|
From: John R. <joh...@sh...> - 2024-03-12 04:41:23
|
I have a multi function printer /fax /photocopier that has served me well for over 10 years. Hard wired to a LAN. Security doesn't need to be complicated. JohnR. On Mon., Mar. 11, 2024, 20:46 Earl Wertheimer, <ea...@gm...> wrote: > For SRFax, I guess the most secure eFax solution is to use their > proprietary client downloader program that connects directly to their > server in BC and saves the faxes into a predetermined local folder. > https://www.srfax.com/more/utilities-tools/srfax-downloader/ > > That would be more secure than getting a PDF by email, even if their BC > server is connecting to my ISP's server located in Montreal. > There may be a few unknown hops between BC and me ;-( > > > > On Mon, Mar 11, 2024 at 11:19 PM Gyula Voros <ma...@dr...> wrote: > >> True - but very few people actually use fax machines any more. It's all >> Internet based fax solutions, which one must be very careful about using >> properly to not destroy this end-to-end security. >> >> The number of offices I have seen that have an internet fax service, >> configured to EMAIL them the faxes they receive as PDF attachments, or fax >> outbound by sending the scanned PHI as an email attachment - boggles the >> mind. *facepalm* >> >> >> -- >> Gyula Voros, MD, CCFP, FCFP (he/him) >> Assistant Clinical Professor, Department of Family Medicine, McMaster >> University >> >> >> On Mon, 11 Mar 2024 at 20:16, John Robertson <joh...@sh...> >> wrote: >> >>> WRT fax vs email security : >>> >>> Is Fax More Secure than Email? Fax is more secure than email, in many >>> regards. The main thing that can make fax more secure than email is the >>> limited exposure to the internet and internet connected devices. Fax >>> machines communicate through phone lines, which are harder to access than >>> public internet connections.Sep 29, 2023 >>> >>> On Mon., Mar. 11, 2024, 16:59 Gyula Voros, <ma...@dr...> wrote: >>> >>>> The biggest limitation is usually that both the sender and recipient >>>> must be using the same system! (e.g. PGP, etc). Unless you're emailing a >>>> journalist used to receiving whistleblower information - your recipient >>>> probably isn't using any significant encryption. >>>> >>>> The practical solution to this is rather straightforward for >>>> patient messaging - host it on your server (on-site or more commonly rented >>>> from a third party like Ocean etc) and send patients a plain e-mail telling >>>> them they have a message, with instructions to log in to the server >>>> (authenticating with something NOT in the e-mail and in theory secure to >>>> the patient) to retrieve it. >>>> >>>> Unfortunately this isn't practical for external consultants - so we're >>>> back to faxing them PHI; or e-mailing them (or switchboard) with our phone >>>> #s and having them call us. >>>> >>>> (Or sticking within our electronic silos - hospital e-mail or eConsult >>>> for example). >>>> >>>> If someone has a more elegant solution - would love to hear it! >>>> >>>> -- >>>> Gyula Voros, MD, CCFP, FCFP (he/him) >>>> Assistant Clinical Professor, Department of Family Medicine, McMaster >>>> University >>>> >>>> >>>> On Mon, 11 Mar 2024 at 19:42, Eugene Robertus <rob...@ro...> >>>> wrote: >>>> >>>>> Gyula, very nice points. >>>>> >>>>> We resorted to PGP encryption, which is very-well integrated in Canary >>>>> email client for mobili devices, and on Desktop Thunderbird client. This >>>>> allows you to ensure 100% end-to-end encryption. It can even work in Gmail >>>>> web interface (a plugin required). >>>>> >>>>> Having said that, this way of emailing requires some configuration and >>>>> I only set it to those who are really concerned about security and are >>>>> willing to accept limitations. >>>>> >>>>> Today, with wide use of cloud-based email services, like Google, use >>>>> of encrypted email breaks convenience - encrypted emails cannot be read by >>>>> Google, so it cannot index them, and you cannot search the content. Some >>>>> find it a massive roadblock to encryption adoption, choosing either accept >>>>> the risks or avoid email for sensitive data altogether. >>>>> >>>>> Sorry, my 2 cents... >>>>> Eugene >>>>> >>>>> On 3/11/2024 7:13 PM, Gyula Voros wrote: >>>>> >>>>> Adrian, correct me if I'm wrong, but that's basically only for >>>>> internal e-mails (i.e. between other people on your server). The minute you >>>>> send e-mail to another domain it crosses the internet without encryption, >>>>> therefore you cannot safely include PHI in the e-mail (except maybe as an >>>>> encrypted attachment with the key/password shared via other channels). >>>>> >>>>> I know gmail has an encryption option where you need to for example >>>>> text a code to a second device to decrypt the e-mail, but not sure how >>>>> widely implemented such protocols are nor how robust the security. >>>>> >>>>> I use our hospital-based e-mail to send secure e-mail messages to >>>>> specialists. SigMail is also an option with some uptake. Unfortunately >>>>> nobody uses PGP which has been around for decades (admittedly, none of >>>>> the major providers implemented it seamlessly so it's hard for the >>>>> end-user). The problem with all of these is that they are siloed - you can >>>>> only safely message people within the silo (and you don't always get a >>>>> warning when sending mail outside). >>>>> >>>>> E-mail was just not designed as a secure technology from the beginning >>>>> and I'm not aware of any widely adopted grafted-on hack that would allow >>>>> what is required by PHIPA (i.e. sending a message that can ONLY be read by >>>>> the intended recipient(s) and nobody else). >>>>> >>>>> The fact that fax (especially as usually implemented over the >>>>> Internet) - which we all use dozens if not hundreds of times daily - has >>>>> all the same problems is beyond the scope of my rant, lol. >>>>> >>>>> >>>>> -- >>>>> Gyula Voros, MD, CCFP, FCFP (he/him) >>>>> Assistant Clinical Professor, Department of Family Medicine, McMaster >>>>> University >>>>> >>>>> >>>>> On Mon, 11 Mar 2024 at 18:56, Adrian Starzynski <ad...@ad...> >>>>> wrote: >>>>> >>>>>> PIPEDA/PHIPA etc. compliant email = email server in the office. >>>>>> I install them. For example, Synology NAS comes with 5 included >>>>>> MailPlus licenses (perpetual) but you can buy more for one-time cost (about >>>>>> $50-60 each, sold in packages of 5 I believe). It has 90% of the Office365 >>>>>> features, no monthly costs for email, and you get data control. You can >>>>>> also transfer the licenses from one Synology to another in case you >>>>>> upgrade/switch. >>>>>> >>>>>> -- >>>>>> Adrian Starzynski >>>>>> ------------------------------ >>>>>> *From:* Ahmed Omar via OSCARmcmaster-advanced-users < >>>>>> osc...@li...> >>>>>> *Sent:* March 11, 2024 5:53 PM >>>>>> *To:* osc...@li... < >>>>>> osc...@li...> >>>>>> *Cc:* Ahmed Omar <ah...@ya...> >>>>>> *Subject:* [OSCAR-advanced-users] Secure HIPPA/PHIPA Compliant email >>>>>> suggestions >>>>>> >>>>>> Hello Everyone, >>>>>> >>>>>> I trust this email finds you well. I'm reaching out with a query that >>>>>> might not directly relate to OSCAR but is crucial nonetheless. >>>>>> >>>>>> Could anyone recommend a standard email service that complies with >>>>>> HIPAA/PHIPA regulations, particularly one recognized in Canada >>>>>> and/or Ontario? I'm not referring to patient messaging but rather regular >>>>>> email, akin to the now-defunct Ontario One-Mail service. >>>>>> >>>>>> While researching, I came across ProtonMail, which appears promising >>>>>> and HIPAA compliant. However, I'm unsure about its applicability in Canada >>>>>> given that it's a non-Canadian service. >>>>>> >>>>>> Your insights and recommendations would be greatly appreciated. >>>>>> >>>>>> Thank you kindly for your assistance. >>>>>> >>>>>> Warm regards, >>>>>> >>>>>> Ahmed Omar >>>>>> >>>>>> _______________________________________________ >>>>>> OSCARmcmaster-advanced-users mailing list >>>>>> OSC...@li... >>>>>> >>>>>> https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> OSCARmcmaster-advanced-users mailing lis...@li...://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users >>>>> >>>>> >>>>> _______________________________________________ >>>>> OSCARmcmaster-advanced-users mailing list >>>>> OSC...@li... >>>>> >>>>> https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users >>>>> >>>> _______________________________________________ >>>> OSCARmcmaster-advanced-users mailing list >>>> OSC...@li... >>>> >>>> https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users >>>> >>> _______________________________________________ >>> OSCARmcmaster-advanced-users mailing list >>> OSC...@li... >>> https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users >>> >> _______________________________________________ >> OSCARmcmaster-advanced-users mailing list >> OSC...@li... >> https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users >> > _______________________________________________ > OSCARmcmaster-advanced-users mailing list > OSC...@li... > https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users > |
