|
From: Earl W. <ea...@gm...> - 2024-03-12 03:45:10
|
For SRFax, I guess the most secure eFax solution is to use their proprietary client downloader program that connects directly to their server in BC and saves the faxes into a predetermined local folder. https://www.srfax.com/more/utilities-tools/srfax-downloader/ That would be more secure than getting a PDF by email, even if their BC server is connecting to my ISP's server located in Montreal. There may be a few unknown hops between BC and me ;-( On Mon, Mar 11, 2024 at 11:19 PM Gyula Voros <ma...@dr...> wrote: > True - but very few people actually use fax machines any more. It's all > Internet based fax solutions, which one must be very careful about using > properly to not destroy this end-to-end security. > > The number of offices I have seen that have an internet fax service, > configured to EMAIL them the faxes they receive as PDF attachments, or fax > outbound by sending the scanned PHI as an email attachment - boggles the > mind. *facepalm* > > > -- > Gyula Voros, MD, CCFP, FCFP (he/him) > Assistant Clinical Professor, Department of Family Medicine, McMaster > University > > > On Mon, 11 Mar 2024 at 20:16, John Robertson <joh...@sh...> > wrote: > >> WRT fax vs email security : >> >> Is Fax More Secure than Email? Fax is more secure than email, in many >> regards. The main thing that can make fax more secure than email is the >> limited exposure to the internet and internet connected devices. Fax >> machines communicate through phone lines, which are harder to access than >> public internet connections.Sep 29, 2023 >> >> On Mon., Mar. 11, 2024, 16:59 Gyula Voros, <ma...@dr...> wrote: >> >>> The biggest limitation is usually that both the sender and recipient >>> must be using the same system! (e.g. PGP, etc). Unless you're emailing a >>> journalist used to receiving whistleblower information - your recipient >>> probably isn't using any significant encryption. >>> >>> The practical solution to this is rather straightforward for >>> patient messaging - host it on your server (on-site or more commonly rented >>> from a third party like Ocean etc) and send patients a plain e-mail telling >>> them they have a message, with instructions to log in to the server >>> (authenticating with something NOT in the e-mail and in theory secure to >>> the patient) to retrieve it. >>> >>> Unfortunately this isn't practical for external consultants - so we're >>> back to faxing them PHI; or e-mailing them (or switchboard) with our phone >>> #s and having them call us. >>> >>> (Or sticking within our electronic silos - hospital e-mail or eConsult >>> for example). >>> >>> If someone has a more elegant solution - would love to hear it! >>> >>> -- >>> Gyula Voros, MD, CCFP, FCFP (he/him) >>> Assistant Clinical Professor, Department of Family Medicine, McMaster >>> University >>> >>> >>> On Mon, 11 Mar 2024 at 19:42, Eugene Robertus <rob...@ro...> >>> wrote: >>> >>>> Gyula, very nice points. >>>> >>>> We resorted to PGP encryption, which is very-well integrated in Canary >>>> email client for mobili devices, and on Desktop Thunderbird client. This >>>> allows you to ensure 100% end-to-end encryption. It can even work in Gmail >>>> web interface (a plugin required). >>>> >>>> Having said that, this way of emailing requires some configuration and >>>> I only set it to those who are really concerned about security and are >>>> willing to accept limitations. >>>> >>>> Today, with wide use of cloud-based email services, like Google, use of >>>> encrypted email breaks convenience - encrypted emails cannot be read by >>>> Google, so it cannot index them, and you cannot search the content. Some >>>> find it a massive roadblock to encryption adoption, choosing either accept >>>> the risks or avoid email for sensitive data altogether. >>>> >>>> Sorry, my 2 cents... >>>> Eugene >>>> >>>> On 3/11/2024 7:13 PM, Gyula Voros wrote: >>>> >>>> Adrian, correct me if I'm wrong, but that's basically only for internal >>>> e-mails (i.e. between other people on your server). The minute you send >>>> e-mail to another domain it crosses the internet without encryption, >>>> therefore you cannot safely include PHI in the e-mail (except maybe as an >>>> encrypted attachment with the key/password shared via other