Re: [hylafax-users] confidential faxes

[A J Stiles <hylafax_resp@xxxxxxxxxxxxxxx>]

On Thursday 08 December 2005 12:32, Joe wrote:
> Not necessarily.  I'm just looking for a way to have hylafax provide
> confidential faxes.  I don't care how (client or server) it gets done,
> just that it gets done.  It's a requirement for HIPPA supposedly.

Well, if someone can't spell HIPAA, then they probably have next to no chance 
of complying with it  :)

The web page idea has legs.  I think what you need to do is:  Display just the 
first page of the fax on the receptionist's screen  {I'm guessing only a 
human receptionist can decide who the fax is for, otherwise you can 
automate-out this step}.  This can be done with a simple CGI-script.  The 
receptionist chooses who the fax belongs to and saves the full content to a 
directory  {one per recipient}.  Also in this directory is a simple 
CGI-script to display the fax as a web page, and a .htaccess file which 
prevents anyone who doesn't know the password from viewing anything in the 
directory.

This is just as secure as e-mail; more so if the web server is https  {there 
is no reason not to; apache 2 supports this out of the box.  You'll hafta pay 
for a proper secure certificate if you don't want dire warnings; but even 
using the default "Snake Oil" certificate is secure, just not demonstrably 
so}.

Note that anyone with the root password can view anyone's faxes; and anyone 
with access to the phone line can potentially intercept faxes as they arrive.  
It also would be prudent that the partition you use for /tmp is no bigger 
than it need be, so done-with data gets overwritten as soon as possible.

--
AJS

____________________ HylaFAX(tm) Users Mailing List _______________________
  To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi
 On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null
  *To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*