Somewhere in a hospital basement right now, a machine older than the smartphone is quietly running American healthcare.
Ask anyone under 35 what a fax machine is and you’ll get a shrug, maybe a joke about The Office. Ask a hospital administrator, and you’ll get something closer to reverence. An estimated 70 to 75 percent of medical communication in the United States still moves by fax — referrals, lab results, prescriptions, prior authorizations, insurance claims, entire patient histories. Billions of pages a year, moving through a technology everyone agreed was obsolete before most of today’s residents were born.
This is not nostalgia. It’s not a budget problem, or doctors being bad with technology. It’s something stranger: fax won a war nobody remembers being fought.
The Problem Nobody Fixed
Here’s the thing modern medicine never solved: hospitals don’t run the same software. Epic doesn’t talk to Cerner. Cerner doesn’t talk to whatever a small rural clinic bought in 2009 and never upgraded. Every electronic health record system is its own walled garden, and getting two of them to exchange a single page of patient data can require IT departments, compliance officers, and weeks of setup — assuming it’s possible at all.
Fax doesn’t care about any of that. A fax machine in Iowa can talk to a fax machine in Florida with zero configuration, zero shared login, zero compatibility check. It is, by a wide margin, the most interoperable system in American healthcare — a sentence that should not be true in 2026, and is.
The Compliance Loophole Nobody Talks About
There’s a second reason, and it’s almost an accident. HIPAA requires healthcare providers to protect patient information rigorously. Email, to meet that bar, needs proper end-to-end encryption — and most ordinary email setups simply don’t have it configured correctly.
Here’s the part almost nobody explains: email was never built with privacy in mind. The protocol underneath it — SMTP — dates to the early 1980s, designed for a small trusted network of universities, decades before anyone worried about a message getting intercepted.
What protection exists today was bolted on afterward, and it’s weaker than most people assume. The most common safeguard, called TLS, only encrypts a message in transit between mail servers — and only if both servers happen to support it. If either side doesn’t, most systems quietly fall back to sending the message in plain text, with no warning to anyone involved.
Even when TLS works perfectly, the message still sits unencrypted at rest on every server it passes through — Gmail’s servers, the recipient’s mail server, sometimes several relay points in between. True end-to-end encryption, where only the sender and the intended reader can ever read the content, requires something like PGP or S/MIME: a matched pair of cryptographic keys that both sides have to generate, exchange, and manage correctly, forever, without ever losing them or letting the wrong person get one.
Almost no dental office, small clinic, or solo practitioner running a standard Gmail or Outlook account is doing that. It’s not that they’re careless — it’s that doing it correctly is a genuinely specialized task most medical practices never had a reason to learn.
Fax, by contrast, is compliant by default, and for a much dumber reason: there’s nothing to configure. It travels over a phone line, point to point, never touching the open internet, never passing through a server farm, never depending on two separate systems agreeing to encrypt anything.
No keys to generate. No handshake that can silently fail. Nobody had to engineer that security — it was just an accident of 1970s telephone infrastructure that happened to outlast every “better” alternative that came after it, precisely because those alternatives all quietly assumed a level of technical upkeep most doctors’ offices never had a reason to build.
The Machine Nobody Explains
Walk into most hospitals or clinics and there’s a fax machine sitting somewhere that nobody bothered to introduce you to. It’s a little like finding a loom in the break room — clearly it does something, clearly it’s been there a long time, and the newest person on staff has no real idea why it’s plugged in.
For about the first week of any job in a medical office, that machine is furniture. Then someone tells you what it actually is, and it stops being furniture immediately.
Because somebody on staff always knows exactly what it’s for, and it’s rarely the doctor.
Who Actually Watches the Loom
HIPAA doesn’t just tolerate faxing PHI — it quietly requires someone to own it. Federal guidance calls for administrative safeguards that assign real responsibility: a defined person to receive faxes, someone to verify recipients, someone accountable if a page goes to the wrong number.
