📠 Fax isn’t legacy tech — it’s the fallback plan that (almost) never fails.

—My thoughts, rewritten by ChatGPT 4o

Walk into almost any medical office in America today, and chances are you’ll still hear the screech of a fax machine. Lab results, referrals, records, prior authorizations—all flying through a phone line like it’s 1998. It might surprise you that healthcare, which otherwise boasts robotic surgeries and AI diagnostics, still relies heavily on a technology most industries buried a long time ago.

But fax isn’t a bug of the system—it’s a feature. Blaming doctors for “refusing to move on” misses the real story.

Let’s break down why fax remains dominant, what’s been tried to replace it, and why those efforts keep falling short.

The video version of this article is embedded below and available on my YouTube Channel.

The audio podcast and video versions are also available on the Podcasts Page.

Why Fax Refuses to Die?

The HIPAA Loophole

Fax is a direct conduit from sender to receiver, without an intermediate entity storing the information, similar to a postal service like USPS. This is why fax is exempt from the HIPAA Security Rule. However, it still falls under the HIPAA Privacy Rule as long as appropriate safeguards are met (correct fax number, factsheet without PHI, etc).

Fax, however, is not exempt from HIPAA rules. The key distinction lies between HIPAA’s Privacy Rule (covering health information in any form) and its Security Rule (applying specifically to electronic Protected Health Information, or ePHI). Fax falls under the HIPAA privacy rule.

Forget regulations for a moment. Fax hands down wins the convenience war. However, to understand why fax is more convenient than other technologies on the market, we need to understand the workflow.

The Workflow Advantage

The workflow in any medical practice depends on the following to communicate with other healthcare providers:

1. Universally accepted method

2. Easy to find the fax number

3. Shared “Inboxes”

4. Inexpensive

5. EHR Integration

Why Fax Wins Day-to-Day

Fax checks most of these boxes. It is universally accepted, and everyone working in healthcare has a fax number and relies on it. These fax numbers are readily available via central directories maintained by healthcare companies, including EHRs, or publicly available on the provider's website. All the office staff has to do is google the doctor’s name, and they will find the fax number.

Faxes give the office the ability to manage all incoming and outgoing faxes in a centralized workflow, where any staff member can send or receive faxes and act upon the information.

Fax is an inexpensive option to set up and maintain, compared to point-to-point integrations (e.g., EHR to different labs, radiology centers, insurance companies), which can be cost-prohibitive, especially for smaller practices.1

Manually sending and receiving faxes has many problems, including the dreaded “We never received the fax.” The hidden costs of fax that go unnoticed are:

• Re-faxing and phone follow-up when transmission fails

• Manual data entry into the EHR (no structured data)

• Staff time wasted chasing confirmations

• Delays in patient care from fax processing lag

The Rise of eFax

The evolution and implementation of eFax integrated into the EHR has dramatically improved workflows. Medical staff can send and receive faxes directly from within their EHR, eliminating the need for paper for the most part.

The Failed Replacements

But convenience alone doesn’t tell the whole story. Many tools have tried to replace fax, and failed. Let’s look at why.

Health Information Exchange (HIE)

HIEs were never really designed to replace fax machines head-on. They solve a different problem — and even then, they often solve it poorly.

HIEs are designed as “pull systems”; that is, doctors must search for patient records using either a different tab in the EHR or a separate software application to view them. Also, not all healthcare entities share data with HIE, including many medical practices, labs, and radiology centers. Furthermore, when data is shared, it may be limited to just demographic information.

Lastly, HIEs are not designed to handle administrative tasks such as referrals, prior authorizations, insurance communications, and sending and receiving orders. Therefore, even if the patient’s clinical data is viewable in an HIE, the transactional paperwork still needs to be faxed.

Secure Email

You might think email is a natural upgrade. In fact, we hear all the time, why can’t doctors just use email? But in reality, email complicates the workflow far more than fax.

First and foremost, regular email services like Gmail or Outlook are not HIPAA-compliant. Healthcare professionals must either use a secure email service (like ProtonMail) or layer security software onto an existing provider (such as Mimecast or ProofPoint). The healthcare provider must also sign a Business Associate Agreement (BAA).

Using a HIPAA-compliant email is enforceable. Healthcare organizations have also been using it for business use cases. However, it creates big problems when used for frontline care delivery – both for the sender and the receiver.

If you have ever received an encrypted email from outside your organization, you know how frustrating it can be. You need to create a new password or change your existing password to access your email. And if you want to keep that email as part of your record, you have to print and scan it to ensure you have a legal copy. Now, imagine performing this workflow for hundreds of entities almost daily!

This is the central problem with secure email. Doctors’ offices routinely exchange medical information with hundreds of other healthcare professionals. Logging into hundreds of different secure portals to access emails, printing them out, and scanning them into the computer is a non-starter. The workflow for using secure email is illustrated below.

Direct Messaging

The government tried to fix the fax problem through a Meaningful Use (MU) regulation. All EHR vendors, as part of MU are required to implement Direct Secure Messaging, which works similarly to secure email transmission from one EHR to another. In theory, EHRs themselves become the email service provider. This would allow healthcare professionals to send emails directly to each other from the EHR, without worrying about managing hundreds of passwords.

Sounds like a great idea. So why hasn’t it caught on?

• Not universally accepted: Medical offices still would need to fall back on fax to send orders to some labs, radiology centers, insurance companies, etc.

• No universal “provider phone book”: It’s challenging to find the secure email address of the recipient, such as the doctor.

• Shared Inbox: Currently, when Direct Secure Messaging is used, most messages are sent directly to the doctor, which can create inbox fatigue and lead to burnout. The routing functionality to determine which message should go to doctors vs other staff members is very clunky (maybe AI can help).

• Buried in EHR menus: Many doctors are unaware that they even have a Direct inbox or how to use it.

Direct works well when both sides know how to use it. But fax still wins by brute force: everyone has one, and it just works.

FHIR and APIs

Fast Healthcare Interoperability Resources (FHIR) and Application Programming Interfaces (APIs) are not-so-new kids on the block.

• FHIR defines what healthcare information looks like — the language and structure of the data, such as “Condition,” “Patient,” and “Medication.”

• APIs define how that information travels — the road systems used to exchange the information securely.

Example:

• Resource Type: Condition

• Specific Condition: Hypertension (ICD-10 Code: I10)

• Action: A “GET Condition” API request asks another EHR to retrieve and send back that diagnosis data in FHIR format.

The theoretical model is beautiful. Standardized data elements that can be exchanged between EHRs. However, it does not solve some of the problems that Direct Messaging is plagued with:

• Not universally accepted

• No universal directory or routing infrastructure

Another key distinction is that Direct Secure Messaging is a ‘push’ workflow, while FHIR is mostly a ‘pull’ workflow.

So, suppose a doctor enters a referral order in their EHR, which uses a FHIR and API-based system. In that case, their office staff still has to call the specialist’s office to “pull” the order from their system, assuming the specialist's office EHR also uses a FHIR-based API.

FHIR-based APIs can “push” information, but to my knowledge, adoption has been minimal.

From EHR Lock-In to API Gatekeeping

Currently, healthcare data is locked into EHRs, and the most reliable way to exchange data is via fax.

FHIR-based APIs have the potential to modularize the exchange of healthcare records, but create opportunities for new monopolists—those who control API access points—mirroring Christensen’s cycle of integration and modularity.

“Just as Microsoft dominated PCs through OS control, Epic today controls access through EHR ownership. Now, vendors like Redox, Particle Health, and even Epic’s own App Orchard are repositioning to control access through the API layer.” Do you think the Epic-Particle lawsuit is only about data control? Think again!

Healthcare risks swapping an old EHR monopoly for a new API gateway monopoly.

Conclusion:

Fax Isn’t Broken—Everything Else Is.

Fax persists in healthcare because it meets our workflow needs, amplified by its network effect. This makes it practical despite its flaws. Replacing fax requires solving workflow issues along with creating a new network effect. And, creating a brand new network is very difficult.

And guess what—eFax builds on the strengths of regular old fax lines. The integration of AI eliminates concerns regarding standardization and communication protocols.

Until digital tools beat fax on usability, cost, and universal acceptance, fax will remain the most modern dinosaur in medicine.

Up Next

I have quasi-completed two series of articles/videos on PCP Lens, Value-Based Care series, and the Quality series. However, I will revisit them in the future, as there is still a lot of material to cover.

With the next article, I am starting a new series on the Determinants of Health, or the DOH (pronounced “duh”) series.

Refer a friend