Are you prepared for the fax ban? Do you have an NHSMail email address to be able to work with the NHS and your local health services when they will no longer use fax machines at the end of March?
Mmmm? What’s that Chris?
In case you didn’t get the memo (faxes can be so unreliable), the NHS and related health services are supposed to be fax machine free by the end of March. They will no longer accept faxes from you but will only work with you using their NHSMail platform.
If you still haven’t got NHSMail accounts for your care homes, then act now because time is fast running out.
In January last year Matt Hancock banned hospitals and other health services from buying new fax machines. The aim is a total ban on using them by March 2020.
So, if you still use faxes, from the 1st April how do you refer a resident for a tissue viability or SALT assessment, or request a GP visit?
So, what’s the big deal – you’ll just email, right?
If only it were that simple.
Your usual email, firstname.lastname@example.org, isn’t going to cut it.
The NHS have their own secure NHSMail email platform and need you to use that to communicate with them. That way they know that you are sharing personal and sensitive information ‘securely and correctly’.
That means, if you don’t already have one, then you need to get your skates on. You need to have NHSMail email addresses for those staff members who need to communicate with your health services. So, you need email addresses like email@example.com.
Fine, so how do you get one of those email addresses?
To get one you have to pass the NHS Data Security and Protection Toolkit, which is an online assessment of how you handle personal and sensitive data. You have to answer the questions in the toolkit and evidence that you comply with data protection legislation.
And you evidence your compliance by uploading documents like policies, procedures and forms that show that you meet these legislative requirements.
Now, the UK data protection legislation fell under the European General Data Protection Regulation (GDPR) back in May 2018. From then on, all organisations that handle personal and sensitive information had to become GDPR compliant.
And if you haven’t yet made your care homes GDPR compliant then you’ll be in the company of hundreds of others who haven’t. But now, like them, unfortunately you can’t put this off any longer.
Banning fax machines and insisting you acquire an NHSmail account is basically forcing your hand to now become GDPR compliant.
Of course, I don’t have a crystal ball and so can’t guarantee that the ban will be enforced by all NHS and related health services, like GPs and pharmacies.
You may find that on 1st April, you will send a fax to your local health service to request a tissue viability assessment for one of your residents and they respond.
But what if they don’t?
What if your health services do ban the use of faxes? How will that impact your care home and residents if you can no longer refer residents for assessments or request visits from your GPs or share any patient-sensitive information?
Is it worth risking not being able to access these vital services and impacting the wellbeing of your clients?
The end of March fast approaches so if your care homes aren’t yet compliant then my advice is that you set aside the time to make it compliant now. There is no getting away from this.
You could always contact your local health services and ask them if they intend to stop using fax machines at the end of March. But even if your particular GP or pharmacy isn’t yet ready to get rid of their fax machine, it’s something they will have to do sooner rather than later.
Some have already started. For example, the CCGs our nursing homes work with will only communicate using NHSMail email.
And so, the clear message is, get your care home(s) GDPR compliant and get your NHSMail account before the end of March.
As I said earlier, it’s a lot of work to become GDPR compliant. When we made our sister company’s nursing homes compliant back in May 2018 there wasn’t much guidance.
It took a fair amount of time and effort to put together all the required policies, processes, forms, letters and training material to ensure our staff were trained as required.
There is more guidance now, but still a fair amount of work for you to do – there are 32 documents that you need to create. Here’s a GDPR Checklist to get you started and see the documents that you need to have in place.
Along with getting the checklist I’ll also show you a short video that takes you through in more detail why you need to be compliant and the quickest and least stressful way to get there.
If you want to cut to the chase (seeing as time is running out), we have taken all of the documents we created, including training material, and packaged them together for others to use. Our GDPR Care Home Compliance Pack is the quickest and surest way to get compliant in time.
I say this with confidence because all the templates are the exact documents that we created to pass the NHS DSP Toolkit 100% and get our NHSMail email addresses. (This image is a record of passes for one of the nursing homes.)
Whether you use our GDPR Care Home Compliance Pack is up to you – the important thing is that you become compliant.
And it’s not just about getting compliant because of the impending fax ban. A breach of data can result in a hefty fine.
You’ve probably heard on the news of big companies like Facebook and British Airways who suffered data breaches and received huge fines.
There aren’t enough resources to check that organisations are GDPR compliant, but they will investigate if there is a data breach, no matter how big or small the organisation.
If you suffer a breach of data and you aren’t GDPR compliant and haven’t followed the required steps, then you could be investigated and face a big fine.
For example, a couple of months ago, a pharmacy in London whose customers include care homes, was found to have customers’ personal and sensitive information in unlocked containers. They were fined £275,000.
Do you keep all of your staff and client information in locked cabinets and control access and handling of the information?
If a member of staff breaches data, but you can evidence that your care home is GDPR compliant and that your staff have received the right training, then it’s not your organisation that is investigated and facing a big fine but the member of staff.
A former GP practice manager and a former NHS trust administrator have been investigated and fined because they mis-handled client information.
Data breaches are all too easy and can often be mistakes made by staff members rather than deliberate acts to cause harm. But a breach of personal and especially sensitive data is taken very seriously, whether the breach was deliberate or not. Ignorance is not a defence.
In reality, you should be GDPR compliant so you’re confident that your staff and client personal data is handled safely and securely. But I understand that with day-to-day pressures it’s easy to put off.
But not now.
Use the impending fax ban deadline to make your care homes GDPR compliant so you are confident that all the personal and sensitive information is managed correctly and that all of your staff have been trained. (We provide the training material too.)
And of course, so that you know you can get an NHSMail account and still work with your health services after March.
Don’t put this off and hope it won’t affect you. The impact if it does is too great.