[cknight]

IT Manager of a large medical centre in Australia here. I've been spending quite a lot of time trying to minimise the number of faxes we send and receive but there's only so far I can go.

Email and fax-to-email services are generally frowned upon by the relevant medical accreditation boards, as they consider these to be insecure unless PGP is used. Email addresses have the ease of use and interoperability that fax numbers have, but PGP throws that right out the window.

Beyond the technical discussion, I remember reading that fax is considered "secure" from a regulatory/legal standpoint because fax lines are subject to wiretapping laws just as a regular phone line is. An email however, sent in plain text, can be legally read by anyone along the line who has the authority to do so. No surprises there, we know what GMail does.

What we've ended up with in Australia is a trio of internet-based secure messaging systems which have only just recently been in discussions about interoperability between themselves. I believe two of them are just end-client software which automates the PGP encryption/decryption of a given email address that you register, sending and receiving directly from your practice's clinical management system. Uptake has been kinda miserable. Until the systems are interoperable and have a large centralised directory of all health practitioners in the country, uptake will remain low. It's also only for medical practices and hospitals. It doesn't cover all the crap we get from legal and insurance firms.

Other legal issues are also stymieing progress. I have been told specifically by the CEO of a large specialist group that they won't be using any of the above systems, because having the software available means they might get electronic referrals directly from GPs.This would be instead of paper referral letters that simply go with the patient. This changes the legal onus of who is responsible for following up with patients who don't make that specialist appointment when referred. It matters when a patient decides not go do anything with a given referral, and then finds out they're terminal months later.

And so, we fax and get faxed. And it sucks.

[TeMPOraL]

> I have been told specifically by the CEO of a large specialist group that they won't be using any of the above systems, because having the software available means they might get electronic referrals directly from GPs.This would be instead of paper referral letters that simply go with the patient. This changes the legal onus of who is responsible for following up with patients who don't make that specialist appointment when referred. It matters when a patient decides not go do anything with a given referral, and then finds out they're terminal months later.

Oh my. The unexpected legal implications and associated perverse incentives. Thanks for sharing that!

Reminds me of what I heard about information security space, where some large companies don't want to know their risks too well, as if something would happen, they wouldn't be able to say "we didn't/couldn't have predicted that".

[skeletal88]

Why not have an official secure data exchange layer, so that when one hospital wants to talk to another one, they all do it using this secure channel, not by sending e-mails or faxes.

Like.. the one Estonia has and uses for all the government services, registries and hospitals.

https://en.wikipedia.org/wiki/X-Road

Source: am Estonian.

So weird seeing other countries doing backwards things.

[askvictor]

I wonder how this squares with the NBN, given that, once activated, the traditional phone line ceases to exist, and you use VoIP instead. And that the POTS will be entirely deactivated (in theory) once rollout is complete.

[brokenmachine]

>I wonder how this squares with the NBN, given that, once activated, the traditional phone line ceases to exist, and you use VoIP instead. And that the POTS will be entirely deactivated (in theory) once rollout is complete.

Talking more about citizens phone lines than medical stuff now, but...

Surprise, surprise, all of a sudden there's no warrant necessary for wiretapping.

Wonder how many of our elected representatives are working long hours to fix that curious oversight?

[cknight]

All our fax machines are already using Cisco ATAs to connect to our VoIP system anyway. Only problem I've ever had with that aspect was a dud ATA.

I know many practices use eFax though, even though it uses email and hence is against accreditation standards. Small one- or two-practitioner clinics don't have the means to trudge through the RACGP's information security standards like we do.

I did trial a local Australian eFax competitor who offered a fax-to-my-server-via-SFTP method, and was accredited with several government health agencies. The PDF image quality sucked so badly though, I couldn't run with it. Illegible. Even if it worked well though, it's still just faxes as image files, which is painful. OCR doesn't look like it'd help much, even before you think about doctors handwriting.

I've got 30 practitioners and I need incoming messages to be directed to their respective inboxes in the practice management system so we don't all go crazy.

[tomjen3]

Would a physical fax machine that saved the incoming faxes as a searchable PDF on a network drive make sense? It could literally just have a folder you put things in and then you could select the recipient on some webmanager.

[cknight]

At the moment we have non-searchable PDFs coming in to a network drive. These are manually reviewed and sent to the relevant GP's inbox (or to nursing or to management) as necessary, with the relevant patient selected so all the doctor has to do is read it and hit "accept" or "seen". They're not willing to do more than that, of course.

Adding in OCR to make the documents searchable doesn't help a lot on its own. Just because one of our GP's names is listed on a fax doesn't mean it's actually for them, nor does another name mean it is the patient in question. A lot of names get put on these documents. Every fax we get is laid out differently, there's no consistency of any kind. Faxes being unreliable means we are sent plenty of duplicates, half-sent documents, and upside down ones too.

Nothing can beat an electronic message that contains the recipient doctor's ID, the patient's name and birth date (we have plenty with same names), and all the other relevant info. It's the only way forward.

[ocrcustomserver]

If this is important to you (extraction of information like ID/name/date from non-searchable PDFs), you could send me an email and we could discuss it further.

I might be able to help you with this.

[viraptor]

Doesn't Medical Objects try to end this insanity without email or fax involved? Or are they the ones with email+PGP in the background?

[cknight]

They are just one of the 3 big providers. Argus is the PGP one I am most familiar with.

I don't know a lot about the inner workings of Medical Objects or the third one, HealthLink. I just hope their interoperability discussions end up being fruitful.

[viraptor]

Would be great. Whatever they achieve, it will still be better than letters from one GP to another: we use BP, please send us the patients data in xml format. (Which may or may not load depending on what the other side uses)

[nradov]

Is anyone in Australia using Direct Project secure messaging? It should meet the legal requirements and is easier to use than PGP.

http://wiki.directproject.org/Main_Page