Is it really, though? For years, everybody, including those on the medical side, have been saying we need to modernize medical record keeping. And literal billions of dollars have been spent trying to do so across the country.
It’s not just the need for stricter requirements. These attempts often fail because of simple inertia.
Regulatory requirements are a factor but they are experiencing the same problems other industries faced in modernization:
[ul]
[li]Leadership is often older and less tech-savvy [/li][li]End users are often focused on their ‘core’ business of medicine and less than inclined to change ways until forced[/li][li]Getting the right people to help with tech upgrades can be expensive (and more expensive the with an increasing gap in existing tech) and time-consuming. Keeping them around is harder. This isn’t a ‘sexy’ branch of tech development.[/li][li]The negative feedback loop that waiting longer means ever greater expense for eventual tech overhaul letting the inertia solution of not changing cheaper and more appealing[/li][/ul]
There aren’t any intractable issues, but they get more expensive every day and harder to achieve the longer they aren’t. At some point, patients themselves are hurt because these updates aren’t made. It’s a cop-out to say the medical side gets priority over administrative because not changing eventually does affect patient health. If they are still using fax machines in 100 years, then yes, that is a major impact on patient health. Not changing is a way of focusing on the short term over the long term needs of patients.
All these words seem to make a coherent English sentence yet as a whole it’s gibberish.
“Secure” — against what? How? Why? A fax doesn’t encrypt anything: phone/fax numbers are so easy to spoof “trivial” doesn’t cover it. it is literally the electronic equivalent of a boy running down the street shouting your message. Anyone can hear it, anyone can send it and anyone can claim to be the recipient. (As is email)
“Only travels… “ because “the internet” and “the telephone network” are 2 separate entities. (In your house this might still be true, when the signal leaves your house there is no such distinction.
Remember:
All old-fashioned communications are not secure in any way. Phone, fax, email are all not secure in any meaningful way.
“The internet” is a term for all things interconnect through the world: at no point in time was the “phone network” not considered a part of the internet (except by you of course)
For any communication to be secure there has to be a way to encrypt the message, verify the identity of the sender and verify the recipient. Anything lacking those 3 features is not secure (fax, phone, email don’t have any of those features)
I think this is worded a little too strongly. Let’s look at an example that follows the HIPAA guidelines for “reasonable” procedures to protect information (keeping in mind that verbal point to point communication is acceptable, so it doesn’t require encryption, just similar level of precautions):
1 - Recipient provides fax number to sender
2 - Sender programs in the number so it doesn’t need to be dialed, it can be selected
3 - Sender sends a test page
4 - Recipient verbally confirms (over a phone call etc.) that the test page was received
5 - Sender sends actual docs to recipient using pre-programmed entry
There are a number of ways a person could get the information, like tapping the phone line on either side, or installing malware on either fax machine, or going to either office and physically grabbing the docs.
But, there is definitely limited exposure in this point to point communication compared to having digital content on multiple servers (sender, receiver) that is very difficult to properly secure (as anyone that works in tech is aware of).
I feel the need to comment on how funny I think it is that a good & valid question about Japan’s culture and their lack of technological adoption has been completely derailed & devolved into a debate about whether fax machines are in any way secure (Bad news, they’re not - I knew this back in the 1980’s when my company received “confidential” faxes almost daily because senders entered the wrong fax number. How the F’ is this even being discussed in 2020?)
This is simultaneously what I love about SDMB and what I hate about it as well. :smack:
The alternative to putting a paper into a fax machine and pushing 1 or 2 buttons to select a recipient and send, is one where there is never a piece of paper in the first place, and certainly no manual scanning or sending of e-mails. Some sort of sophisticated secure document cloud which enforces formal privacy policies. Does one already exist? Has it been tested under real-world conditions? What if one lab/hospital is running it, but now there is an external clinic involved? Much of this may not have to do with Japan specifically.
A question, to which I do not know the answer, is, perhaps Japan is conservative in certain ways. Perhaps Japanese merchants to not want to pay fees to be able to accept a dozen different cashless apps and cards. Maybe they think cash is nifty. It’s not like advanced technology does not exist there, or that you can’t pay for a cab or train or at the convenience store, hotel, shopping mall, etc., using a credit card.
I asked on a Japanese language social media app concerning faxing. Some people said that their industry still uses them, including one person in care for elderly people. Another said her choir groups had to use faxes to make reservations at a church for practices. Most of the people don’t use them now for personal communication, including talking to their elderly parents.
One reason that a higher percent of Japanese homes have faxes now is that a much higher percentage of households had fax machines in the 1990s. It’s not surprising that many of those homes still have them. One comment was that the person didn’t buy a combination fax / phone when replacing his last one because he never used it anymore.
