Despite all the advancements in technology, medicine still relies on the fax machine for a variety of information transfers, even though faxes are wasteful, inefficient, and very unfriendly to the environment. No matter that faxed data cannot be readily converted into digital formats. Let’s not emulate Japan, where, according to a recent article in the New York Times, population demographics have left that country dominated by older generations who are still more likely to have fax machines than e-mail addresses.6
My aversion to faxes might be traced to fact that they serve as the primary mode of delivery for the dreaded prior authorization (PA) forms required for a growing list of drugs. I understand the necessity of obtaining a PA for costly drugs. But what is the justification for using them to block prescriptions for inexpensive generic drugs such as omeprazole, alendronate, nifedipine, folic acid, and even prednisone.
These are just some of the drugs whose access has been blocked by various pharmaceutical plans in the past year. They are cheap, generally costing $100 or far less for a 90-day supply. I doubt that pharmacy benefit managers fret about wasting our time, but perhaps healthcare regulators should. For physicians, the prior authorization process probably creates more angst and dissatisfaction with our healthcare system than just about any other activity we are required to perform. When doctors cite the reasons for professional burnout, this one is near the top of everyone’s list. What would happen if we disconnected our fax machines for a couple of days? A greener environment and a happier office staff, no doubt.
New Rule: Let’s Pass on Producing Periodic Password Permutations
It’s been a mere 10 weeks since I was last required to change my hospital network password. Today, the not-so-subtle reminders started popping up on my computer screen. Literally every login attempt was greeted with a prompt to change my password again. There was a time when password changes were required annually. Eventually this requirement morphed into a semi-annual event, and now it has become quarterly. It’s as though my password is in some form of a witness protection program, constantly required to shed its identity and assume a new disguise.
Does it make my hospital network safer and impervious to hacking? Apparently not, according to a paper written by two computer scientists working at Microsoft.7 They carefully analyzed the password policies of 75 major websites, including universities, banks, brokerages, and government sites. The size of the site, the number of user accounts, and the value of the resources protected all correlated very poorly with the strength required by the site. Some of the largest, highest-value, and most-attacked sites on the Internet—such as Paypal, Amazon, and Fidelity Investments—allow relatively weak passwords. The scientists observed that sites that accept advertising, have a revenue opportunity per login, purchase adwords, or where the user has choice tend to have less restrictive policies. They concluded that the sites with the most restrictive password policies do not have greater security concerns; they are simply better insulated from the consequences of poor usability. Online retailers and sites that sell advertising must compete vigorously for users and traffic. In contrast to government and university sites, poor usability is a luxury they cannot afford. This, in turn, suggests that much of the extra strength demanded by the more restrictive policies is superfluous: it causes considerable inconvenience for negligible security improvement.
