The end is near for the fax machine
10th October 2019
Key points to consider before the April 2020 deadline to remove all fax machines across the NHS.
With less than 6 months’ to go until the deadline to have all fax machines removed from across the NHS, how is your Trust doing?
The NHS was recently cited as the world’s largest purchaser of fax machines, with nearly 9,000 in use across the healthcare system.
A recent report found that the trusts with the most fax machines have collectively removed 42% of their machines over the last 12 months.
But how easy is it to phase out the machine and why is it proving difficult to meet the April 2020 deadline?
Whilst you embark on your journey to ‘Axe the Fax’, there are a few things for you to consider:
1. Is your fax machine on a lease?
From experience, most fax machines are obtained on a lease scheme. If this is the case for your trust, then you will be tied into a contract, so make sure to check the terms of your agreement for any payments that may be required to terminate the lease early.
2. How do you communicate externally?
It must be recognised that not all businesses and companies have started their digital journey, so could the removal of your fax machine leave you and your supplier’s unable to communicate?
If so, Sarah Moorhead, Associate Director of Digital Demand at Leeds Teaching Hospitals, has noted how important eFax has been to allow them to make the change, leaving them confident that they’ll be able to meet the April 2020 deadline (Source: 2019, Digital Health). The eFax system allows users to send faxes online or via email and proves to be a safer method of communication.
3. Is the fax machine compliant with GDPR?
Not only could eFax or other digital systems be more cost effective, they are also considered to be increasingly more secure methods for the transferring of confidential documents.
Rebecca McIntyre, a cognitive behavioural therapist noted how fax machines are “a continued risk to the confidentiality and safeguarding of patients….we constantly receive faxes meant for other places in error but this is never reported” (Source: 2018, BBC).
It was found in an ICO report that data posted or faxed to an incorrect recipient was the second highest cyber security breach reported.
Under the previous Data Protection Act, Hertfordshire County Council were fined £100,000 after it was found to have sent faxes containing sensitive data to the wrong recipients. The first fax, which contained details relating to a child sex abuse case, was mistakenly sent to a member of public. Just less than 2 weeks’ later, a second fax containing information regarding child care proceedings was sent to a chambers unconnected to the case.
So could the associated costs of removing the fax machine and implementing new systems outweigh any fines obtained from breaching the GDPR regulations?
If you require further information, please do not hesitate to get in touch.
Please note that this briefing is designed to be informative, not advisory and represents our understanding of English law and practice as at the date indicated. We would always recommend that you should seek specific guidance on any particular legal issue.
This page may contain links that direct you to third party websites. We have no control over and are not responsible for the content, use by you or availability of those third party websites, for any products or services you buy through those sites or for the treatment of any personal information you provide to the third party.