@Dashrender said in Faxing:
Sure PGP is uniform standard - but it's a major pain in the ass to configure, and you the end user have to manage the Public/Private keys for yourself, and the Public keys of those your conversing with.
I agree, but that's a software problem, not an argument for fax.
As for direct costs - I guess we'd have to look at the implementations. But I know I can put a fax machine (hell a fax server) some something as simple as a rasberry pi and save the files some disk, all pieces being pretty damned cheap, then toss in a $30/month phone line and I'm golden.
Email is a hell of a lot cheaper than that.
And it's considered HIPAA compliant.
Only because it's grandfathered in.
For a single email account, I can get a free one, but that won't be HIPAA compliant, but then I could rely upon the sender only sending me encrypted items, so I could still be a free if the conditions are right.
Yes, it can be HIPAA compliant, in pretty much all conditions so long as the PHI is protected. You're mixing HIPAA compliance with the HIPAA certification scams.
Sending a fax is as simple as dropping the pages on the machine and typing a phone number, email requires end to end encryption, definitely not easy, and often expensive. How is it good enough? well it was for 20+ years - Thus far, this hasn't been a reason to move away from faxing.
Again, just because it's simple does not make it better in this regard, because we still have to print it, adding additional cost and waste, and there's the quality loss. It's not good enough it's pretty shitty, actually. As I said, if it's good enough, why would anyone use email at all?
the authentication on a fax is the phone number. Could you type the wrong number? sure you could, but even if you did, that's no likely going to cause your information to go to the wrong person, instead it's more likely to cause a complete failure.
It's pretty scary you think a phone number is good enough authentication for PHI. This is really, really terrible security practice. And still, if you do screw up, like the Pizza Hut thing, the fines will be pretty over the top, they don't care about mistakes, only about fining your ass.
The bigger risk is picking the wrong name/number from the address list, the same risk as in email.
The risk with email depends, but it's avoidable, but with fax it is not.
But back to the authentication. In the case of healthcare, when it comes to sharing the data, it's less about a specific person and more about the office at large getting the information - so the number is all the authentication one requires.
Unless it's sent somewhere else, has quality loss, is left in the tray, or someone who isn't allowed to see it does, or someone haphazardly throws it in the regular trash where it leaks out, or does it because they don't care. This happens too.
Of course the fax bashing continues - please understand that I completely and utterly hate HATE faxing... but a secure, easy to use, ubiquitous communication method, especially to a whole office, simply doesn't exist today the same as faxing does. So any solution around email will continue to be met with the added layers of complexity that are part of it in comparison to faxing.
Yes, it does, it's called encrypted email, you're just finding excuses to say it doesn't work. It's as simple as Outlook's built in encryption crap, and all the other security layers are there. I don't need to add in server to server SSL, it's already there. You are literally saying open, modulated analogue data is more secure than encryption that takes the life time of the sun to crack, and the quality loss is acceptable because it has to go to multiple people in the same office, as I said shared mailbox.
