The eFax Blog

GDPR and Healthcare: A Simple Change to Aid Compliance

November 16, 2018 - by eFax Team

Do you have concerns that your healthcare practice, trust or organisation is not GDPR compliant? eFax explains one simple change you can make to reduce your chances of falling on the wrong side of the European Parliament.

Article overview:

Fax Machines and GDPR Complications

The introduction of GDPR has changed the way many industries store and use personal data, and the healthcare sector is no exception. But healthcare organisations are facing risks associated with GDPR compliance due continued use of physical fax machines.

Use of fax machine technology puts your healthcare organisation at risk of non-compliance due to:

  • Potential for unauthorised file access through paper files being left unattended
  • The fat finger problem - documents being sent to the wrong number
  • Transmission of unsecured data
  • Weaknesses in the physical fax machine security protocols
Businessman holds documents in front of the printer

Healthcare organisations have experienced a multitude of data protection challenges due to heavy use of physical fax machine technology, but faxing is an essential practice embedded in the healthcare sector.

eFax has a solution.


The Solution for Healthcare Organisations

Online cloud faxing improves GDPR compliance for your healthcare organisation while allowing you to maintain all current fax security and processes.

Through the use of digital technology, the use of online cloud faxing ensures:

  • Files are sent securely
  • Data is kept accurate
  • Unauthorised file access is avoided
  • Information is always transmitted to the right place
  • Your IT systems remain secure

You can upgrade your practice or organisation to eFax today and get immediate access to online faxing. It’s quick, simple and you can keep your current number. Benefits of eFax include:

  • Send and receive fax online through eFax’s bespoke software solutions
  • Continue sending and receiving fax to and from other physical fax machines, ensuring comprehensive communication with others in the healthcare sector
  • Find an affordable solution to fax machine inadequacies that reduces GDPR risks

Learn More! Read the Full Story Below


Everyone is at least aware of GDPR.

May 2018 saw a deluge of emails and marketing materials fill our inboxes, as many businesses and organisations worked with their legal departments to shore up their customer data and ensure they complied with new regulations. It was impossible to ignore. Yet, despite all this, many organisations and publically operating entities — such as health care trusts and practices, as well as others working in the healthcare sector, including chemists; pharmaceutical companies; dental surgeries and more — could still be at risk of GDPR non-compliance.

How is this possible, and what is the risk?

What Is GDPR?

GDPR is a set of laws enacted by the European Parliament in 2018, which provides a new level of governance to the entirety of the European Union. It changed the way organisations and businesses act on the behalf of individuals and protect their personal data. Responsibility and culpability for breaches of personal data essentially became far more serious. The way in which personal data is acquired, handled and stored was adapted at a fundamental level, which resulted in sweeping changes across many industries and sectors.

How Does GDPR Impact Healthcare?

It all comes down to patient data. Almost every organisation operating within the medical sector will be required to use and store personal information on patients. If you are working in the healthcare field, you likely have data comprising of very sensitive, personal information, such as medical and mental health conditions, alongside traditional data, like home addresses and contact details. All this data must be protected under GDPR compliance laws. Failure to do so can result in serious legal action against your trust, practice, organisation or business. This includes massive fines and potential court proceedings.

What Are the Current GDPR Healthcare Problems?

The healthcare industry faces a challenge. Fax continues to be essential, but the physical fax machine itself presents so many problems. For some organisations, simple to make mistakes have led to big problems. In 2017, it was revealed that the NHS had lost around 700,000 documents over the course of the previous years. 500,000 of those contained sensitive information, and a few thousand instances led to some form of patient harm. Most of these documents were lost from GP practices and small trusts, but how could so many files disappear? There are numerous factors involved in the loss of data, but one of the principal problems was the widespread use of outdated physical fax machines.

The loss demonstrates the risks of physical fax machines, but with such universal use of fax in the British healthcare industry, you can’t simply stop sending them. A solution is needed; a replacement for the physical fax machine that doesn’t mean you can’t send faxes. A solution that is compliant with GDPR and simple to implement.

eFax’s secure online fax solutions for healthcare professionals can help to negate a number of issues posed by fax machines, including data loss, while still being easy to implement. Discover how you can become more GDPR compliant instantly and still maintain the ability to send and receive faxes with our bespoke software.

Fax Machines and GDPR Compliance

The NHS and associated bodies have faced a number of cyber attacks in recent years. The healthcare sector is a prime target for criminals and data thieves, given the sheer volume of information it needs to store. The news that there are thousands of physical fax machines in use, then, does not bode well for security, data protection and, therefore, GDPR compliance, thanks to the discovery of the “faxploit”. The faxploit is essentially a weakness in fax machine security protocol — they don’t have any — which means hackers can enter connected IT systems through fax machines and wreak havoc. Since organisations are required by GDPR law to encrypt and protect data, having weaknesses like this means they simply are not compliant and can face the associated repercussions.

