
Why does American medicine still run on fax machines? - oftenwrong
https://www.vox.com/health-care/2017/10/30/16228054/american-medical-system-fax-machines-why
======
Taniwha
And so insecure too, my fax machine's number used to be 1 digit off from a
pharmacy's .... I used to get more faxes of other people's private
prescriptions than genuine faxes intended for me

~~~
tryingagainbro
Point taken, but given the hacks I'm almost certain that while fax machines
are insecure, at least the damage is very limited /targeted. Now just imagine
an EquiHealth hack...AIDs diagnoses, other STD, infertility, etc etc records
out there--forever.

~~~
dx034
You're being downvoted but I think you have a point. A lot of the old tech is
not secure per-se but doesn't concentrate data in one system. Most newer
systems have a single point from where you can access all data. If Equifax had
been based on paper and Fax, no one would've been able to steal 150mn records.

~~~
tryingagainbro
I don't care about downvotes. Most of the time I don't write a lot so most is
left to be processed. So, many times, even if I'm right, I could downvotes for
that ;).

But yeah, since we can't secure anything connected to the internet (a lot of
big boys got hacked) or to a central db, we have to go to plan B.

------
grecy
America's infrastructure is behind in many ways.

Bank transfers are arcane, no chip n pin, fax machines, etc. etc.

I'm moving through West Africa, where these problems have been solved 2+ years
ago.

~~~
mamon
America's infrastructure is behind other developed countries because once upon
a time it was AHEAD of it's time. When you have a legacy infrastructure that
is good enough it is harder to justify the cost of replacing it with something
else. African countries, or Eastern European ones didn't have this dillema
because they didn't have a legacy infrastructure to deal with.

~~~
alkonaut
All western countries had faxes, magnetic strip cards, paper check payments,
etc. And most of them have no traces of that.

I think there must be some other element to it as well, and it's probably not
_only_ "well US is big". I think one is the diversity of states and companies.
Having tons of systems and businesses communicating over several state borders
with varying regulations, it's very easy to just settle with the lowest common
denominator which might be faxes, cash etc.

Second I think it's a big cultural difference. In the EU for example (Which is
looked on with _at least_ as much suspicion as "federal government" in the US)
we see it as an important job of central government to put agressive timelines
for introduction of modern tech. Because things like this (chip + pin) for
example is a herd immunity thing where the cost to upgrade is only motivated
if customers actually have the cards etc - so we are very happy to see
legislation requiring non-chip credit cards to be phased out, for example.
Technological advance like this, or environment rules etc., is NOT seen as
overreach, where a lot of other laws would be.

Third it's the power of corporations in relation to government. If corporate
lobbyists see that a regulation will affect their bottom line (such as all of
retail having to buy chip+pin equipment within 3 years) they protest. In the
EU, there is just no chance that a retail lobby would be able to resist EU
legislation that was advertised as good for consumers.

~~~
lostboys67
Chip and pin was also about pushing the liability onto the consumer

~~~
alkonaut
I never heard any discussion about liability difference in the EU.

Now: before chip + pin the cards were magnetic strip + pin. I never had a pin-
less card. Perhaps that is a difference?

------
flukus
At least part of it is that no one has come up with a document format that
suits everyone. Doctors want to scribble notes with a stylus but when you
digitize that you don't really gain anything, other systems don't know how to
interpret those scribbles. Suggesting doctors enter fields into a form instead
of scribbling notes will get you no where, doctors are the stupidest and most
stubborn smart people you will come across. Not that this is perfect anyway,
sometimes you really do just need those random notes that don't really fit
anywhere else. Some of the younger ones will type instead of scribble, but
it's still mostly free form text and not data. The industry is still stuck on
the idea that one doctor visit == one patient record as well, the thought that
doctors could input blood pressure readings in their own section and have it
display the history as a spreadsheet (or even a graph) has not gained any
acceptance.

So it's not just about how we transfer information but how it's created as
well, we haven't invented the right set of primitives to store it in the first
place. I've spent a bit of time thinking about how I'd improve things and
think things need to be more like emacs org mode or a jupyter notebook than
any current EMRS, but even that might have to wait for a generation of
scribblers to die.

