Faxes - possible older machine having issues
-
@scottalanmiller said:
And normal email is more secure than a fax!
Maybe - depending on how you look at it. It's harder to intercept a fax than it is an email. A hacker has to have physical access to intercept a fax. For an email he doesn't.
Even though we all know that POTS lines are not secure end to end, our elected officials don't know and don't seem to care about it. But they have been told and for whatever reason seem to follow up on it. standard email is not secure, and you can't send PHI over a non secure network (while not specifically named - they are talking about the internet).
Hell if HIPAA really wanted to go all ballistic, they could require that all communications over any medium be encrypted. I'm sure that's just a matter of time.
-
I reviewed this for a client. It worked well, and is HIPAA compliant
-
@Dashrender much easier to intercept a fax and faxes have zero security. Most email communications are encrypted but fax cannot be. Intercepting a fax is trivial. Anyone with pretty simple equipment can intercept both inside and outside your building unless you are transmitting on fiber.
And how do you know who is receiving on the other end?
-
@scottalanmiller said:
@Dashrender much easier to intercept a fax and faxes have zero security. Most email communications are encrypted but fax cannot be. Intercepting a fax is trivial. Anyone with pretty simple equipment can intercept both inside and outside your building unless you are transmitting on fiber.
And how do you know who is receiving on the other end?
literally alligator clips and a fax machine
-
OK @scottalanmiller I understand what you are getting at.
None the less, the government considers faxing secure, and email not (unless you are using encryption).
What do you mean most email is encrypted - I'm sure that's not the case, unless you're saying that since Gmail now counts for something like 40% of all email, and they are encrypting internal messages between users - and they also support SMTP encryption, as long as the other side does as well - and counting that as most.. then OK most..
-
@Hubtech said:
@scottalanmiller said:
@Dashrender much easier to intercept a fax and faxes have zero security. Most email communications are encrypted but fax cannot be. Intercepting a fax is trivial. Anyone with pretty simple equipment can intercept both inside and outside your building unless you are transmitting on fiber.
And how do you know who is receiving on the other end?
literally alligator clips and a fax machine
I do understand this - but physical access is required -
OK all the more.. why are we arguing over this? I'm guessing because your clients actually provide buy-in to what you tell them and move to other technologies.... ug..
-
@Dashrender said:
What do you mean most email is encrypted - I'm sure that's not the case, unless you're saying that since Gmail now counts for something like 40% of all email, and they are encrypting internal messages between users - and they also support SMTP encryption, as long as the other side does as well - and counting that as most.. then OK most..
Google and Microsoft both have opportunistic TLS enabled by default so all email leaving and being received by those services will attempt TLS. I have never looked at Yahoo's systems, so I do not know there. But just the first two will account for a large portion of the non-spam email running around the globe right now. I have turned it on for my clients with local exchange servers too.
-
@Dashrender said:
OK @scottalanmiller I understand what you are getting at.
None the less, the government considers faxing secure, and email not (unless you are using encryption).
What do you mean most email is encrypted - I'm sure that's not the case, unless you're saying that since Gmail now counts for something like 40% of all email, and they are encrypting internal messages between users - and they also support SMTP encryption, as long as the other side does as well - and counting that as most.. then OK most..
Unless you are dealing with a seriously insecure company that is turning security off or home users using freebie email from no name services almost all email connections are encrypted except some datacenter to datacenter transports that are nearly impossible to find let alone tap.
Generic emails is orders of magnitude more secure than fax that essentially broadcasts it's data into the air.
-
Keep in mind that the wording of HIPAA doesn't actually allow normal fax. You have to take special security enhancement beyond generic fax to qualify under the "reasonable safeguards" clause. It's the same line in the code that allows fax that allows email. If there is any hesitation about email, fax is ruled out with it.
-
@scottalanmiller for your medical clients what are you suggesting they use for file communications?
-
-
@Dashrender said:
@scottalanmiller for your medical clients what are you suggesting they use for file communications?
I would always recommend good, enterprise email over fax. And if you can get an end to end picture of email you can get really secure (both customers on Office 365 and/or Google Apps, for example, gives end to end encryption naturally.) If email or high visibility email isn't enough, I would go to a secure "email-plus" system that uses email to announce transfers but not to actually do them, such as Zix or AppRiver.
-
Ok great, I haven't left anything off the table to management. I've presented all of these options to them and they feel the expense isn't worth while, My job is done here.
-
@Dashrender said:
Ok great, I haven't left anything off the table to management. I've presented all of these options to them and they feel the expense isn't worth while, My job is done here.
lol you can only lead an owner to water.
-
@Dashrender said:
Ok great, I haven't left anything off the table to management. I've presented all of these options to them and they feel the expense isn't worth while, My job is done here.
Yup. Just document concerns and that you've informed them that communications are wide open. Leave them to deal with a lawsuit.
-
Good timing...