Faxing
-
@JaredBusch said in Faxing:
@JaredBusch said in Faxing:
@scottalanmiller said in Faxing:
@JaredBusch said in Faxing:
It would also serve as a 'fail over' should your ISP or PBX go down.
This is completely backwards thinking. Why in the hell would you want to fail back to POTS from a pure SIP system? The maintenance and setup alone make it not worth it compared to simply having your provider route calls to a failover number. For your outbound calling, Critical needs can be handled with a cell phone until backup methods of connectivity restore calling via SIP.
In NYS, from the 911 laws/rules that I read, the business is required to provide a POTS line in the event of emergencies.
I've heard of this as a common myth, never heard anyone substantiate it. I believe that I've seen it disproved before, but cannot think of where.
The number of companies that don't or can't have a POTS line is pretty big. This isn't a viable law, IMHO.
This is a recent study produced by NYS and clearly indicates how much POTS connectivity is dropping.
If it were possible to actually require by law people to have traditional POTS, then this would not be happening.
That's good to know. From my understanding it was basically a requirement that you needed a means of communicating with the outside world in the event of an emergency. The under-tone was that it was expected that businesses would have POTS to facilitate that. It may have been an old regulation that has been unenforced or was never on the books. Thanks for the info.
Also, that is flawed logic. how do you communicate when the POTS line is down?
Which in NY is relatively often.
-
@JaredBusch said in Faxing:
@JaredBusch said in Faxing:
@scottalanmiller said in Faxing:
@JaredBusch said in Faxing:
It would also serve as a 'fail over' should your ISP or PBX go down.
This is completely backwards thinking. Why in the hell would you want to fail back to POTS from a pure SIP system? The maintenance and setup alone make it not worth it compared to simply having your provider route calls to a failover number. For your outbound calling, Critical needs can be handled with a cell phone until backup methods of connectivity restore calling via SIP.
In NYS, from the 911 laws/rules that I read, the business is required to provide a POTS line in the event of emergencies.
I've heard of this as a common myth, never heard anyone substantiate it. I believe that I've seen it disproved before, but cannot think of where.
The number of companies that don't or can't have a POTS line is pretty big. This isn't a viable law, IMHO.
This is a recent study produced by NYS and clearly indicates how much POTS connectivity is dropping.
If it were possible to actually require by law people to have traditional POTS, then this would not be happening.
That's good to know. From my understanding it was basically a requirement that you needed a means of communicating with the outside world in the event of an emergency. The under-tone was that it was expected that businesses would have POTS to facilitate that. It may have been an old regulation that has been unenforced or was never on the books. Thanks for the info.
Also, that is flawed logic. how do you communicate when the POTS line is down?
Where we live the POTS line is much more reliable then the internet line. I get where you're coming from though. I can see where my thinking is flawed I appreciate you pointing it out.
I've had POTS outages in NY going into the months range. Rare, but it happens.
-
@scottalanmiller said in Faxing:
@JaredBusch said in Faxing:
@scottalanmiller said in Faxing:
@JaredBusch said in Faxing:
It would also serve as a 'fail over' should your ISP or PBX go down.
This is completely backwards thinking. Why in the hell would you want to fail back to POTS from a pure SIP system? The maintenance and setup alone make it not worth it compared to simply having your provider route calls to a failover number. For your outbound calling, Critical needs can be handled with a cell phone until backup methods of connectivity restore calling via SIP.
In NYS, from the 911 laws/rules that I read, the business is required to provide a POTS line in the event of emergencies.
I've heard of this as a common myth, never heard anyone substantiate it. I believe that I've seen it disproved before, but cannot think of where.
The number of companies that don't or can't have a POTS line is pretty big. This isn't a viable law, IMHO.
This is a recent study produced by NYS and clearly indicates how much POTS connectivity is dropping.
If it were possible to actually require by law people to have traditional POTS, then this would not be happening.
That's good to know. From my understanding it was basically a requirement that you needed a means of communicating with the outside world in the event of an emergency. The under-tone was that it was expected that businesses would have POTS to facilitate that. It may have been an old regulation that has been unenforced or was never on the books. Thanks for the info.
Ah yes, means to communicate, definitely. But that it needs to be POTS is what I've never seen.
Right, I don't think I've ever seen the POTS requirement, that's my bad for saying it. Just that it was the only thing that made sense in our area. Cell service is basically non-existent and the internet is unreliable.
-
@scottalanmiller said in Faxing:
@JaredBusch said in Faxing:
@scottalanmiller said in Faxing:
@JaredBusch said in Faxing:
It would also serve as a 'fail over' should your ISP or PBX go down.
