Faxes - possible older machine having issues
-
@Dashrender said:
I can't get them to replace the fax machine, let along consider going to an even more expensive hosted fax solution.
Umm more expensive? How?
AT&T phone line is $40-$50 per month + long distance.
eFax.com (MyFax.com) is < $20 per month for the base package.
The users do not know that there is no phone line on the copier because they still walk up to hit and push the fax button. The copier handles it. For the incoming faxes, that goes to a specified person. That person will open each one and forward the email to the department that needs it.
-
@scottalanmiller said:
@Dashrender said:
I can't get them to replace the fax machine, let along consider going to an even more expensive hosted fax solution.
The problem isn't about receiving, it's about sending - so I'd have to have a solution where I could securely send scanned documents and they would then be faxed in.
Faxes are completely insecure. Why would they need security for a new solution when they don't need it now?
LOL - You're so right, but the HIPAA police seem to think it is... and it is still the defacto standard in the medical community.
-
@JaredBusch said:
@Dashrender said:
I can't get them to replace the fax machine, let along consider going to an even more expensive hosted fax solution.
Umm more expensive? How?
AT&T phone line is $40-$50 per month + long distance.
eFax.com (MyFax.com) is < $20 per month for the base package.
The users do not know that there is no phone line on the copier because they still walk up to hit and push the fax button. The copier handles it. For the incoming faxes, that goes to a specified person. That person will open each one and forward the email to the department that needs it.
Wow, you pay a lot for a phone line, with Cox we're paying around $30 after taxes with no use limit (yes we have to pay for long distance, but that's fairly uncommon). The last time I looked at those fax solutions they wanted 4-15 cents a page. We are looking at sending around 400 pages a day. 400 * $0.04 = $16 a day * 22 days a month = $352 a month. That's a lot more than I pay now, and frankly my pitly little 400 a day does not qualify me for the $0.04, but instead really puts me closer to the $0.15/page cost.
Furthermore - unless the vender has a secure way to send those faxes to me, and a way for me to security send the faxes to them for fax transmission out, it's a no go.. normal email is completely out when it comes to HIPAA.
-
And normal email is more secure than a fax!
-
I believe fax is a direct HIPAA violation because the intent is to a non-authenticated party.
-
@scottalanmiller said:
And normal email is more secure than a fax!
Maybe - depending on how you look at it. It's harder to intercept a fax than it is an email. A hacker has to have physical access to intercept a fax. For an email he doesn't.
Even though we all know that POTS lines are not secure end to end, our elected officials don't know and don't seem to care about it. But they have been told and for whatever reason seem to follow up on it. standard email is not secure, and you can't send PHI over a non secure network (while not specifically named - they are talking about the internet).
Hell if HIPAA really wanted to go all ballistic, they could require that all communications over any medium be encrypted. I'm sure that's just a matter of time.
-
I reviewed this for a client. It worked well, and is HIPAA compliant
-
@Dashrender much easier to intercept a fax and faxes have zero security. Most email communications are encrypted but fax cannot be. Intercepting a fax is trivial. Anyone with pretty simple equipment can intercept both inside and outside your building unless you are transmitting on fiber.
And how do you know who is receiving on the other end?
-
@scottalanmiller said:
@Dashrender much easier to intercept a fax and faxes have zero security. Most email communications are encrypted but fax cannot be. Intercepting a fax is trivial. Anyone with pretty simple equipment can intercept both inside and outside your building unless you are transmitting on fiber.
And how do you know who is receiving on the other end?
literally alligator clips and a fax machine
-
OK @scottalanmiller I understand what you are getting at.
None the less, the government considers faxing secure, and email not (unless you are using encryption).
What do you mean most email is encrypted - I'm sure that's not the case, unless you're saying that since Gmail now counts for something like 40% of all email, and they are encrypting internal messages between users - and they also support SMTP encryption, as long as the other side does as well - and counting that as most.. then OK most..
-
@Hubtech said:
@scottalanmiller said:
@Dashrender much easier to intercept a fax and faxes have zero security. Most email communications are encrypted but fax cannot be. Intercepting a fax is trivial. Anyone with pretty simple equipment can intercept both inside and outside your building unless you are transmitting on fiber.
And how do you know who is receiving on the other end?
literally alligator clips and a fax machine
I do understand this - but physical access is required -
OK all the more.. why are we arguing over this? I'm guessing because your clients actually provide buy-in to what you tell them and move to other technologies.... ug..
-
@Dashrender said:
What do you mean most email is encrypted - I'm sure that's not the case, unless you're saying that since Gmail now counts for something like 40% of all email, and they are encrypting internal messages between users - and they also support SMTP encryption, as long as the other side does as well - and counting that as most.. then OK most..
Google and Microsoft both have opportunistic TLS enabled by default so all email leaving and being received by those services will attempt TLS. I have never looked at Yahoo's systems, so I do not know there. But just the first two will account for a large portion of the non-spam email running around the globe right now. I have turned it on for my clients with local exchange servers too.
-
@Dashrender said:
OK @scottalanmiller I understand what you are getting at.
None the less, the government considers faxing secure, and email not (unless you are using encryption).
What do you mean most email is encrypted - I'm sure that's not the case, unless you're saying that since Gmail now counts for something like 40% of all email, and they are encrypting internal messages between users - and they also support SMTP encryption, as long as the other side does as well - and counting that as most.. then OK most..
Unless you are dealing with a seriously insecure company that is turning security off or home users using freebie email from no name services almost all email connections are encrypted except some datacenter to datacenter transports that are nearly impossible to find let alone tap.
Generic emails is orders of magnitude more secure than fax that essentially broadcasts it's data into the air.
-
Keep in mind that the wording of HIPAA doesn't actually allow normal fax. You have to take special security enhancement beyond generic fax to qualify under the "reasonable safeguards" clause. It's the same line in the code that allows fax that allows email. If there is any hesitation about email, fax is ruled out with it.
-
@scottalanmiller for your medical clients what are you suggesting they use for file communications?
-
-
@Dashrender said:
@scottalanmiller for your medical clients what are you suggesting they use for file communications?
I would always recommend good, enterprise email over fax. And if you can get an end to end picture of email you can get really secure (both customers on Office 365 and/or Google Apps, for example, gives end to end encryption naturally.) If email or high visibility email isn't enough, I would go to a secure "email-plus" system that uses email to announce transfers but not to actually do them, such as Zix or AppRiver.
-
Ok great, I haven't left anything off the table to management. I've presented all of these options to them and they feel the expense isn't worth while, My job is done here.
-
@Dashrender said:
Ok great, I haven't left anything off the table to management. I've presented all of these options to them and they feel the expense isn't worth while, My job is done here.
lol you can only lead an owner to water.
-
@Dashrender said:
Ok great, I haven't left anything off the table to management. I've presented all of these options to them and they feel the expense isn't worth while, My job is done here.
Yup. Just document concerns and that you've informed them that communications are wide open. Leave them to deal with a lawsuit.
