first understand the sensitivity of the data it controls, subsequently applying a combination of encryption, rights management, machine learning and policy-based access control to ensure that personal information remains secure. Employees also need to be educated, ensuring that the risk posed by the weakest link in the technology ecosystem – the user – is mitigated.”
Entries for the 2019 PCR Awards are now open. Submit your entries here before Dec 13th for a chance to win!