Faxing Confidential Information
Faxes of confidential information are particularly vulnerable to interception, and in principle confidential, clinical or personal information must not be sent by fax. As NHSmail provides national email and fax facilities and is the only service endorsed for email communications, it is recommended this mode of transmission is used where possible. If this is not possible then the following procedure must be followed:
The following guidelines apply when faxing of any information of a confidential nature to minimise the risk of confidential, person or patient-identifiable information being divulged to any non-entitled persons.
Position & Access Controls
- Fax machines must be sited in areas where the general public, or those without a ‘need-to-know’, do not have physical access, either to the machine or to the documentation.
- Frequently used numbers should be identified and programmed into the “memory dial” facility to reduce risk of misdialling, ideally restricting these to ‘Safe Haven’ numbers.
- Fax machines must only be operated by users authorised by the ward/dept manager and these users must fully understand their responsibilities for maintaining confidentiality.
- Arrangement must be made for the handling of confidential information that may be received outside of normal working hours. This could be addressed:
- By the fax machine storing information overnight without it being printed out (messages are received and stored in memory, either the fax machine or computer, which requires a controlled password to access the message).
- By nominating a member of staff to be responsible for checking the machine each morning (e.g. ward clerk), and who is responsible for collecting, holding and delivering the faxed information to the appropriate person and,
- By the room being locked.
- Staff must make every effort to use ‘Safe Haven’ fax machines whenever possible when it is necessary to transfer confidential data by fax.
- Only the minimum personal/confidential/patient information required must be sent. The CHI number is a unique identifier which eliminates the need to use the patient’s name etc. The CHI number must be used when sending patient identifiable information to other health care organisations.
An Equality & Diversity Rapid Impact Assessment has been completed for this procedure No negative impacts have been identified.