~~~
maccard
> Suggesting doctors enter fields into a form instead of scribbling notes will
> get you no where,

Maybe in the US, but in the UK and Ireland, all my doctors notes have been
typed into a system that is shared among all the doctors in the practice. Last
time I went for for an MRI i was given a CD with the mri on it, and I brought
it with me to my next appointments.

> doctors are the stupidest and most stubborn people you will come across

That’s not fair. When I was in university most of the old professors still
used overhead projectors and taught the same course from 20 years ago. When I
bought my house my solicitor faxed everything, and posted me out the originals
of the documents I needed, which took up an entire a4 binder. Developers seem
almost bipolar; on one hand you have the “must use shiny new tech” and on the
other hand, you have people who won’t update third party libraries ever. We’re
still stuck with the same representations of data that we had 40 years ago,
and broadly the same basic tools. C and C++ still literally copy and paste
header files when including them, all in the name of backwards compatibility.

My (long winded) point being, all professions have their own stubborn
qualities, and pinning it on old people or a specific profession is wrong

------
forapurpose
How else would they be transferred? E-mail isn't secure enough.

Perhaps a partial answer to the question is, 'because the IT industry hasn't
provided the world with a secure, widespread, public communication medium" (by
public, I mean one not controlled by a private company). The IT industry gets
a lot of praise, but there are a lot of gaps in performance that we have
become accustomed to overlooking.

~~~
maxxxxx
I am not sure if fax is more secure than E-mail. When I still had my machine I
usually received several faxes per year with confidential information. It was
always lawyers who had mistyped the fax number. And most of them used redial
so they kept sending stuff until I told them they had the wrong number.

~~~
forapurpose
There's much more to security than misaddressed messages. Email is sent over
the Internet, often in the clear, exposing it to many intermediaries,
including to both business and government which use mass surveillance of email
to collect data on users. Email ends up on many devices, from multiple servers
to multiple endpoints (sender's and recipients laptops, phones, etc.) to
backups. Email security is so hard to achieve that many security professionals
have given up, and design new messaging systems such as Signal.

> I am not sure if fax is more secure than E-mail

However, I do agree that the difference isn't great because many fax systems,
sending and receiving, utilize email anyway.

------
adventured
Half of Japan still runs on fax machines. They can still be a useful
technology.

[http://www.nytimes.com/2013/02/14/world/asia/in-japan-the-
fa...](http://www.nytimes.com/2013/02/14/world/asia/in-japan-the-fax-machine-
is-anything-but-a-relic.html)

~~~
hkmurakami
And hence the ubiquitous fax copy scan multifunction machine in every
convenience store.

------
featherverse
The answer is simple. Regarding technology, _most_ people are still in the
1980s.

More than anything, this is proof that tech industry salaries are on average
_way too low_. Stop working for peanuts. Let them go back to pen and paper.
Let their corporations collapse. Demand to be paid what you're all worth.

------
avryhof
On this note, one of the divisions of the company I work for is hiring a
Python/Django developer in the Syracuse, NY area -
[https://www.indeed.com/cmp/Noble-Health-
Services/jobs/Applic...](https://www.indeed.com/cmp/Noble-Health-
Services/jobs/Application-Analyst-f132d5fe58493d9d?q=Noble)

Change healthcare, develop for a pharmacy!

------
frik
What should they use instead? Email isn't secure enough. Email got not forced
TLS/GPG upgrade (compared to the web's HTTPS)

~~~
wutwutwutwut
Create a protocol or API spec on top of HTTPS or something else and use it. I
don't know where you ar at but surely the government can just say "hey guys
support this secure protocol before 2022 or you're out".