channels). >>>> >>>> I know gmail has an encryption option where you need to for example >>>> text a code to a second device to decrypt the e-mail, but not sure how >>>> widely implemented such protocols are nor how robust the security. >>>> >>>> I use our hospital-based e-mail to send secure e-mail messages to >>>> specialists. SigMail is also an option with some uptake. Unfortunately >>>> nobody uses PGP which has been around for decades (admittedly, none of >>>> the major providers implemented it seamlessly so it's hard for the >>>> end-user). The problem with all of these is that they are siloed - you can >>>> only safely message people within the silo (and you don't always get a >>>> warning when sending mail outside). >>>> >>>> E-mail was just not designed as a secure technology from the beginning >>>> and I'm not aware of any widely adopted grafted-on hack that would allow >>>> what is required by PHIPA (i.e. sending a message that can ONLY be read by >>>> the intended recipient(s) and nobody else). >>>> >>>> The fact that fax (especially as usually implemented over the Internet) >>>> - which we all use dozens if not hundreds of times daily - has all the same >>>> problems is beyond the scope of my rant, lol. >>>> >>>> >>>> -- >>>> Gyula Voros, MD, CCFP, FCFP (he/him) >>>> Assistant Clinical Professor, Department of Family Medicine, McMaster >>>> University >>>> >>>> >>>> On Mon, 11 Mar 2024 at 18:56, Adrian Starzynski <ad...@ad...> wrote: >>>> >>>>> PIPEDA/PHIPA etc. compliant email = email server in the office. >>>>> I install them. For example, Synology NAS comes with 5 included >>>>> MailPlus licenses (perpetual) but you can buy more for one-time cost (about >>>>> $50-60 each, sold in packages of 5 I believe). It has 90% of the Office365 >>>>> features, no monthly costs for email, and you get data control. You can >>>>> also transfer the licenses from one Synology to another in case you >>>>> upgrade/switch. >>>>> >>>>> -- >>>>> Adrian Starzynski >>>>> ------------------------------ >>>>> *From:* Ahmed Omar via OSCARmcmaster-advanced-users < >>>>> osc...@li...> >>>>> *Sent:* March 11, 2024 5:53 PM >>>>> *To:* osc...@li... < >>>>> osc...@li...> >>>>> *Cc:* Ahmed Omar <ah...@ya...> >>>>> *Subject:* [OSCAR-advanced-users] Secure HIPPA/PHIPA Compliant email >>>>> suggestions >>>>> >>>>> Hello Everyone, >>>>> >>>>> I trust this email finds you well. I'm reaching out with a query that >>>>> might not directly relate to OSCAR but is crucial nonetheless. >>>>> >>>>> Could anyone recommend a standard email service that complies with >>>>> HIPAA/PHIPA regulations, particularly one recognized in Canada >>>>> and/or Ontario? I'm not referring to patient messaging but rather regular >>>>> email, akin to the now-defunct Ontario One-Mail service. >>>>> >>>>> While researching, I came across ProtonMail, which appears promising >>>>> and HIPAA compliant. However, I'm unsure about its applicability in Canada >>>>> given that it's a non-Canadian service. >>>>> >>>>> Your insights and recommendations would be greatly appreciated. >>>>> >>>>> Thank you kindly for your assistance. >>>>> >>>>> Warm regards, >>>>> >>>>> Ahmed Omar >>>>> >>>>> _______________________________________________ >>>>> OSCARmcmaster-advanced-users mailing list >>>>> OSC...@li... >>>>> >>>>> https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users >>>>> >>>> >>>> >>>> _______________________________________________ >>>> OSCARmcmaster-advanced-users mailing lis...@li...://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users >>>> >>>> >>>> _______________________________________________ >>>> OSCARmcmaster-advanced-users mailing list >>>> OSC...@li... >>>> >>>> https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users >>>> >>> _______________________________________________ >>> OSCARmcmaster-advanced-users mailing list >>> OSC...@li... >>> https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users >>> >> _______________________________________________ >> OSCARmcmaster-advanced-users mailing list >> OSC...@li... >> https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users >> > _______________________________________________ > OSCARmcmaster-advanced-users mailing list > OSC...@li... > https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users > |
