|
From: Keith C. <kei...@ve...> - 2015-12-01 20:40:43
|
Since I coincidentally happen to be a licensed lawyer and my name is attached to my posts, I need to temporarily put on my lawyer hat and say that all of my comments were not intended to be legal advice. When I post on this mailing list, I’m writing as a) an OSSP / b) an OSCAR user / c) someone who licenses technology that can integrate with OSCAR / d) someone who wants to see OSCAR continue to succeed; I am not intending anyone to be relying upon my comments as a “professional opinion” per se. I know that’s likely not what you meant Dennis, but what can I say, lawyers are conservative animals so I got worried when you wrote what you wrote. Taking off the lawyer hat again, the HIPAA vs. PHIPA language is, as you noted, quite similar. The Business Associate Agreement / Business Associate stuff is a HIPAA nuance that I’m not personally too fussed about. Basically, this whole section is extremely HIPAA / U.S. specific from my perspective and it doesn’t bother me that it’s missing from the PHIPA /Canadian version. Under the HIPAA (Health Insurance Portability & Accountability Act), SRFax may be defined as a Business Associate. A Business Associate is a person or organization that performs certain services for a covered entity involving the use and/or disclosure of personal health information. When protected health information is faxed from a computer, HIPAA security measures need to be implemented by the covered entity and the Business Associate. According to the Security Standard Final Rule, a covered entity may permit a business associate to create, receive, maintain, or transmit electronic protected health information on the covered entities behalf only if the covered entity obtains satisfactory assurances, in accordance with 164.306(a) that the business associate will appropriately safeguard the information. This document is intended to provide assurance that SRFax will safeguard all information faxed to and from covered entities while using the SRFax service. SRFax has implemented both the physical, organizational and the technical safeguards necessary to protect the confidentiality and integrity of information being communicated using its service. Lastly, Peter, you asked whether we could share the scripts that we wrote to connect to SRFAX via API. I asked just now, and I was told in no uncertain terms by the original author that I am not allowed to release that code publicly on the basis that while it’s good enough for internal use, it is “a pile of trash” that no-one else should use or even follow as a model. If someone is doing something similar and wants to have a look privately, just send me a message and I’ll bug my colleague again, but he think it would be irresponsible for him to publish such poor code for the express purpose of facilitating patient care. He’s confident that in our specific circumstances we’re put in enough fail-safes that things don’t get missed or lost or overlooked, but he isn’t at all confident that that is the case in all situations. From: Colcamex Resources [mailto:dw...@co...] Sent: Tuesday, December 1, 2015 2:25 PM To: osc...@li... <mailto:osc...@li...> Subject: Re: [Oscarmcmaster-devel] Fax server Keith; I trust your professional opinion. Thank you for your follow up. You have made some really good points that would also apply to sending patient information via email. What is the difference with a highly private secure email server on Canadian soil to transport encrypted medical data? Why are there only a handful of these services in Canada? One would think that this is a highly motivating business idea. I have been down this particular rabbit hole. Here is the wording for a particular HIPAA ( United States Standards ) claim: "We are the only internet fax service that will sign a Business Associate Agreement with you to ensure HIPAA compliance”. The PHIPA claim exactly mirrors the HIPPA claim with all the peace of mind statements removed. Dennis Warren Consultant Colcamex Resources dw...@co... <mailto:dw...@co...> 778.386.9264 On Dec 1, 2015, at 10:58 AM, Keith Chung <kei...@ve... <mailto:kei...@ve...> > wrote: Here’s their HIPAA compliance statement: <https://www.srfax.com/online-fax-features/hipaa-compliance/> https://www.srfax.com/online-fax-features/hipaa-compliance/ Here’s their PHIPA compliance statement: <https://www.srfax.com/online-fax-features/phipa-compliance/> https://www.srfax.com/online-fax-features/phipa-compliance/ There’s always the question of how far down the rabbit hole do you dig when it comes to this sort of thing (e.g. what would constitute sufficient evidence that they do everything they say they’re doing). Suffice it to say, to date, I haven’t encountered any red flags that suggest these compliance statements are inaccurate or false so clearly, I’m comfortable using this service, particularly when contrasted against the status quo (e.g. ordinary fax) which is blatantly insecure. From: Colcamex Resources [ <mailto:dw...@co...> mailto:dw...@co...] Sent: Tuesday, December 1, 2015 1:47 PM To: <mailto:osc...@li...> osc...@li... Subject: Re: [Oscarmcmaster-devel] Fax server Thank you Keith; I am referring more to PHIPA compliance, proof of a privacy impact assessment, and evidence of responsible record keeping practices. That’s the rocket science ;-) Dennis Warren Consultant Colcamex Resources <mailto:dw...@co...> dw...@co... 778.386.9264 On Dec 1, 2015, at 9:20 AM, Keith Chung < <mailto:kei...@ve...> kei...@ve...> wrote: I didn’t develop our scripts personally but my understanding is that there’s proper credentialing and everything is happening over https. Not eally rocket science, and better than both regular fax as well as email. Here’s their documentation - <https://www.srfax.com/developers/internet-fax-api/> https://www.srfax.com/developers/internet-fax-api/ - if you wanted to diligence it yourself. Our scripts don’t directly touch OSCAR so it doesn’t need OSCAR web services, instead, my understanding is that we send faxes by reading a folder on the OSCAR server that OSCAR saves outgoing faxes into as paired PDFs/txt files; we receive faxes by downloading and then saving pdfs into a different folder on the file system for manual sorting / batching uploading to OSCAR. We thought about auto-uploading into OSCAR, but our docs don’t want to see documents in OSCAR until they’ve been labelled and linked to patients, so the value of auto-uploading was considered limited (E.g. would save us about 1 minute per physician per business day only). From: Colcamex Resources Inc. [ <mailto:dw...@co...> mailto:dw...@co...] Sent: Tuesday, December 1, 2015 11:58 AM To: <mailto:osc...@li...> osc...@li... Subject: Re: [Oscarmcmaster-devel] Fax server I am most curious if SRfax can present proper security and privacy credentials. Has anyone looked into that? What about the quick and dirty scripts. Are they secure enough? Did you need to enable OSCAR web services? Dennis Warren, Consultant Colcamex Resources Inc. +1 778 386 9264 | <http://www.colcamex.com/> www.colcamex.com On Dec 1, 2015, at 8:30 AM, Keith Chung < <mailto:kei...