Secure Fax Services and EMR

I’ve tried every way imaginable to get away from having to fax things and as hard as I try, it’s just really hard to replicate the beauty of a simple fax to someone. We could talk about the reasons that faxes are so effective and successful (like everyone has a unique identifier…a phone number), but suffice it say that we’re going to be stuck using faxes for a long time to come. Of course, if you read this and you’re in healthcare then you know the love hate relationship with faxing and how faxing is an essential part of every clinic.

Previously, I’ve talked about the value of a fax server in a clinic that uses an EMR. Many EMR companies are even integrating some sort of fax service into their EMR offering. This is beautiful and any EMR company that doesn’t have this service should remedy it quickly. Doctors just get far too many faxes for it not to be integrated with an EMR.

Well, I was starting to get a fair number of requests to fax things and to get some faxes. I dreaded each request since I didn’t have a dedicated fax line and so I’d have to hook up and re-hook up my fax server all the time. Plus, it was pretty unprofessional for me to tell them to call me so I could hook up the fax. As many of you know, I’ve had SFax as an advertiser on this site for quite a while. So, I asked SFax if I could have free access to their faxing service in return for a post talking about their service. I figured their service had to be better than doing what I was doing. Turns out it was 100 times better than I could have even imagined.

Sfax Review
I’m not sure why, but I had the impression that Sfax would be some website where I just uploaded a file and then I could fax it out that way (which they do have). However, one of the coolest features of SFax was their Sfax Driver. It essentially creates a printer on your computer much like a fax server creates. When you print to it, the dialog for sending a secure fax comes up and you’re able to easily fax anything that you can print.

I also wasn’t sure exactly how they’d handle the fax number. Much to my surprise, they assigned me a unique toll free (877) phone number to receive all my faxes. Most doctors office faxes are local, but for me it’s pretty nice to have a toll free number that people can use for my fax number. Obviously, in a clinic you could just forward your existing number to the toll free number and actively promote your new number for a time period. Then, after an appropriate period you can phase out the old number and save the cost of the extra line or re-purpose the line for something else.

It was kind of funny, because the Sfax support people had been reaching out to me to be sure I got the customer service that I needed to be able to use their product. I found their Sfax printer and online product so simple to use that I just emailed them back and said I didn’t need their help. Basically I’d be wasting my time talking to them because their secure faxing was so easy to use.

I will mention that I was pointed to some videos and tutorials that stepped through the process as well. I actually watched one or two of the videos and kind of laughed because the process was so simple it almost felt like the video wasn’t needed. Although, I’m sure some people will enjoy the hand holding.

The receiving a fax was a great user experience too. I got an email notifying me that the fax had arrived. Plus, the online portal gave me access to the entire history of faxes that I’d sent and received. Pretty sweet.

My only real complaints about the product was that at first some of the terminology was confusing. Sfax driver doesn’t intuitively tell me that it’s going to set up a local printer on my computer that I can use to fax out. I also wish they had a quick way to send a fax to a new phone number. Maybe there is and I just missed it, but it seemed like you needed the phone number in your “Contacts” list in order to send the fax out. Sure, a contacts list is a great feature since you often send something to the same place. However, there’s always those one off faxes where you don’t want that phone number in your contact list. You just want it for that fax.

I won’t cover all the other standard benefits of electronic faxing (ie. no printing, no scanning, no creating cover letters, etc etc etc). Suffice it to say that Sfax had those benefits as well. They also had a bunch of features like Starred Faxes, Forwarding Faxes, and Draft Faxes. I’m not exactly sure how I’d use a Starred Fax (It’s like the Starred feature in Gmail if you’ve used that), but forwarding a fax is a great idea and I’ve used Draft Fax a few times when I needed to go and get more info before sending the fax.

I also love that their online portal can be accessed from any computer I’m using. So, I can access all my faxes in one place and can even send a fax from any computer in the world. Pretty sweet.

EMR Faxing Integration
I wouldn’t be EMR and HIPAA if I didn’t talk about the possible integration of the Sfax secure faxing technology with an EMR. Sfax offers three ways to fax: Sfax Driver (Desktop), Sfax Online (Web) & Sfax API (Integrations). Of course, the API integration piece is the most interesting when it comes to EMR.

Sfax actually has provided a white label fax solution for 7 different EMR vendors and 6 other healthcare solution providers with 8-10 other healthcare software company integrations in the works. So, you might even be using Sfax and not even know it. I can’t say which companies for obvious reasons, but I can see this type of EMR integration working really well. They even mentioned some clever integrations with adding/reading barcodes and automating handling.