This is completely backwards thinking. Why in the hell would you want to fail back to POTS from a pure SIP system? The maintenance and setup alone make it not worth it compared to simply having your provider route calls to a failover number. For your outbound calling, Critical needs can be handled with a cell phone until backup methods of connectivity restore calling via SIP.
In NYS, from the 911 laws/rules that I read, the business is required to provide a POTS line in the event of emergencies.
I've heard of this as a common myth, never heard anyone substantiate it. I believe that I've seen it disproved before, but cannot think of where.
The number of companies that don't or can't have a POTS line is pretty big. This isn't a viable law, IMHO.
This is a recent study produced by NYS and clearly indicates how much POTS connectivity is dropping.
If it were possible to actually require by law people to have traditional POTS, then this would not be happening.
That's good to know. From my understanding it was basically a requirement that you needed a means of communicating with the outside world in the event of an emergency. The under-tone was that it was expected that businesses would have POTS to facilitate that. It may have been an old regulation that has been unenforced or was never on the books. Thanks for the info.
Ah yes, means to communicate, definitely. But that it needs to be POTS is what I've never seen.
Right, I don't think I've ever seen the POTS requirement, that's my bad for saying it. Just that it was the only thing that made sense in our area. Cell service is basically non-existent and the internet is unreliable.
After looking at that PDF, I have a feeling I know where you live.
They had pretty state graphs of coverage for various services. -
@JaredBusch said in Faxing:
@scottalanmiller said in Faxing:
@JaredBusch said in Faxing:
@scottalanmiller said in Faxing:
@JaredBusch said in Faxing:
It would also serve as a 'fail over' should your ISP or PBX go down.
This is completely backwards thinking. Why in the hell would you want to fail back to POTS from a pure SIP system? The maintenance and setup alone make it not worth it compared to simply having your provider route calls to a failover number. For your outbound calling, Critical needs can be handled with a cell phone until backup methods of connectivity restore calling via SIP.
In NYS, from the 911 laws/rules that I read, the business is required to provide a POTS line in the event of emergencies.
I've heard of this as a common myth, never heard anyone substantiate it. I believe that I've seen it disproved before, but cannot think of where.
The number of companies that don't or can't have a POTS line is pretty big. This isn't a viable law, IMHO.
This is a recent study produced by NYS and clearly indicates how much POTS connectivity is dropping.
If it were possible to actually require by law people to have traditional POTS, then this would not be happening.
That's good to know. From my understanding it was basically a requirement that you needed a means of communicating with the outside world in the event of an emergency. The under-tone was that it was expected that businesses would have POTS to facilitate that. It may have been an old regulation that has been unenforced or was never on the books. Thanks for the info.
Ah yes, means to communicate, definitely. But that it needs to be POTS is what I've never seen.
Right, I don't think I've ever seen the POTS requirement, that's my bad for saying it. Just that it was the only thing that made sense in our area. Cell service is basically non-existent and the internet is unreliable.
After looking at that PDF, I have a feeling I know where you live.
They had pretty state graphs of coverage for various services.Just look for the area with no cell service, mediocre internet coverage, and expensive POTS coverage.
-
@scottalanmiller said in Faxing:
Depends on the use case. Faxing through the FreePBX is an option. But most places that use faxing heavily still go with a hosted service just for that.
They do? I guess they must be low volume users. I looked at a hosted solution, they wanted $1300/mth for 16K pages a month.
My inhouse solution costs me around $100/month... Almost nothing makes then worth 13x the cost.
-
Our business refuses to get a fax, we'll never have a fax, and when people want to fax us things, I explain to them what email is. If they need something faxed from me, they simply don't receive it. Usually when you refuse people do open up to other things, more often than not they will print a PDF to fax, or upload it to an efax solution which in turn goes to another efax solution, so it's really just slow, unreliable email which does not produce digital copies.
I do realise many businesses cannot function like this, and I feel bad for them.
On a sadder note, I've been involved in several arguments on Spiceworks about the security of fax, some people still think it's more secure to send PHI over fax when you don't know who will get it or how it will be disposed of on the other end, compared to an encrypted email -- SAM was even involved in one. The logic is "well anyone could read the email." Ugh...
-
@tonyshowoff said in Faxing:
On a sadder note, I've been involved in several arguments on Spiceworks about the security of fax, some people still think it's more secure to send PHI over fax when you don't know who will get it or how it will be disposed of on the other end, compared to an encrypted email -- SAM was even involved in one. The logic is "well anyone could read the email." Ugh...
Scott has been saying for years that regular email is more secure than faxing - that I'll never agree with.
There are two main areas that I know use faxing a ton still, Lawyers and Doctors. Both of them require *secure" communications when using something other than fax. Secure email is a huge pain in the ass, there is no single uniform standard. Faxing is an easy to implement solution that is standard everywhere - like SMS messaging. It's just there, it works, delivering it to an office not a person has always been considered good enough.
