You are here

Sending Faxes with T.38 - Legal through AREDN?

3 posts / 0 new
Last post
km6zpo's picture
Sending Faxes with T.38 - Legal through AREDN?

OK I'm hoping to receive not just opinions on this, but facts (and sources) to back up your position.

I was asked by my local EOC whether fax machines could be hooked up to the AREDN network.  As it turns out, YES, they can and it works.  

Why fax machines?  Well there are certainly many use cases, but the one that is most obvious is HIPPA compliance. According to this article (which I found on the Internet so it must be true, right), fax via T.38 (which is most fax machines) is HIPPA compliant.

Another use case is that we save time and can be 100% accurate by sending an original, signed ICS form rather than copying everything from a written form to a digital form.  I can send a dozen or so original ICS forms via fax in the same amount of time it would take to copy and send them via Winlink.  We truly become the "conduit" in that transaction and wouldn't have to worry about messing up the message.

I've heard concerns from emergency managers, hospitals, etc. that sending sensitive patient information over the air, whether by voice or digitally via Winlink is a concern since it can be intercepted.  We use Winlink as a means of "security by obscurity" assuming of course nobody would maliciously want to intercept our transmissions.  It's not 100% safe, but it's pretty good - or so we tell the emergency managers.

Anyway, assuming fax via T.38 is perfectly HIPPA compliant, my only concern as a ham operator is - am I sending a message in violation of FCC rules?  Is it "encoded for the purpose of obscuring their meaning" per Section 97.113(a)(4)?  I would argue that we're not obscuring the meaning of the transmission at all, but rather, we are simply securing its transmission from interception in order to comply with HIPPA rules.  But I'd like to see some educated responses on the subject. 

P.S. We all know that the HIPPA rules and perhaps even the FCC rules will be thrown out during real emergencies.  I for one am going to get the message through and worry about the punishment later if it's a life or death choice.  But for exercises, I don't want to set a bad example if this could get operators in trouble.

P.S.S. If you want to know HOW I did this, I will be writing an article on the setup soon.

---mark, KM6ZPO

kc8ufv's picture
I actually am in an ESF8

I actually am in an ESF8 response agency,  and strangely enough, HIPAA doesn't apply to us now (even for our EMR), but it can be made to retroactively. Don't count on rules being thrown out in emergencies. Instead, expect there to be minor changes to them.

Fax machines are a weird thing, though they're just as easy to intercept as anything else. Even when you route it over ip telephony. Two sets of tones are used, one called sending, the other called answering. If a recording of the fax transmission were captured, it could easily be played back to another fax machine. Fax machines are only exempt because the people that wrote the law don't understand the tech, and made them exempt.
FAX not encrypted

"Encoding" and "encryption" are different things.  My understanding is that the FCC is fine with any encoding method as long as the protocol is known to the public.  Doesn't matter if it is FAX or PSK31.  Indeed, the protocol details apparently don't need to be known as long as a way to decode them is freely available.  I believe that is how some versions of Pactor pass legal muster... the manufacturer provides a free utility for decoding it.

As for HIPAA... I am by no means an expert, but my understanding is that most of what people think doesn't comply with HIPAA isn't actually a problem. Before worrying about HIPAA... check with an authoritative source as to whether HIPAA governs the actions you are contemplating.  You might find this interesting:


Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer