LuxSci has made two significant improvements to its Account API – one to improve security and one to enable automated management of user AutoResponders.

Read the rest of this post »

We are sometimes asked if there is any way to make SSL and TLS be compatible with each other.  On the surface, this may seem almost nonsensical, but there are cases where such a question actually makes sense!

SSL (Secure Sockets Later) and TLS (Transport Layer Security) are fundamentally the same form of encryption – see SSL versus TLS – what’s the difference. But if that is the case, doesn’t that make them automatically compatible?  Well, not really.

Read the rest of this post »

Email and other data is either being “transmitted” or  ”processed” or “at rest”.  E.g. it is moving from one computer to another, or it is stored / at rest on a computer, or it is preparing to be transmitted or stored.

While most types of compliance regulation, such as HIPAA, specifically require that data be transmitted securely, not all regulations require that data be stored in an encrypted format while at rest.  E.g. HIPAA does not require at rest encryption, though it may be recommended to decrease potential liability.

However, having your email and other data encrypted while at rest does significantly increase the security of that data, even if that level of security is not explicitly required.  As a result, many LuxSci customers have asked about how to ensure that all of their email and other data is encrypted while at rest.

Read the rest of this post »

A majority of companies and hospitals that offer email encryption for HIPAA compliance allow senders to “opt in” to encryption on a message-by-message basis.  E.g. if the user “does nothing special” then the email will be sent in the normal/insecure manner of email in general.  If the sender explicitly checks a box or adds some special content to the body or subject of the message, then it is encrypted and HIPAA compliant.

Opt-in encryption is desirable as it is “easy” … end users don’t want any extra work and don’t want encryption requirements to bog them down, especially if most of their messages do not contain PHI.  It is “good for usability” and thus easy to sell.

However, opt-in encryption has become a very bad idea with the inception of the HIPAA Omnibus rule.  Its use imposes a large amount of risk on an organization, which grows exponentially with the size of the organization.

Read the rest of this post »

We have written extensively in the past about the impact of HIPAA regulations on email services, web hosting, faxing, and Skype use.  The recent HIPAA changes reflected in the Omnibus rule have a significant impact on the use of these types of services.  Here, we examine the new and important considerations based upon the HIPAA Omnibus Rule.

Read the rest of this post »

LuxSci sends many different kinds of automated email messages to users and account administrators.  Some examples include:

• Support Ticket updates
• Alerts of login successes and/or failures
• Spam quarantine reports
• Reports on the failed sending of email messages or spam feedback loops
• Notifications of reaching or exceeding various types of limits
• Status notifications from automated or periodic processes
• many, many more

Until recently, a large majority of these automated email messages were simple “plain text” messages and the ones that were HTML, used very simple, plain markup.

Read the rest of this post »

Since its inception in 1999, LuxSci Support has manually handled all password reset requests that were not handled by the account administrators.  

Why? Security reasons, of course. We are aware of:

• Poor Security Questions: very often users have poorly chosen answers to security questions,
• Hackers: that people often try to use password reset systems to gain unauthorized access to users’ accounts
• Lack of Information: users often do not have enough solid information in their profiles to reliably verify their identities

By manually processing these requests, we can effectively block password resets in the face of poor identity verification information and subjectively identify “fishy” requests.

However, we have come to determine that this manual process, while it provides the best security, is not actually in the best interests of our customers because:

Case in point – A medical lab that needs/wants to send test results to patients via email.  This is:

• Bulk email … possibly 100s or 1000s of messages/day
• Transactional … every message is important and unique.
• ePHI … every message contains private health information governed by HIPAA

Customers that have approached us looking for solutions for scenarios like this and others (e.g. medical news, appointment updates and reminders, etc.) have had problems managing this kind of electronic messaging because:

1. Their own ISPs put limits on the maximum number of messages they can send in a day
2. Most email marketing solutions and bulk mailing solutions do not have a HIPAA compliance component and thus are completely useless for sending ePHI of any kind.
3. All messages must be encrypted in a HIPAA compliant way, making in house solutions difficult, especially when combined with #1.

   Read the rest of this post »

LuxSci performs automatic on site and off site backups of all email, web site, database, WebAide, and Widget data for its customers.  These are snapshots of the data on our servers at specific points in time.

LuxSci has just expanded its backups for Premium Environment customers.  We have increased the number of rolling daily snapshots that we perform from 2 to 7.  Premium environment customers now automatically have access to:

• 7 Daily on-site backup snapshots of their data
• 4 Weekly off-site backup snapshots of their data
• Free restores from backup (within reason)

This provides our Premium customers with even more ability to recover lost or accidentally deleted information.

Basic environment customers who receive a discount for reduced service levels have 7 daily on site backups, no off site backups, and paid restores.

For customers for whom their email data is business critical, we also recommend that they purchase Premium Email Archival.  This compliments the backup snapshots by providing an immutable history of all inbound and outbound email messages that can be searched at any time for up to 10 years.  Backups restore folders to the state that they were in at a specific time.  Archives find messages that may or may not be in backups or which were deleted long ago and for which backups no longer exist.

LuxSci’s WebAide collaboration tools allow you to use and share calendars, contacts, tasks, files, passwords, blogs, and more both through our web site and from your desktop or mobile device.  This video takes you though WebAides at a high level so that you can get a feel for what they include.

Watch video.