My bolding. You hit it out of the park in your first sentence.
I lived in Japan for 25 years, including sales / marketing, management and having my own distribution company. I can’t “unsee” Japan any longer, because it was part of my life for too long, but many, if not most Westerners really get Japan wrong. I think its partly because “Japan is this totally weird place” sells well in the press. It also seems to be a Rorschach test for the observer. Japan really has an insular society, so it’s not easily understood by outsiders, even some foreigners who live and work in Japan if they don’t speak the language or aren’t interested in really learning the culture.
The BBC article GMANCANADA linked to is a generally good read, although not perfect. This is the link again.
As GMANCANADA quoted, Japan really lags the West on some technologies. I was there doing business between 1990 and 2013 and watched the introduction of email and internet.
The first company I worked for was in the documentation company in the early 90s. A much higher percentage of Japanese didn’t have computers at work than in America. Translators were sending floppy disks by mail and in urgent cases, sending by fax and we would retype them. I helped introduce computer-to-computer file transfers which was a pain in the ass since no one had dedicated data lines.
Next was a Japanese import company, in the mid 1990s, faxes were still used everywhere worldwide, although most of our Western suppliers transitioned to email faster than our company. My company had absolutely not interest in having a web site in the late 90s.
There is an incident which I’ve used repeatedly over the years to explain the difference between the cultures.
I was looking for a new job in 1993 and 1994. I interviewed with an American company which had a service for sending overseas faxes cheaper. You would rent an adapter which would route the fax to their dedicated line and overseas calls were cheaper.
In the interview, the person explained their business model which was to get referrals from existing customers, then call the company and do sales via phone. The company would send the adapter to the new customer, who only had to disconnect the phone line to their fax machine, instead connect it to the adapter and connect the adapter to the fax machine. There was a number for a test fax and it was all set.
I told the person that I didn’t think Japanese customers were ready for that, it would take an actual sales visit and having the company actually install the machine. She disagreed and I wasn’t offered the job. Instead, I found that Japanese import company and got a job there.
Shortly after I started working at the import company, my boss asked me to sit in a sales pitch selling a fax service. You can see where this is going. It was a salesperson from that same fax service company. We signed off and I told them that I could install the machine, but they insisted their “field technician” would come and personally install it.
In a remarkably short period of time, they had figured out that Japanese companies were far more conservative than US companies. (Sadly for them, they didn’t have an answer for email and the business model died in the 2000s.)
In 2000, I set up the Japanese branch office for a US manufacturer and again watched the difference in speed in adopting technologies. The US head office wanted our customers to go things which they weren’t ready for.
From the article
This is an example of bad reporting. The vast majority of companies in any country are SMEs. A quick goggle shows that 99.4% of American companies (by revenue) 99.6% (by number of employees) are SMEs. So virtually identical percentages. [/rant]
Something which was not covered in the article is the speed which Japan moves when people finally decide to adapt something. Its slow to move, but once it moves, it tends to go very quickly.
A “procedure” for sending a fax doesn’t improve any security: if anything it adds a false sense of security. (Scare quotes to be imagined with roll eyes and meaningful pauses)
From my experience living in Japan, it is more practical vs new when it comes to technology. As an example, the use of cell phones was much higher in Japan than in the US with a lot more things possible with cell phones (pre smartphone) than was generally available elsewhere. One reason for it was that having a PC at home took up much space something that can be a premium in Japan. Now that you have tablets and smaller PCs, they have become more prevalent in homes.
When it comes to contactless payments, these had been going in Japan for a long time at train stations, which given how much public transportation they use makes sense. In fact one of the reasons it too some time for Apple pay to take off as well as NFCless iPhones is because they already had network for those type of transactions.
Japan is still to a large extent a cash society in certain sectors, though that is changing, probably in many cases due to the Olympics which means a large group of foreigners will be entering the country that do not have the local currency that they want to accomodate.
Security and Procedures:
Let’s review what the word “security” means, here’s the definition as it relates to information security:
“the state of being protected against the unauthorized use of information, especially electronic data, or the measures taken to achieve this.”
Procedures are absolutely a valid component of “security”. For example, if we used encryption, we need good procedures to protect the private keys to improve the relative security compared to if we didn’t protect the private keys. Point to Point Communications without Perm Digital Storage:
You seem to ignore or discount this aspect. You broadly state sending a fax doesn’t improve any security (as compared to digital storage and transmission methods), but you don’t offer any actual arguments or points.
FWIW, we are disconnecting our fax machine next month (melb.vic.au). Because it’s “broke”. They are in the process of disconnecting all of the telephone lines in Aus (replaced with network and VOIP and cell phones).
We could move to virtual fax, or possibly to a fax adapter (mixed reports on that), but we aren’t. If anybody tries to send us a fax, they’ll probably call us to see why it isn’t working.