I so want to see a better solution put in place, and Direct Messaging is a promising step/solution to this problem which is only possible because the EHR vendors are looking for a better way of moving this data around. DM works by having EHRs be part of a Health Information Exchange network (HIE). These HIE's have email servers with certificates setup for each entity within the system that's been given one, the HIE's, though the OCR trust each other to be valid allowable representatives of those entities. So if your doc needs to send Continuity of Care documentation to another doc, the EHR looks to the HIE, who looks to their know HIEs to see if the other doc participates, if so, their public key is retrieved, the message encrypted and sent.
Of course this system isn't free. It also suffers from the problem where each doctor will have a different DM address for each system they participate in, depending upon who owns the chart where the doc is seeing that patient. This is a kin to you having multiple phone numbers, a home phone, a cell phone, a business phone, etc.
-
@Dashrender What makes you think a fax is secure? there is no encryption, there's no verification of who it's going to or who got it. A plain text email is more secure than a Fax. just because Doctors and lawyers like doing things wrong doesn't mean everyone else should.
-
@Dashrender What makes you think a fax is secure? there is no encryption, there's no verification of who it's going to or who got it. A plain text email is more secure than a Fax. just because Doctors and lawyers like doing things wrong doesn't mean everyone else should.
Or since a lot of places have a big Copier or MFP that receives their faxes, someone just does a quick photo copy of the paper laying on the tray.
-
email goes over an unencrypted network that can be easily tapped by spies. Tapping a POTS line (not a SIP trunk) is much harder and requires local access to the end points, or hacking into the phone companies systems. These alone in my opinion make it more secure - nothing Scott or anyone else has said why an email sent over the internet is more secure than this situation.
As for the fax printing out on a MFP sitting in the middle of the office. Sure, so this is one area where email clearly wins out. Though in my case, in medical cases, there are very little if any limitations on who can/should be able to see anything medical coming in on the fax machine. Sending an email to a single person wouldn't be an acceptable solution for us. We need to make sure we have a team of people who are responsible for accepting and processing faxes. They shouldn't not get handled just because someone is on vacation, etc.
Don't get me wrong, I want to get rid of faxes as badly as the next guy on these forums. DM's will hopefully provide us with this. DM's are accepted by our EHR on behalf of our providers, and we task the EHR to dump them into a centralized bucket that our staff are tasked to check and manage.
I just wish this HIE/cert setup could be applied to email globally for free, but verifying ownership of an email account isn't free, so this is likely to never happen.
Though Secure DNS would be a great first step toward making it much less expensive. Secure DNS could publish the public cert for your domain's email server, at least ensuring that you're email server is where the email came from, though getting user level verification would still be difficult.
-
@Dashrender said in Faxing:
email goes over an unencrypted network
Um, you do realize the majority of email is encrypted in transit (SSL).. just not at rest. There are very few providers not supporting encryption in transit now. If your server is setup for it, it will negotiate
-
@Dashrender said in Faxing:
As for the fax printing out on a MFP sitting in the middle of the office. Sure, so this is one area where email clearly wins out. Though in my case, in medical cases, there are very little if any limitations on who can/should be able to see anything medical coming in on the fax machine.
So What's the access control method for the Fax machine? is there a door with a biometric lock, pin code or what? Otherwise anyone in the office should be consider as potentially seeing any information sent.
-
Fax machines will be the first wave in the zombie apocalypse.
Melt them with thermite now to prevent this. -
@Dashrender said in Faxing:
Scott has been saying for years that regular email is more secure than faxing - that I'll never agree with.
That's a good scientific position to take with anything.
There are two main areas that I know use faxing a ton still, Lawyers and Doctors. Both of them require *secure" communications when using something other than fax. Secure email is a huge pain in the ass, there is no single uniform standard.
PGP is a pretty damn close uniform standard, combined with SSL in transit. Barring that, an encrypted zip file does a lot too.
Faxing is an easy to implement solution that is standard everywhere - like SMS messaging. It's just there, it works, delivering it to an office not a person has always been considered good enough.
Except, it's not. It's more expensive, it has massive quality loss, it has overhead too. How many times have you had to re-fax something because it didn't come across correctly? "Easy" compared to email, no way. If that were true, why would anyone want to even use email with super easy fax machines around?
How is it good enough? Digital copy versus a modulated piece of crap? As I said before, this is a situation where, more often than not, people are using efax on both ends, so essentially paying a lot more for a really, really crappy version of email which is not only not-encrypted, but there's no authentication on either end at all.
