The Axe the Fax campaign has charged NHS Trusts with discarding their old fax machines (there were over 8,000 in the system back in 2018) in favor of more secure methods of communication. We’ve previously written about the easiest digital alternative, enterprise-grade fax over IP (FoIP). However, there is another option for Trusts who are looking to expand their capabilities beyond sending printable documents.
How your Trust can surpass the fax
Imagine being able to send not only medical records, but also x-rays, CT scans, MRIs, audio, video, and almost any other kind of file you can think of. That’s the promise of a secure file transfer system. Implementing a solution with mobile app and web portal functionality can also unchain staff from their desks. Not only does this keep teleworking staff members in the loop, but it can be a boon to employees on rounds within facilities as well. However, whatever you’re replacing fax with needs to be at least as secure as fax, but ideally much more so.
Key security features – How to select a safe solution
Block prying eyes with encryption
Many digital methods are passed from server to server across the internet, making them easier to intercept. Email, while convenient, is the digital equivalent of a postcard – wide open for the hackers to see. Any protective security measures applied to it have to be bolted on separately by adjunct solutions, taking away the two things email has going for it: ease of use and accessibility.
Encryption is an essential feature that defines a secure solution from an insecure one.
Prevent staff mistakes and fraudulent access with 2-Factor Authentication
It’s undeniable that one of the biggest breach risks is human error. The UK Information Commissioner’s Office tracked 269 cases of data breaches due to misaddressed email in Q3 of 2019-2020 alone. While we’ve already discussed why email is inappropriate, the same risk often exists for other methods. The ICO recorded 286 cases of records being physically shipped or faxed to the wrong recipients for the same period.
Two-factor authentication (2FA) safeguards against misaddressed messages, but also stolen credentials. While not infallible, it’s become the gold standard for computer security, dramatically reducing risk in exchange for small monetary and sanity cost.
Ease audits with automated recordkeeping
A big part of privacy regulation (NHS Information Governance Regulations, GDPR, etc.) compliance is proving that you’re complying to the ICO and other auditing organizations.
Recordkeeping by hand takes up significant resources and opens the door to human error, so picking a solution that takes records of file transactions automatically is key. Not only do these help you “show your work,” but they also provide valuable visibility in the event a breach does happen.
Clean up loose ends with ephemeral storage
File exchange systems, even secure ones, involve storing data somewhere. That data will stay there forever unless something or someone deletes it. Keeping track of these proliferating copies, and ensuring they’re deleted once they’re no longer useful, could easily be someone’s full time job.
The risk of later discovery is very real, however. In the ICO report referenced above they also tracked 120 breaches due to the loss or theft of storage devices, and 253 due to the lost/theft of physical paperwork or data left in an insecure location.
The best solutions come with a way to automatically wipe files after you’re done with them, so the only copies remaining are under your direct control.
The catch: Usability
Because file exchange solutions necessitate active participation by both the sender and the recipient, people on the other side of the message need to understand how to access the files as well.
Studies show that users are incentivized to go around security that they feel is overly cumbersome. Thus, for any secure communications tool to deliver proper safety, it needs to be easy to use as well. Not only that, but the more difficult it is for recipients and senders outside your organization, the more staff time will be tied up with training & troubleshooting.
Why the NHS National Artificial Eye Service uses OpenText XM SendSecure
Communication with patients, consultants and other stakeholders involves the transmission of sensitive personal data, which falls under the regulatory umbrella of the GDPR, ICO and the NHS Information Governance regulations.
In order to be fully compliant, it’s important that file transfers are encrypted during transmission and at rest. As an added benefit, we also have an increased file size limit of up to 5TB.
-Paul Aspden, Technical ICT Lead, NHS NAES
Read the press release.
Follow the NAES’s Lead to a fax free future for your Trust
If implementing a secure file exchange solution with encryption, 2FA, virus scanning, extensive automatic recordkeeping, incredibly intuitive design, and ephemeral storage sounds like the right next step for your Trust, getting started is easy. All you have to do is reach out to an OpenText expert for more information, a personalized demo, and/or a free trial.