I can log on and read any of my medical records at any time and the
information is aggregated from multiple sources. What's the issue?

If you use fax you won't even be able to see some kind of central audit log
for your data. That's pretty crazy.

~~~
_callcc
> Create a protocol or API spec on top of HTTPS or something else and use it.

This is basically what they've done with EDI/X12 over AS2, which was also
mandated by HIPAA. The problem is that EDI is a pain to work with as a data
format and hooking up to other trading partners can take weeks of coordination
between IT teams (sending "implementation guidelines" back and forth). When
EDI is the alternative it's not hard to see how the fax machine survives.

------
interfixus
> _The clinic has digitized its own patient data. But its electronic system
> can’t connect with other clinics’ records. So when doctors want to retrieve
> records from another office — an ultrasound for a pregnant patient, for
> example — they have to turn to the fax_

Haven't these people at least heard of email?

~~~
mcpherrinm
They've heard of it, but aren't going to use it. Email is generally not
encrypted when stored at rest in many hops along the way, which should be
considered insecure.

While fax is unencrypted, it's generally not stored in any intermediate
systems and has established history of being considered HIPAA compliant.

~~~
acchow
If email is encrypted, why does it matter that it is stored in any
intermediary place along the way?

~~~
rjbwork
Email actually generally isn't encrypted. Sure, you can do things like PGP
encryption, but not even some of it's formerly strongest advocates bother
anymore. Consider email open to anyone between you and the recipient.

------
PragmaticPost
Most modern copiers have the ability to encrypt PDF files. The password is the
problem. There are also some email providers who serve healthcare that offer
security that abides by HIPAA rules. The solution is there. It's mandating a
standard that facilitates the flow of data that is not.

------
junkscience2017
old tech like fax will die when the independent Doctor's practice as a viable
business model dies...within fifteen years. Most of us already see physicians
through network orgs like PAMF in the Bay Area, who migrated to digital tech
internally long ago and are slowly replacing independent practices. I have
never seen a physician use paper for any reason in PAMF

~~~
vacri
My city has a large, world-class Children's Hospital, but the administration
there is ridiculously political, and the doctors will change _nothing_ to make
things more efficient.

A colleague of mine had a son who needed to get seen there. They asked him to
fax in the admissions forms. Who has a fax machine? He found somewhere and
faxed them in, in a couple of jobs. Nope, can he fax them so they all come
through in one continuous job. So he goes back and faxes them again. Nope, can
he fax them so that the documents arrive in the right order? So he decides to
go to a different children's hospital in the city.

I had a friend who worked in the QA dept of that hospital and tried to get
processes improved. He said that any time you tried anything, the relevant
head of department would say "If we make this change, children will die".
Everyone around the table would know the lie for what it was, but the head of
dept had the final say if it involved child health.

In short, faxes will still be going strong there for a while yet, and they're
a big hospital. :)

------
Ice_cream_suit
Two words: "HIPAA compliaance"

------
pmiller2
I'd like to see a similar piece about the law and banking industries.

~~~
stmw
Well, that's increasingly solved by companies like Stripe & Gusto.

------
ahuxley2013
Faxes are considered the only secure communication channel by medical
companies. Email is not secure. The Vatican has the same stance. They pope
communicates via fax the majority of the time, per 60 minutes.

~~~
t0mbstone
Which is utterly insane, because faxes aren't encrypted. All anyone would have
to do is tap into the phone line and copy the signals and they could print out
any fax that was sent over the wire.

~~~
Terribledactyl
I mean they have a few niceties like having to physically be in the same spot
to interact with it and lacking any sort of central discoverability. There’s
not really an equivalent to email:francis@aol.com password:p0p3 and having
anybody with a computer getting a copy.

------
dbcooper
Paging Pokitdok, Hashed Health, Change Healthcare etc.

------
chaitanyana
American health care system needs Changes in many ways

------
mmerlin
same in Australia too