Wow, I did not know that. (Am coming back to Melb for 10 days next month, will be interested to see). Japan still has above-ground unsightly telephone wires and sketchy street connections that help uglify the environment everywhere.
A lot of new technologies and improvements are made in Japan, like really high-quality semiconductors (that don’t sell well because most companies don’t want to pay for that high-quality and will settle for cheaper ones made in S. Korea that do the job. This is a bit of a problem for some Japanese companies - making products too good for the market).
Unless the adoption of new tech in daily life is unquestionably better for everyone involved it is not usually readily taken on board in Japan. The auto-pay turnstiles at train stations was an easy sell simply from the point of view of never having to queue up at a ticket machine anymore.
And this is why the banking and insurance industries – probably courts, and law offices, as well – are still using fax technology.
To be fair, though, a lot of modern printer models incorporate scanning and copying into the machines and adding a telephone connector isn’t much of a stretch at that point. Scan a document in and transmit it across the world to a number-designation (or send it straight from your computer to the receiver’s computer) and they might even print out what they received. Essentially, that’s still a fax.
The fact of the matter is that we really don’t need to be obliterating forests to make paper any more; pictures and words can be displayed in multiple languages (even at the same time) on screens. Nevertheless, I’d be willing to bet (and happy to lose that bet) that everyone on this board has received a piece of paper for a transaction or record – a receipt, an invoice, a ticket, a note for remembering something, event information, political advertising, whatever – over the last weekend.
Yeah, we’re still using that ancient technology from ancient Egypt.
Let’s not. I used to work in the infosec field; respectfully, The Librarian is totally on point. This isn’t even a debate in that field.
It’s a truism that security is a process (as opposed to a result), so your argument about process is germane—or it would be if we were discussing anything other than faxes. Faxes are inherently insecure, and the only procedure that could change that would be a procedure for throwing the fax machine into the dumpster.
Your profile says you work in software; for all I know you’re a software engineer. But plenty of programmers have blind spots around security. I once found a critical bug in some fancy engineering analysis software. This bug was trivial to fix, but it was the most severe kind: a remote root exploit. Anyone could run arbitrary shell commands as root—no privilege escalation necessary! It was bad.
The software product manager (who had a comp sci degree) revealed his cluelessness when he responded, “Oh, that’s not a problem at all. You should always be running on a secure network.” It’s a basic tenet of network security that there are no secure networks. (The bug got fixed post haste).
The gun is always loaded; the network is never secure. Faxes are grossly and inherently insecure for an array of reasons. I’ve heard physicians and attorneys claim that they used faxes because of their greater security, but those people were just parroting received wisdom. No set of procedures addresses the most glaring vulnerabilities of fax transmission. Here’s an article covering a number of them:
End-to-end encryption is what one wants. Email can have end-to-end encryption via PGP and similar software. Key management for email can be a real pain; I don’t want to soft-pedal that. But faxes don’t have any substantial security features[sup]1[/sup] at all.
Yes. I’d bet The Librarian ignored this line of reasoning and didn’t bother to counter it because that would be a little like countering an argument that the earth is flat. You’re making an extraordinary claim here, yet you haven’t produced any extraordinary evidence.
It’s true that most emails are stored in plaintext as they’re routed to their final recipients, but so what? That’s true of faxes as well. If you’ve properly encrypted an email (reasonable algorithm and key length) there’s no particular threat from digital storage in transit nor at either end. Faxes are vulnerable to interception at the beginning, middle and end.
Really, this doesn’t have much to do with faxes themselves. If you aspire to keep information private, you need to secure it properly. Transmitting data in plaintext (as a fax, a telnet session or just by speaking too loudly in a restaurant) runs counter to that goal—so you don’t send sensitive data in plaintext via any medium.
Faxes are accepted as “secure” in the medical and legal communities, but acceptance doesn’t remove the scare quotes. People in those fields are likely meeting de facto and/or regulatory[sup]1[/sup] standards, but no one should confuse compliance with actual security.
[sup]1[/sup] There’s such a thing as encrypted faxes, but IMNSHO those are only technically faxes—they use fax protocols, but theyre wrapped in a layer of encryption and sent over the internet. At that point, it’s an encrypted file transfer just like SCP, TLS or anything else. It’s only called a “fax” because regulators and (especially) those in medical practices are comfortable with faxes.
[sup]2[/sup] IME working in a HIPAA-controlled environment, absolutely no one cares about security; they care exclusively about compliance. HIPAA penalties can be very stiff, so that makes some sense. But medical workers aren’t experts on law or cybersecurity, and I suspect more non-HIPAA-compliant faxes get sent than anyone wants to admit.