Here’s their comments on their faxing API:
We have great API documentation, sample code, test harness (and test account) and have had integrators faxing out from their app in 2 hours! Our delivery rates are industry leading along with error reporting through API. When the integration is done right, the document exchange(fax) part is just beautifully fitted into the natural workflow.

If I was an EMR vendor and didn’t have an integrated faxing service yet, I’d be on the phone to Sfax to talk about leveraging their API so I could worry about other EMR features.

Digital Signatures
Sfax offers a built in set of features for digital signatures. I had a lot of questions about digital signatures and adoption of digital signatures in healthcare and so I’ve asked Sfax to do a future guest post on the topic. So, watch for that.

Fax Security
All of the Sfax online faxing portal uses https 128 bit encryption. Yes, that’s the level of encryption that’s used by the best SaaS based EMR software and all the other e-Commerce sites you might use online. Turns out my first fax was filled with my social security number and other personal info. So, this level of encryption was absolutely necessary for me. Plus, is a requirement for HIPAA if you plan on faxing any PHI.

Secure Fax Pricing
You can check out all the Sfax details including plans and pricing on their web page. They just launched a $24/year plan for people like me that do a pretty low volume of faxing. Then, they have monthly plans from $15/month to $199/month depending on the number of fax pages per month, toll free numbers, API access needs, importing contacts, tailored cover pages, etc. You can also sign up for a 14 day free trial to test it out yourself.

Summary
I honestly wasn’t sure how well Sfax had done at taking the headache out of faxing. Turns out, now I don’t blink an eye when someone asks me if they can fax me something or if I can fax them something. It’s as easy as sending an email now. I just fax away.

Needless to say it’s a lot cheaper and easier to use Sfax than a $10+ per month extra phone line, a $50+ fax machine. Not to mention the paper, tonor and desk space the fax machine requires.

About the author

John Lynn

John Lynn is the Founder of HealthcareScene.com, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference, EXPO.health, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.

20 Comments

  • Laura beat me to it John… great review and after checking out Sfax website I think ought to consider switching from eFax. Thanks.

  • Thanks guys. I hope people find it helpful. It’s fun to do these types of reviews.

    Now I just need to get the Lenovo guys to let me review one of their laptops or an iPad EMR vendor to get me an iPad so I can test their EMR on the iPad and do a review.

  • Thanks for the info. I send less than 20 faxes a year, and have been trying to find a good solution. Paying per fax (but paying extra so they don’t put ads on my cover sheet) is how I’ve handled it so far… I’ll definitely check out Sfax now.

  • John… Way back in early 2009 in one of our first backchannel conversations I asked you about Fictrix Digital Pen.

    They’ve done some more development here’s their health care link …

    http://www.fictrix.com/en/2-3/Healthcare.html

    Also … maybe if an iPad EMR vendor doesn’t get you an iPad … maybe there is a developer who is looking at the Android-based Samsung Galaxy Tab…

    http://liliputing.com/2010/12/samsung-galaxy-tab-review.html

    … or perhaps Linux-based German Neofonie WeTab

    http://liliputing.com/2010/06/noefonie-wetab-german-tablet-to-be-partially-ad-supported.html

    Adoption of EMRs will be driven by useability of the entire integrated package … to accomplish in one motion multiple tasks and directions which ordinarily would involve multiple one on one events between the senders and receivers both vertically and horizontally within the practice’s immediate community.

  • I’d be interested to hear about someone actually using that pen. You know me. I’m far too practical.

    I’d definitely take a Samsung Galaxy if someone wanted to provide one. Android is going to beat the iPad one day. Although, it’s still early for both.

  • John, unless I am missing something, these guys are super expensive. Our fax service is Metrofax.com and only costs us about $35-40 per month, based on volume. We end up doing close to 2000 pages of faxing per month for this $35-40. This is included in one of my upcoming blogs but may not be out for a while since I am going to break my “tips” list up into about five separate posts. Check out the pricing on the metrofax.com website. There is no driver setup fee.

  • I have to question what does it mean to be truly HIPAA compliant in 2010? Seems that the standards are vague and subjective. I’d find it hard to believe that one could find an electronic fax service or an email account that wasn’t highly encrypted in 2010. The whole concept of “reasonable efforts” at maintaining confidentiality seems to be in favor of the practitioner rather than requiring someone to purchase only products and services that advertise as “HIPPA compliant”. Seems a bit gimmicky.

  • Michael,
    Actually, email is almost never encrypted. Some email is encrypted when you read it. However, when it’s being sent from one email system to another using SMTP it’s almost never encrypted.

    There is a way to encrypt email sent between 2 systems, but so far a standard for encryption between any email has not been established and so almost none of it is encrypted. In fact, most times when an EMR or other patient portal wants to send a secure email/message to someone they send the email which contains a link to an encrypted website that has a login. The reason they do this is because there’s no recognized and adopted standard for encryption of email.

