| ▲ | kerblang 7 hours ago |
| Under HIPAA requirements emailing personal medical info is a massive no-no. Admittedly, this is for the patient's protection, and of course being blind is not much of a secret... but it's completely understandable that email would be strongly discouraged. Nobody wants to get in trouble for breaking the rules. Honestly, being able to accept a fax is great, although I would think any properly outfitted modern office that does accept fax would be able to route them straight to document storage rather than a printer. There are probably even internet services that can just act as a fax dumpster and hold PDF/image file for perusal at one's leisure. Yes even the govt can figure this sort of thing out. |
|
| ▲ | Synthetic7346 7 hours ago | parent | next [-] |
| Is this an outdated requirement? What's the attack surface of an email vs fax? Unless they ban phones at the office, someone could just take a photo of the documents the patient faxed or mailed them |
| |
| ▲ | password4321 6 hours ago | parent | next [-] | | > What's the attack surface of an email vs fax? I believe the primary concern has been while the message is in transit, unencrypted routing over the internet vs. unencrypted over the phone line. | | |
| ▲ | adzm 6 hours ago | parent [-] | | Additionally the storage of email was cited as a concern, making mass data breaches much simpler. Note that there is a HIPAA approved email service called Direct, as in Direct Messaging / Direct Exchange / Direct Connect. |
| |
| ▲ | kstrauser 6 hours ago | parent | prev [-] | | It's a current requirement. (Source: I'm adjacent to a doctor's office.) Two big advantages of faxes are that 1) they're point-to-point, and 2) there's zero caching between the sender and receiver. If everyone had a fax machine such that you'd commonly get a working fax receiver if you mis-entered the recipient's number, then #1 wouldn't be such a big deal. But in reality, if you enter a fax number, and the other end actually answers and responds with a screech, it's extremely likely that you're connected to the right party. (Also, I bet 99% of modern faxing is triggered by a nearby computer, or by pressing one of the preprogrammed speed dial buttons on the fax. There aren't that many opportunities to misdial the number in the first place.) That second is also a big deal. There are no intermediate servers which may be caching and inappropriately storing the data, except maybe the NSA, but what can ya do. The sender may have a cache, in the form of a print spooler. The receiver may have a cache where it temporarily stores inbound faxes and prints them asynchronously. But since both of those devices are owned and controlled by the parties in the communication, that's not a legal issue. I'm not advocating for faxes. They're a slow, clunky, lossy, pain in the ass. And yet, they do have specific properties that are pretty sweet. I guess the equivalent would be if I could ask you to send a PDF to my specific IPv6 address, and you could peer-to-peer shoot it directly to me. If I typoed the address at all, it's statistically "unlikely" that another person would be listening on that specific IP a that specific time. And if it were truly P2P, then you and I would be the only 2 who ever touched the file, except maybe the NSA, but what can ya do. Alas, I don't see that replacing fax machines any time soon. | | |
| ▲ | yonatan8070 5 hours ago | parent | next [-] | | > I guess the equivalent would be if I could ask you to send a PDF to my specific IPv6 address, and you could peer-to-peer shoot it directly to me. That's not exactly complicated if either party owns a web server. Which - last I checked - the government has. Just give the person who needs to send the sensitive documents a short link like uploaddocuments.gov, have that page ask for some basic identifying info, and have a box for the user to drag and drop a file. At which point the browser will p2p upload that file over HTTPS. | | |
| ▲ | kstrauser 5 hours ago | parent [-] | | That’s kinda true, but adds a few steps over cmd-P “print to fax”, paste in a phone number, done. And when done, the fax workflow has been tested and approved in courts. It’s a known entity. I don’t love faxes. This isn’t me saying we should keep them forever. We shouldn’t. Still, there are reasons they’re still widely used for medical stuff today. If CMS or HHS rolled out a new method and told doctor’s offices to start using it if they want to get paid, the industry would switch in a heartbeat. Short of that, any other alternative will take approximately forever. | | |
| ▲ | apical_dendrite 4 hours ago | parent [-] | | We still deal with doctors who handwrite their progress notes. Fax will be around for a very, very long time. | | |
|
| |
| ▲ | bigbuppo 5 hours ago | parent | prev | next [-] | | That's a very 1993 understanding of telecommunications. | | |
| ▲ | kstrauser 4 hours ago | parent [-] | | Possibly! I haven’t used my Verizon CO badge to work on telco equipment in a few years. How is it fundamentally different now so that my brief description is wrong? I like to learn new stuff! |
| |
| ▲ | UltraSane 4 hours ago | parent | prev [-] | | Most faxes today are between two fax over the Internet services and so are completely pointless. | | |
| ▲ | apical_dendrite 4 hours ago | parent [-] | | Amazingly enough, this is actually not true. Many smaller doctors' offices still have a physical fax machine. I work on automation for certain processes in healthcare and a very large proportion of the faxes we receive come from physical fax machines. You can see artifacts on the fax itself and sometimes the cover letter will have a scribbled note. |
|
|
|
|
| ▲ | tzs 2 hours ago | parent | prev | next [-] |
| > Under HIPAA requirements emailing personal medical info is a massive no-no. Doesn’t that only apply to covered entities, which the internet is telling me does not include the Social Security Administration. |
|
| ▲ | fluidcruft 5 hours ago | parent | prev | next [-] |
| It's also funny because at work our fax machines don't print unless we go over and print it. The machine just converts the fax to PDF. This is an indictment of email more than anything. |
|
| ▲ | yieldcrv 4 hours ago | parent | prev [-] |
| Reminds me of a typical conservation with my bank “Hello sir, before we get started, for security measures, please provide this information about your account” Hmm I dont have this on hand, let me log in to my account and look at the settings and read it verbatim back to you, proving I’m not compromising this user at all “Thank you, sir!” |