But physical fax machines present other GDPR nightmares as well. Current physical fax-based systems being used by the NHS have been referred to as “downright dangerous” in terms of data security by Health Secretary Matt Hancock. This is due to:

  • Unauthorised Document Access: When a fax comes or goes through a physical fax machine, it sits in a tray or waits to be printed off. This means that unless the proper person is at the machine at the time of transmission, the fax is accessible to anyone else who can access the unit. This could be staff or even members of the public. These people could potentially view or take the fax, which means patient data becomes vulnerable and GDPR laws are not being complied with.
  • The Fat Finger Problem: Fax is sent via a dialled number. A number can be incorrectly entered or misdialed. The risk here is that sensitive patient data is submitted to the wrong machine and then accessed by the wrong people, a direct contravention of GDPR law. There are clearly reported cases of this happening within the healthcare sector, which means it is not a problem in concept only, but something that really does occur.
  • No Data Encryption: Physical fax machines are a technology that was popularised in the 70s and, 80s but actually began life in the 1800s. As a result, they are’t fully protected by modern data encryption — there are weaknesses that occur during stages of transmission that can be taken advantage of. This means that files sent via physical fax machines lack some of the basic security measures required by GDPR for sending data. If a fax sent via a fax machine is hacked, the regulations will demonstrate that you haven’t put enough security measures in place to ensure data is protected and, therefore, you are liable to incur legal consequences.

All of these issues create a major problem for you and your healthcare organisation, no matter where you operate within the industry. The challenge is removing your fax machine without losing the ability to fax and causing upheaval in the process.

The solution is online cloud faxing from eFax.

What Is Online cloud Faxing?

Online cloud faxing is the 21st-century answer to the current problems facing old-fashioned and outdated physical fax machine technology. It isn’t a re-invention of the wheel, but, instead, an evolution of a tried-and-tested communication platform that is no longer suitable for use in a digital era. Online cloud faxing from eFax takes traditional faxing and injects it with new technology to create a comprehensive faxing solution that operates entirely in a digital format.

How Does It Work?

Our bespoke technology helps you manage the process of faxing, without the need for additional training or new hardware. You simply sign up, request to move an existing number or choose a new number and you’re ready to start faxing. You can also download our mobile application to your smart device so you can fax remotely. You can then view, send and receive fax files. To send a fax file, you can either send a digital file — if it already exists on your device or computer — or you can use a camera to capture a physical copy of a document, upload it to our software and send. If you need to sign the document, you can do so using your touchscreen as eFax software has digital signature capabilities included. There is no need to print documents purely for the sake of signing and scanning them back in.

With our software, you can both send documents to and receive them from old-fashioned physical fax machines. Just because you don’t have a physical fax machine anymore, doesn’t mean you can’t communicate with them. Your software still operates using a fax number and is formatted to accept all types of faxed documents. You can access your faxes via the secure eFax portal or use your email to send and receive faxes - we can even port your existing fax number for a seamless transition!

How Online Faxing Can Support GDPR Healthcare Goals

We’ve already outlined exactly what the problems are with fax machines when it comes to transmitting files while remaining GDPR compliant. We’ve also mentioned how eFax’s online faxing works. But how does adopting our software negate the risks to patient data and improve your healthcare organisation’s GDPR compliance?

  • Encrypted and Secure: eFax online cloud faxing uses the latest security protocols and encryption to secure all messages sent and received by our service. As part of GDPR, your healthcare organisation is expected to take every step possible to ensure that the security of your data transmission meets modern standards. By using eFax, you can be assured that this is the case and that you are compliant with these regulations. eFax Corporate is also Level 3 of the NHS Digital IG Toolkit assessment so you can be comfortable it meets your security needs
  • No Risk of Unauthorised Access: Faxes sent using eFax are set behind passwords and access controls: only those authorised to view the file may view it. This means your fax isn’t sat on a machine waiting to be read by somebody who isn’t authorised to do so. Faxes are also sent to pre-set contacts, in the same way you’d access a contacts list on a mobile phone. The result is that you cannot misdial and send faxes to the wrong place or input the wrong information. Your contact list ensures the fax you transmit always arrives to the intended recipient.
  • Always Accessible: Physical documents go missing. Physical documents can get lost. This means vital, sensitive patient data is lost. While this is a problem for GDPR compliance in terms of potential breaches, it also means it cannot be destroyed or changed at the request of an individual, which also violates GDPR laws. You cannot then keep track of what data you possess, which, again, creates problems. Online faxes can be stored either on your network or if you prefer, they can be stored on our cloud server, making them easy to access and view at any time. The result is that files are never lost and you can always ensure they can be accessed for GDPR purposes and for audits.
  • Immediate Access: Get immediate access to GDPR compliant software by signing up to eFax today or asking for a call back to talk to one of our team to spec out a solution which meets your organisations needs. Our 30 day free trial allows your healthcare organisation to test and experience the security benefits of online faxing without any contracts, commitments or fees. Start using eFax now and become instantly more compliant with European regulations.

Achieving Online Faxing Integration for Better GDPR Healthcare Compliance

What your practice or organisation operating within the healthcare industry needs more than anything is a major update in the way you communicate. You need to Ax the fax machine and move into the 21st century if you are going to be truly GDPR compliant.

eFax - our specialist online cloud faxing service - starts at just £11 per month and has different pricing options based on what your organisation needs. This allows you to move your practice, trust or organisation towards more secure digital practices that protect personal data, without excessive costs or the need to wait until the entire healthcare system ditches the fax machine.

Integration is easy and requires no new hardware or phone lines. Simply sign up for our 30-day Free Trial, download the eFax software to your workplace devices and immediately start sending fax online. Enjoy all the GDPR-boosting benefits of online faxing, while staying connected to the larger healthcare community, all at an affordable price.