Which is safer to send personally-identifying information – by fax or by email?
Sending information by the (now old-fashioned) fax uses telephone technology, which is its own type of encryption – it is a direct message between the sender and receiver and is often the more secure communication solution. (Note – many fax services are now using fax to email technology which, for this article's purpose, is handled more like email.)
Email is not automatically encrypted – it is not in a code that can only be read by the sender and receiver. It is easy to forward email messages from the intended receiver to someone else or to another type of mobile device (smart phone, forwarded to another email address, multiple computers), and can be saved in many different locations. There is a greater risk of the information going to the wrong person or kept in more than one place – which creates a greater risk to the security of the information.
If you send clinical information by email referring to ‘Client J' instead of full identification, you create 2 new potential problems. If you have not completely and accurately identified the client in your clinical notation, it probably doesn't meet the standards of practice of clinical documentation. If you send a message to another provider about ‘Client J', it is likely that:
a) Someone other than the intended receiver will be able to identify the person of interest. This means that you may be sharing the client information with someone not authorized to receive it – for example, the email may get printed and left in an area that is not secure and be seen be someone not authorized to see it. This privacy breach will be, in part, the responsibility of the sender of the information – you.
b) If the information is sent without full identification, and the receiver makes an error in matching the information to the correct individual and takes further action – like notifying the client of the new action plan that may not be appropriate for them – you have potentially compromised the privacy and confidentiality of the original client and contributed to an error to the second client.
c) If the intended receiver is away, the email message might be overlooked or there may be a delay in response – which might be a delay in client service. In a fax world, there is usually more than one person assigned to monitor the incoming faxes.
Poorly managed fax communication is one of the most frequent sources of privacy breaches. Even though email is now commonly available, it doesn't mean that it is any more secure than faxes. Sometimes, convenience can create more security problems!
Keeping client information confidential and secure is a key requirement in clinical practices. Whatever methods you use, you need to ensure that you have well documented policies and procedures that meet your profession's standards of practice and legislative requirements. You need to identify the risks and strategize how best to mitigate or minimize those risks.