In practice, that’s almost never the physician. It’s front-desk staff, medical assistants, referral coordinators, or — in larger hospitals — a Health Information Management department whose entire job is exactly this: watching intake, matching paper to patient, making sure nothing sits where it shouldn’t.
Best-practice guidance is specific down to the placement of the machine itself: close enough to a staffed desk that someone notices the moment it starts printing, far enough from the waiting room that no patient can read what comes out.
Multi-physician practices often route everything through one shared machine, which means whoever’s closest becomes the de facto sorter for pages meant for doctors who have no idea a fax even arrived. The machine looks unwatched. It isn’t. Someone’s desk is positioned, quite deliberately, within earshot of it.
Where the Paper Actually Goes
So what happens once something prints? Not what you’d guess. The image of faxes stacking up for a week before someone finally runs around the building playing catch-up is close to the exact opposite of how this is supposed to work — and mostly does.
The standard guidance, repeated across nearly every compliance framework on the subject, is blunt: collect and distribute immediately. Not end of day. Not once the tray fills up. The moment it prints.
The reasoning is straightforward — a lab result or a referral sitting in an open tray is a live compliance risk for every minute it sits there unclaimed, and offices that take this seriously treat the fax tray the way a pharmacy treats a controlled substance: nobody leaves it out, nobody lets it wait.
Some hospitals go further and physically gather everything faxed out immediately after transmission too, routing it straight to its destination or shredding it, never letting a page rest anywhere it could be seen by the wrong person.
That doesn’t mean it always works. Busy practices do fall behind. Machines do jam, run out of toner, or sit for an afternoon while the one person who checks them is in an exam room. But the expectation — the thing offices are trained toward, audited against, and occasionally penalized for failing at — is closer to a live wire than a mailbox. Somebody is supposed to be listening for it the way you’d listen for a phone ringing, not the way you’d check a P.O. box once a month.
The Machine That Refuses to Retire
Every hospital, every pharmacy, every insurance company, every solo physician’s office in the country has a fax number. Not all of them have a secure patient portal. Not all of them have an EHR that plays nicely with the outside world. But all of them have a fax line, and — unglamorous as it looks — somebody is supposed to be watching it.
“Supposed to” is doing real work in that sentence, though. A fax machine isn’t quite a mailbox; it’s closer to a phone someone has to be willing to pick up. Some practices route several physicians’ correspondence through a single shared line, which means a page addressed to one doctor lands in the same tray as everyone else’s.
Some older machines won’t receive anything at all unless a person physically presses “start,” so a transmission can ring, connect, sit for a full minute doing nothing, and fail — not because the number was wrong, but because nobody happened to be standing in front of the machine.
And a growing number of offices have quietly swapped their old analog line for a modern VoIP phone system without realizing fax transmission depends on split-second timing that internet-based phone systems routinely mangle, so a perfectly current number can reject a page for reasons that have nothing to do with anyone rejecting anything.
None of which is what you’d expect from a technology this old. You’d think a machine that unglamorous would be the least-monitored object in the building — the fifth phone line nobody remembers exists. Instead, the opposite is closer to true. It looks forgotten. It behaves like something under quiet, constant supervision.
Healthcare regulators have been trying to kill fax for over two decades. Federal interoperability rules keep pushing providers toward electronic data exchange. Surveys show most healthcare organizations say they want to modernize.
And still — the machine keeps working, jammed lines and shared trays and all. Not because anyone loves it. Because nothing else has managed to be everywhere at once the way it is, and because somewhere behind every one of those machines, there’s still a person whose actual job includes noticing when it rings.
Somewhere, right now, a piece of paper carrying someone’s medical history is sliding out of a machine that predates the internet, into the hands of a person who is about to make a decision that matters. Nobody in the room thinks this is strange anymore.
That’s the actual twist. It’s not that fax survived. It’s that we stopped noticing it never left.

No responses yet