Should my organisation use Fax, Email or Post to receive or send patient information?
The simple answer to this question is no, because these methods of communication can put the security and privacy of your patient’s health information at risk and expose your organisation to a potential Data Breach or a Reportable Privacy Breach.
“A data breach happens when personal information is accessed, disclosed without authorisation or is lost. Under the Notifiable Data Breaches scheme, you must be told if a data breach is likely to cause you serious harm.”[1]
The security of patient information being transferred between health service providers is paramount and is a cornerstone of patient relationships and clinical care. Health information by its nature is sensitive and patient data breaches can cause unnecessary patient distress, damage therapeutic relationships and expose healthcare organisations to reputational and financial risk.
The Australian privacy legislation does not prescribe how healthcare organisations should share patient information, however, The Office of the Australian Information Commissioner (OAIC) state that “email is not a secure form of communication and you should develop procedures to manage the transmission of personal information via email”.
Faxing, including eFax solutions, while still used within the health industry is outdated and increasingly unreliable technology. Fax transmissions can be inadvertently sent to a wrong recipient creating at Privacy Breach or a fax may not transmit the full document to the intended recipient leading to a clinical risk exposure as well as wasting administrative time.
There are a range of options that healthcare organisations can use to securely transfer patient information. These include:
- Secure messaging platforms such as Medical Objects, Argus, HealthLink and ReferralNet.
- eReferral solutions such as the SeNT eReferral system which is available at no cost to PHN Commissioned Service Providers in the Hunter New England Local Health District area.
In the period July to December 2023 the OAIC reported that health service providers were responsible for more notifiable breaches than any other sector by a factor of two. Data breaches, no matter how small, can result in damaged patient relations, reputational risk and monetary fines.
The risk of a data breach can be minimised by using appropriate technology, having rigorous systems, documented procedures and ongoing staff training so that each team members is aware of how to minimise the risk of patient data being compromised.
The PHN’s Health-e Together Digital Care Toolbox has a range of resources to support healthcare organisations in implementing digital change.
[1] https://www.oaic.gov.au/privacy/your-privacy-rights/data-breaches