We count medical laboratories among our many customers.  They process tests requested by doctors and send the results to the patients via email.

Medical laboratories, while not HIPAA covered entities themselves, are business associates with Hospitals and Doctors who are required to abide by HIPAA.  By the “transitive” nature of the HIPAA privacy laws, such business associates must also take pains to abide by HIPAA security and privacy standards, to protect patient data and ensure confidentiality.

In order to send patients their results via email, these labs must use a HIPAA-complaint system that can send email to anyone with an email address.  Enter LuxSci and its HIPAA-compliant SecureLine service.

HIPAA-compliant bulk mailing of lab results

These medical laboratories generally:

1. Analyze the tests during the day and generate the results
2. Send all of the results in a large mailing at the end of the day

This is a legitimate bulk mailing that:

1. Includes individual messages to 1000s of different recipients
2. Must include end-to-end HIPAA-compliant encryption for each message
3. Includes tracking so the laboratory can tell if a user has opened his/her results

First, they need to upload information about all of their recipients (e.g. security information used to validate the recipients when they open the messages — to ensure that only the intended recipients can open each message).  This is done by:

• Using LuxSci’s API to auto-upload these details, or
• Manually logging into the LuxSci portal and uploading a CSV file of the recipient data, or
• By including this data in special “email headers” included in the messages sent in the next step

Next, the laboratory uses email software (like Outlook, Thunderbird, or a custom program) to:

• Generate each message with the results
• Connect to LuxSci’s outbound email server over SSL or TLS
• Send the message
• Repeat for each recipient’s results message

LuxSci receives these messages and:

1. Encrypts them
2. Stores them in a secured database using SecureLine Escrow
3. Sends a simple notification message to the recipient informing them of the waiting lab results

The recipient:

1. Get the notification email message
2. Clicks on a link in it
3. Enters a password or other verifying information (pre-determined by the senders)
4. Views the results

The laboratory results company can:

• See who has opened what messages and when
• Retract messages
• Set messages to expire from the recipients view after a pre-determined time period (1 day to 10 years)
• Send messages up to 50MB in size

What kind of LuxSci account does this require?

In order to send occasional HIPAA-compliant secure email messages to patients (e.g. on the order of tens or a couple hundred per day), you could use a regular LuxSci business email account with HIPAA compliance.

To send to large numbers of recipients, you need a Premium High Volume bulk mailing account with HIPAA compliance.

Use our order wizard to get pricing.

Similar Posts:

• HIPAA: A Crash Course
• Transactional/Bulk email with ePHI in It? What to do about HIPAA
• More and More Companies need HIPAA Compliance due to Changing Regulations
• Does sending email using BCC make it HIPAA Compliant?
• HIPAA Faxing: How To Send and Receive FAXes in a Secure and Compliant Way