@ve...> kei...@ve...> wrote: For what it’s worth, we took Peter’s approach and similarly wrote a quick and dirty script to connect to SRFAX via secure API to send and receive faxes. Their documentation (when we first used it last year) was slightly incorrect, and their API will occasionally throw an exception so you need to ensure proper exception handling, but other than that, API access works really well. From: Peter Everett [ <mailto:pev...@tr...> mailto:pev...@tr...] Sent: Tuesday, December 1, 2015 11:22 AM To: <mailto:osc...@li...> osc...@li... Subject: Re: [Oscarmcmaster-devel] Fax server Hi Earl - that is not it… when you send via email (unless encrypted) you are exposing the fax and its contents to the internet. You would never send an email containing a consult for (chose something sensitive here) via an email - would you. As it happens we are developing an interface that will use the SRFax direct API’s. It is far more robust and secure. It will also have the ability to upload faxes sent to SRFax directly to the inbox reducing dramatically the cost of paper and toner in the office. The use of the email (and yes we have tried it) just has too many moving parts and places to fail. P Peter Everett C.A. Director OSCARprn 604.626.2596 <mailto:pev...@os...> pev...@os... On Dec 1, 2015, at 8:13 AM, Earl Wertheimer < <mailto:ea...@gm...> ea...@gm...> wrote: I think I removed all the private stuff... On Dec 1, 2015 11:11 AM, "Peter Everett" < <mailto:pev...@tr...> pev...@tr...> wrote: WOW… Dont send sensitive data by email unless it is encrypted… P Peter Everett C.A. Director OSCARprn <tel:604.626.2596> 604.626.2596 <mailto:pev...@os...> pev...@os... On Dec 1, 2015, at 7:46 AM, Earl Wertheimer < <mailto:ea...@gm...> ea...@gm...> wrote: The complicated part is the email setup on your Oscar server. You will need to setup Postfix on your server to send mail to an smtp server, probably belonging to your ISP, but could be anyone,,, The important part is making sure your setup can send emails. If you can manually send an email, Oscar can send the fax to the eFax server. # test sending (when everything is setup) sudo mutt -s "Test Email" <mailto:myu...@gm...> myu...@gm... I have attached my notes. I have found that each smtp server is different, so what worked for me may not work for you. On Tue, Dec 1, 2015 at 6:57 AM, Peter Hutten-Czapski < <mailto:ph...@sr...> ph...@sr...> wrote: <http://oscarmanual.org/oscar_emr_12/developers/hylafax/gateways> http://oscarmanual.org/oscar_emr_12/developers/hylafax/gateways <http://oscarmanual.org/oscar_emr_12/developers/hylafax/oscar-fax> http://oscarmanual.org/oscar_emr_12/developers/hylafax/oscar-fax ================ Peter Hutten-Czapski Haileybury Ontario "The attitude that ‘if rural people want these services they’ll have to come to the city to get them’ is simply not acceptable…” (Newbery, 1999) Before printing, think about the environment. Avant d' imprimer, pensez à l'environnement. On 1 December 2015 at 01:44, akausta < <mailto:ac...@li...> ac...@li...> wrote: Thank You Earl, I've open an account with them, now trying to get it working on Oscar 15. Could you drop a link for your configuration notes please? Regards, Aka -- View this message in context: <http://oscarmcmaster.16.x6.nabble.com/Fax-server-tp5007697p5007699.html> http://oscarmcmaster.16.x6.nabble.com/Fax-server-tp5007697p5007699.html Sent from the oscarmcmaster-devel mailing list archive at <http://nabble.com/> Nabble.com. ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. <http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140> http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140 _______________________________________________ Oscarmcmaster-devel mailing list <mailto:Osc...@li...> Osc...@li... <https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-devel> https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-devel ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. <http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140> http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140 _______________________________________________ Oscarmcmaster-devel mailing list <mailto:Osc...@li...> Osc...@li... <https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-devel> https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-devel <eFax Gateway installation-Public doc.txt>------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. <http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140_______________________________________________> http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140_______________________________________________ Oscarmcmaster-devel mailing list <mailto:Osc...@li...> Osc...@li... <https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-devel> https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-devel ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. <http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140> http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140 _______________________________________________ Oscarmcmaster-devel mailing list <mailto:Osc...@li...> Osc...@li... <https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-devel> https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-devel ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. <http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140_______________________________________________> http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140_______________________________________________ Oscarmcmaster-devel mailing list <mailto:Osc...@li...> Osc...@li... <https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-devel> https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-devel ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. <http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140> http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140 _______________________________________________ Oscarmcmaster-devel mailing list <mailto:Osc...@li...> Osc...@li... <https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-devel> https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-devel ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. <http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140_______________________________________________> http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140_______________________________________________ Oscarmcmaster-devel mailing list <mailto:Osc...@li...> Osc...@li... <https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-devel> https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-devel ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. <http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140_______________________________________________> http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140_______________________________________________ Oscarmcmaster-devel mailing list <mailto:Osc...@li...> Osc...@li... <https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-devel> https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-devel |
