The RCS (Royal College of Surgeons) has revealed that more than 8,000 fax machines are still owned by NHS hospital trusts in England.
In a press release, the chair of the RCS’s Commission on the Future of Surgery, Richard Kerr, criticised the NHS’s continued reliance on the “archaic” technology. He said that, although the health service is increasingly investing in artificial intelligence and imagining in patient care, “NHS hospital trusts remain stubbornly attached to using archaic fax machines for a significant proportion of their communications. This is ludicrous”.
Responding to the research, Phillippa Hentsch of NHS Providers, recognised the need for modernisation in communication methods across the NHS. “For too long NHS capital spending on facilities and technology has been pared back in order to keep services going,” she said.
The appointment of a new health secretary who is a known advocate of digital tech means the paperless NHS strategy and investment in technology is likely to see renewed vigour.
The drawbacks of using “archaic” technology
The fax does have its advantages. Because faxes are transmitted via a telephone line rather than the Internet, they are harder to intercept – a cyber criminal would have to tap a phone line while the fax was being transmitted in order to access it.
However, the risks far outweigh the benefits. For example, the propensity to keep the machines in shared areas means that there is a risk of messages being intercepted. Whether this has a malicious intent or is purely accidental, it would still constitute a data breach if the fax in question contains personal details.
Additionally, the technology’s limitations mean that it is not possible to implement encryption measures, so users must ensure that faxes are sent to the correct recipient.
Fax machines are also outdated. Although many trusts use them, there is a risk that some parts of the NHS are unable to receive communications when they are needed because they lack the necessary technology. This might prevent vital data being shared among healthcare providers or require them to use frontline workarounds, such as WhatsApp, to share information. This can put sensitive data at risk and ultimately impact delivery of care.
The human factor – a mutual weakness
Different communication technologies have different weaknesses, but they are all vulnerable to employee negligence. This, and a lack of basic processes, policies and procedures, is one of the major causes of data breaches. Earlier this year, the ICO’s (Information Commissioner’s Office) quarterly statistics revealed that the loss or theft of paperwork, data posted or faxed to incorrect recipient and data emailed to the wrong recipient were the three leading causes of a data breach.
Educating staff on their data security responsibilities is vital to organisations when addressing their information security practices. Training should be delivered to all staff relative to the data processing activities they perform, and should be reinforced with staff awareness communications and periodic updates.
Drawing on our substantial experience in consulting and training, our Information Security & ISO27001 Staff Awareness E-Learning Course is designed to meet the requirements of ISO 27001, which specifies that it is imperative to address security issues at employee level.
The course addresses the importance of understanding your organisation’s information security policies and explores information security risks within the workplace.
Implement information security practices
ISO 27001 is the international standard that describes best practice for an ISMS (information security management system). Among other benefits, implementing an ISO 27001-compliant ISMS allows organisations to identify and treat security threats according to your organisation’s risk appetite and tolerance.
However, achieving and maintaining accredited certification to ISO 27001 can be challenging, especially if you are new to the Standard.
Our cost-effective ISO 27001 Expertise Bundle will give you a comprehensive understanding of the Standard, its requirements and best practices, and provides expert guidance on starting your implementation project.