The fax — that 1940s technology that exploded in the 1980s and operates by copying an image and transmitting it through squeaks and squawks over a phone line — is still used by a large majority of healthcare providers, insurance payers, and pharmacies.
And it’s simply not going away anytime soon.
As recently as 2019, seven in 10 hospitals were still relying on fax machines and phone lines to transfer and retrieve patient records or order prescriptions, according to the latest figures from the Office of the National Coordinator for Health Information Technology (ONC). The agency believes there's been progress since then, but maintains that fax machines remain the most prevalent form of communication for transmitting care records and prescriptions.
Fax machines pose a risk to patient privacy because data traveling across phone lines is not encrypted and access to a piece of paper can be easier than hacking an electronic file. Patient records can and have been sent to the wrong fax number, too. But the dangers of a widespread data breach of patient data remains virtually nonexistent compared to what can happen when hackers gain access to healthcare systems.
What happened to EHRs?
While mandated electronic health records (EHR) were supposed to digitize the healthcare industry and communications, not all providers have moved fully to digital record-keeping. In fact, within the US Veterans Affairs Administration (VA), the fax machine remains a big part of healthcare information exchange.
In 2018, the VA began migrating away from its homegrown, 40-year-old EHR — the Veterans Health Information Systems and Technology Architecture (VistA) — to a new EHR sfrom Cerner. (Oracle has since purchased Cerner.)
Last year, Neil C. Evans, a special advisor to the office of the VA CIO, said the agency's new EHR system is “a way to put the fax machine into legacy of technology.”
That has yet to happen. The VA is still struggling to roll out its Cerner EHR across its departments while also continuing to use its home-grown VistA EHR. And so, with disparate EHR systems, consistency for data transmission has yet to materialize.
“Yes, the majority of healthcare providers do still use paper and electronic fax,” said Mutaz Shegewi, a research director for Worldwide Healthcare Provider Digital Strategies at IDC. "I wouldn’t be surprised if fax use increases in a digitized format.
“EHRs have come a long way, but there’s still a lot of work being done. Interoperability is still a problem, because most EHRs not fully compatible with one another,” Shegewi said. “So, you’ve got disparate siloes of data.”
The interoperability issue
Health information exchanges (HIEs) were supposed to largely solve the EHR interoperability problem. But they failed because they were mostly tech provider based and interoperability standards varied from organization to organization.
At one point, vendors were actively blocking the transmission of data between disparate EHR systems. By keeping their software proprietary and unable to exchange data, or by actively blocking the use of protocols that would otherwise allow it, vendors could corner their respective markets.
Cris Ross, CIO at the Mayo Clinic, said at one Healthcare Information Management Systems Society (HIMSS) conference that healthcare interoperability is not a "crisis," it's more like a "perpetual rainy day."
“Health Information Exchanges failed mainly because there wasn’t a business model,” said John Halamka, president of the Mayo Clinic Platform, a group of digital and long-distance healthcare initiatives. “Sure, it is a societal good, but who’s going to pay?
“It gets back to the question of where are the standards? Where are the mandates? Where are the business cases?” Halamka continued. “For all the talk about faxes being unsecure, unreliable, 1980s tech, at least across [healthcare] disciplines, it does seem pretty universal.”
Experts agree that while nearly ubiquitous, fax machines or servers live in the analogue world. They often digitize an image, turn it into an analogue signal for transmission, and then return it to a digital format for screen viewing or printing.
“It’s like going between two French speakers with Spanish in the middle. That doesn’t seem very efficient,” Halamka said. (Halamka was co-chair of the Obama Administration Health Information Technology Standards Committee, which created the standards used in the 2009 HITECH Act; its purpose was to promote and expand the adoption of health information technology.)
But healthcare providers, insurance payers and pharmacies all have the telephone end nodes to enable faxes, and so there continues to be an “if it ain’t broke, don’t fix it” mentality.
Even with mandates for interoperability and against information blocking, such as TEFCA (Trusted Exchange Framework and Common Agreement), and QHIN (Qualified Health Information Network), technical framework problems persist.