    This is why having it based on email means that there’s almost no way that it’s encrypted. The only security email offers in this manner is essentially security because there’s so much volume that it’s harder to find something of value amidst all the MASS of emails.

    Don B,
    Facebook is not HIPAA compliant. Unless it’s a Facebook app which has done something extraordinary. Although, that’s a bit of a stretch. Of course, someone who chooses to share their health information on Facebook can do so if they want since it’s their health info.

  • Let’s clarify some key points that are often misunderstood.

    Unlike the plethora of other fax over email providers, Sfax does not use email to transport documents at any point in the process. Although email is a used every day, it is inherently insecure and is much like sending a postcard. My question is would you send credit card information or PHI on a postcard? I think not.

    When you use an fax over email service, that email content and any documents attached get read and stored multiple times en route by ISPs, servers, firewalls, virus checkers and, perhaps more worryingly, unscrupulous ‘bots’ that harvest email data and the content within attachments. Most fax over email providers do not comply with the latest SOX, HIPAA and encryption regulations.

    With Sfax, we have designed a service that ensures your documents and data are protected end-to-end using a combination of 128-bit SSL and base64 encryption. We only use email for notifications and not natively for the exchange of documents. At the request of customers, we have the ability to forward received faxes by email but give you a ‘health warning’ before allowing you to send.

    The other issue with fax over email is that it is difficult to track missing faxes. With Sfax, we provide a complete audit trail with the ability to track the document exchange through the entire lifecycle with industry-leading delivery rates and exceptional error reporting and handling.

    Additionally, we have a whole host of physical, organizational and the technical measures to protect the confidentiality and integrity of information being communicated using Sfax. HIPAA-compliance is no gimmick, we take it incredibly seriously. To discover more about Sfax security, take a look at http://www.sfaxme.com or contact us to answer specific enquiries.

  • John, I thought you might have given more detail and further explained the several ways to fax from a computer:
    The first, (Desktop) uses a phone line which connects directly to the local computer/server (via modem) and faxes are sent over the PSTN from your local computer/server to the fax machine at the other end (secure, HIPAA compliant).
    Second, (Desktop/Online) this is where the fax is sent (via cleartext, basically emailed over the internet (SMTP)) to the fax service’s server, then it’s sent from their server over the PSTN to the fax machine at the other end (unsecure).
    Third, (Online Portal) you securely logon to the fax services web server (via SSL) and send faxes from their server over the PSTN to the fax machine at the other end (secure, HIPAA compliant).
    I would be surprised if their “cool” Sfax Driver uses the Online Portal and actually encrypts the connection before it’s sent over the interweb to their server-then to on to the destination fax machine…I could be wrong, but most aren’t working that way and Digital Signatures doesn’t mean secure!
    Faxing really hasn’t become any more convenient over the last 20+ years…that’s where email was supposed to takeover. D’oh!
    Sfax, eFax, blah, blah, blah, it’s all about the cost…

  • packets,
    I’d have to sniff the connection to be sure, but looking at the way the app connects to the Sfax site, it seems like the Sfax Driver is creating a secure connection. That’s why I found it so amazing. Of course, if I were in a practice that wanted to use it I’d pull out the sniffer and see it in action to be sure.

    I’ll send this to the Sfax people to respond as well.

    Yes, Digital Signature in this case doesn’t have anything to do with security of the information being sent.

  • John,
    With another look, Sfax’s website shows the Online Portal is HIPAA compliant, but the Sfax Driver page mentions nothing about being compliant what so ever…might be worth further clarification from Sfax before more misunderstanding.

  • Packets & John. Apologies for delay, we’ve taken a couple of days off. For clarity, the entire Sfax suite, Sfax Driver, Sfax Online and Sfax API (web services) are HIPAA-compliant. Remember, SecureCare has spent 10 years focusing on the development of messaging and document exchange solutions for the rigors of healthcare. Our patent-pending Sfax Driver encrypts and securely transports your document to our Sfax Fax Engine which then delivers that fax securely to the recipient. If you need any further clarification, take a look at Why is Sfax secure? or email aszymanski@sfaxme.com.

  • You can also check out another company called Updox.com which provides all of the features you are discussing. We use it with Amazing Charts. It does our fax, patient portal and secure messaging. I think they also are integrated with Soapware from what I remember.

  • There are many choices out there…The big ones for enterprise customers are: EasyLink, J2 (generally SOHO, but recently acquired Venali and MyFax which medium sized business clients) and Graphnet…

    There are many Mom and Pop type providers…Just do your homework…

Click here to post a comment
   

Categories