"DM"
I absolutely agree with you there needs to be something better in place. I think both fax and email are inadequate, because they don't really fit with the healthcare industry. My guess is, though, it'll have to be something built upon email since that is a standard available in far more places than fax machines. Regardless, it'll have to be an open standard, whatever it is, because there are no ubiquitous closed standards on the Internet.
-
@Dashrender said in Faxing:
email goes over an unencrypted network that can be easily tapped by spies.
That's pretty unusual these days, and is typically a way to get your email flagged as spam. Server to server SMTP is basically always encrypted now, and client server rarely isn't.
Tapping a POTS line (not a SIP trunk) is much harder and requires local access to the end points, or hacking into the phone companies systems. These alone in my opinion make it more secure - nothing Scott or anyone else has said why an email sent over the internet is more secure than this situation.
That doesn't even matter, because with fax since there's no end to end encryption or authentication, there's situations like that PHI leak several years ago where a Pizza Hut accidentally was faxed tons of medical records. Anyone can read anything, there's no guarantee of who is or who is not seeing it, or even that it arrives. At least emails can bounce back.
As for the fax printing out on a MFP sitting in the middle of the office. Sure, so this is one area where email clearly wins out. Though in my case, in medical cases, there are very little if any limitations on who can/should be able to see anything medical coming in on the fax machine.
That's not true in most environments though, plenty of doctors' offices and other places have the machines sitting there. A pharmacy I used to go to in Kansas had their fax machine to where one could reach over the counter and pull out anything. I couldn't authenticate on their auto-locking terminal though.
Sending an email to a single person wouldn't be an acceptable solution for us. We need to make sure we have a team of people who are responsible for accepting and processing faxes. They shouldn't not get handled just because someone is on vacation, etc.
Group mailboxes are not that new of a concept.
Don't get me wrong, I want to get rid of faxes as badly as the next guy on these forums.
Sure doesn't seem like it.
DM's will hopefully provide us with this. DM's are accepted by our EHR on behalf of our providers, and we task the EHR to dump them into a centralized bucket that our staff are tasked to check and manage.
If they're not open standard, then they're garbage and nobody will implement them beyond maybe a couple.
Though Secure DNS would be a great first step toward making it much less expensive. Secure DNS could publish the public cert for your domain's email server, at least ensuring that you're email server is where the email came from, though getting user level verification would still be difficult.
These are both already solved by DNSSEC and DKIM. There's an irony where, these kinds of things don't exist on fax and can't, hell, even if an email is spoofed there's at least headers which can show this, but I can fax from any fax machine to any number and then it's simply believed to come from the proper source, that's just insane.
I just don't get it, because you can send a perfect digital copy of something for extremely cheap or a really screwed up copy for very not-cheap. Email is more secure, it's just an illusion that fax is more secure because "phone tapping is difficult," that doesn't even matter if it's getting faxed to a damn Pizza Hut or some other business by accident, or if it's just sitting in the tray, which I've seen countless times around doctors offices, and then maybe it gets thrown in just the trash where anyone can get it. Fax leaves way too much open to chance.
I feel like your view of email is pretty dated, no concept of encryption, group/shared mailboxes, DKIM, etc and using that as a means to criticise it.
-
@Dashrender said in Faxing:
email goes over an unencrypted network that can be easily tapped by spies. Tapping a POTS line (not a SIP trunk) is much harder and requires local access to the end points, or hacking into the phone companies systems.
Not my email. Not anyone's that I know. Email is encrypted end to end in nearly all cases and end to centre is almost all of the remaining cases. If you want to intercept email, unless someone has gone dramatically out of their way to be insecure on purpose, you need access to the datacenter. Local access does nothing for you.
Local access is the easiest thing to get. POTS is the easiest technology to tap. It's so easy to tap that the tools are standard for it and "just work". If you have a POTS listening tool, you just walk up to the line down the street from where you want to listen and voila... you have the entire communications both audio and fax.
-
@Dashrender said in Faxing:
... or hacking into the phone companies systems.
Which is what hacking actually refers to. Those are the systems that people are famous for getting access to, not computer systems. The singular most famous "computer hacker" didn't hack computers, he hacked phones.
-
@scottalanmiller said in Faxing:
@Dashrender said in Faxing:
... or hacking into the phone companies systems.
Which is what hacking actually refers to. Those are the systems that people are famous for getting access to, not computer systems. The singular most famous "computer hacker" didn't hack computers, he hacked phones.
Model trains before phones
-
@Dashrender said in Faxing:
There are two main areas that I know use faxing a ton still, Lawyers and Doctors. Both of them require *secure" communications when using something other than fax.
Right, they require things be secure unless their pet insecure technology is used. That's our point. Sure people use it, but no one uses it because it is secure, they use it because they dislike security.