"Remember that skilled nursing facilities aren’t covered by TEFCA, and pharmacies use e-prescribing versus insurance paperwork..., And then you have payors — there’s a whole other set of regulations for them," Halamka said. "The bottom line is there’s not a comprehensive set of regulatory constraints and standards around all these providers."
Fax is being used less for care coordination between healthcare facilities and EHRs are seeing an increase of use, but when it comes to post-acute care, the pharmaceutical industry and insurance payers, fax is still the rule, Halamka said.
“So, yes, it is a problem. Yes, we should solve it. But at the moment it doesn’t feel like it’s been on anyone’s radar screen as a high priority and I haven’t seen regulation or funding changes,” Halamka said.
Legacy fax systems...just work
Brett Frisch, an account executive at iFAX Solutions Inc. in Philadelphia, PA, sells fax technology. The nation’s largest pharmacies — Walgreens and CVS — depend on fax servers for prescription orders, and while phone lines can be pricey, they’re still cheaper than ripping and replacing them with another electronic communications method, at least for now.
“It’s like we’re the cockroach of the tech industry. We’ve outlasted tapes, CDs, VHS and Blockbuster video. It’s legacy equipment,” said Frisch, whose company sells the software that enables fax transmissions between servers. “Everyone in the industry keeps saying the technology has five years left. Then another five years pass and then another five years, and that was 15 years ago.”
Commercial faxes talk over local area network (LAN) servers, but the difference between a paper fax machine and a commercial fax system isn’t all that different. It’s still data being transmitted over a phone line or server node. The only difference is with a fax server, document scanning isn’t required.
And fax systems, Frisch argued, are very secure.
“You can’t really break into a phone line. When a fax transmission happens it’s like a phone call,” Frisch said. “If I faxed you, there’s no way to tap into your line. It’s going from one fax machine or server to another. It’s like a phone call. You could tap a call back in the day, but [it's] extremely tough to do.
“There’s just no way to securely connect every doctor and pharmacy. If you invent it, you’ll become extremely wealthy,” Frisch said.
iFax Solutions’ users fax about 10 million prescriptions per month, Frisch said. And while the fax server market is relatively small in terms of vendors — only about a dozen exist — it’s by no means small in customers. Esker Fax, RightFax, Biscom and eFax are among the top competitors and they service the who’s who of healthcare and pharma.
The world’s largest pharmacies, hospital systems, post-acute care facilities and healthcare providers continue to use fax communications.
EHR security is still an issue
While EHRs were supposed to solve the communications issues between providers, pharmacies, and insurance payers, they also became rich targets for cyberattacks.
In 2021, 34% of hospitals, according to one survey, reported being the victim of a ransomware attack aimed at locking them out of their EHR systems to force them to pay a ransom to have it restored. The actual number of ransomware attacks could be higher because victim organizations do not always report the incidents or when ransoms are paid.
Another challenge for interoperability between healthcare providers and others is that individual departments within a hospital can also use disparate computer systems, creating in-house data siloes. Radiology might have its own medical imaging software and services while the cardiology department could have its own system, for example.
The 21st Century Cures Act was created to improve interoperability and information exchange between disparate EHR systems and to discourage information blocking. There have also been vendor-driven initiatives, such as the CommonWell Health Alliance, a non-profit started by Cerner Corp. to promote EHR interoperability.
In fact, according to an ONC report to Congress last year, nearly two-thirds of physicians engaged in some form of electronic exchange using EHRs — either sent, received, or queried patient health information — with providers outside of their organization in 2021.
But interoperability problems persist. As a result, healthcare organizations, pharmacies, and insurance providers are still more comfortable with tried and tested technology, even if it’s legacy, IDC’s Shegewi said.
“Interoperability is still a challenge. And for that reason many providers still resort to fax,” he said. “Security and privacy is also part of it. Fax and phone is often perceived as more secure compared to electronic methods, especially with those more used to traditional ways of doing things. It’s simply hard to disrupt and dislodge old ways of doing things.”