" New Feature Announcements Archives - Page 6 of 17 - LuxSci

Archive for the ‘New Feature Announcements’ Category

Telehealth & BYOD: Is It a Bad Idea?

Tuesday, May 21st, 2019

Telehealth leverages telecommunication technology to provide healthcare and related services. It can include treatment, education, prevention, reminders, communication and other measures that rely on devices and technology.

Over the past few years, it has become more common for companies to allow their employees to bring their smartphones into the workplace. This practice, known as bring your own device (BYOD), has been embraced by many businesses because it can help to reduce costs, boost productivity, and increase employee satisfaction.

Despite these benefits, BYOD policies come with a number of security complications. Since healthcare organizations deal with vast quantities of highly regulated and sensitive information, the security and privacy of data is even more critical than in other sectors.

Given the risks of breaching electronic protected health information (ePHI), or going through a costly and disruptive HIPAA violation, are BYOD policies appropriate for telehealth practices?

Devices in Healthcare

Devices such as smartphones and tablets are now seen as an essential part of the medical world. They can help to improve communication and give patients new options for treatment. They are also a core aspect of telehealth practices.

Given the necessity of these devices in the healthcare industry, organizations have two ways that they can facilitate their use. They can either provide devices for their employees, which allows employers to maintain strict controls over how they are used, or they can let their employees bring their own devices and use them as part of their work processes.

Employer Provided Devices

Providing devices for employees is the ideal option from a security perspective, particularly in a health scenario where there is so much sensitive data at stake. Since employers own the devices, they can regulate where and how they are used without too many major issues.

The most important aspect is to make sure that the rules are enforced to minimize any breach-related risks.

Another major challenge is keeping the personal devices of employees outside of the workplace. Since they have become a mainstay of modern life, it can be difficult to prevent employees from bringing smartphones in to work and using them. It requires strongly enforced policy and a high level of employee awareness to manage this risk.

BYOD Devices

If personal devices are going to be allowed in the workplace or as part of a healthcare worker’s job, a strict BYOD policy needs to be in place. The threat of exposing ePHI is simply too great for healthcare organizations to neglect having one.

These policies should define when, where, how and through which applications employees may use their devices, as well as what is strictly prohibited.

If employees are allowed to use personal devices in the course of their jobs, then the BYOD policy needs to be even more stringent. Businesses have two major ways that they can do this and still safeguard ePHI to a reasonable degree.

The first is to only allow access to ePHI through VPNs or web portals, never storing any sensitive patient data on the personal devices of employees. This can secure data without being too intrusive.

Alternatively, employers can require their workers to add security software and make sure that devices are configured properly to safeguard any ePHI. This includes things like encrypted folders and remote wipe capabilities.

Since this option involves mandating how employees use their own devices and can even affect their personal files, it’s not ideal. It can lead to privacy concerns and cause employee dissatisfaction.

Should Your Organization Allow BYOD?

Ideally, healthcare organizations should keep personal devices out of the workplace to minimize the risks of leaking ePHI and facing HIPAA violations. This may not be practical for all businesses, so those that choose to allow personal devices need to be aware of the risks and adopt a strict policy that minimizes them.

Posted in New Feature Announcements
No comments »

Telehealth: The Benefits & The Risks

Tuesday, April 30th, 2019

In recent years, telehealth has been touted as a solution to many of our society’s medical problems. It has the potential to make health services more efficient and improve patient access. Despite these benefits, telehealth isn’t without its risks and challenges.

What Is Telehealth?

Telehealth is the practice of leveraging information technologies to deliver patient care and other health-related services. The term can be used broadly to include providing healthcare from a distance, health-related education, monitoring, intervention, communication and more.

Telehealth is often used interchangeably with telemedicine or eHealth, although some may argue that telemedicine is more focused on providing healthcare from a distance, and eHealth is more focused on electronic communication and processing.

In comparison, two medical practitioners discussing a case over a video call could fall under the umbrella of telehealth, even though it may not relate directly to the treatment of a patient.

telehealth risk

What Are the Benefits of Telehealth?

At its primary level, telehealth involves applying technology to enhance healthcare and its surrounding processes. Just as in most other sectors, our evolving technology can be used in numerous ways to improve treatment, outcomes, communication and efficiency.

One of the most obvious examples of the benefits of telehealth involves those who live in regional areas. In these cases, it may be either impossible or extremely costly for a patient to receive medical treatment from certain specialists.

Without telehealth, the only possibility would be for either the patient to travel to the medical practitioner, or for the healthcare specialist to go to them. Depending on how remote the patient is, this can be incredibly inefficient.

Advances in technology have completely changed the treatment prospects in these cases. As long as there is an adequate internet connection, healthcare specialists may be able to monitor their patient, give advice, diagnose them or even provide treatment without leaving their offices.

This increases healthcare access and makes the whole process much more efficient. If healthcare professionals don’t need to account for travel time between clients, they can see far more patients each day, easing the burden on the healthcare system and essentially making treatment cheaper.

On top of this, telehealth can help to promote healthcare education, disease prevention and more. It can also increase access and reduce costs in each of these aspects.

What Risks Are Involved in Telehealth?

While telehealth opens up a world of opportunities in medical care, it is not without its challenges and it should not be implemented without adequate planning. We will mainly discuss the technical, privacy and security challenges, although there can be other issues, such as reduced quality of care in certain situations.

One of the primary requirements for telehealth is a stable and reliable connection. If the network infrastructure is inadequate, it could limit the quality of care that a patient receives, or even endanger them. In cases where internet connections are poor, traditional medicine should be used instead.

On top of this, there is the issue of consent. Should the patient be required to give it before any telehealth practices begin? The technology-based nature of telehealth involves numerous complications that simply don’t exist in face-to-face healthcare. Since technology links the two parties together, there are a range of privacy and security issues which patients need to be aware of.

Telehealth & Privacy

Let’s look at an example of a potential privacy issue. Patients with certain conditions may have in-home monitoring technology to detect falls or other health-related incidents. The issue is that these technologies, whether they be cameras or sensors, will also detect information which the patient may not want exposed.

This could include when their home is unoccupied, or it could even reveal things about their intimate relationships, drug abuse or other private matters. This leads into our next issue, telehealth and its security.

Telehealth & Security

By its very nature, telehealth involves collecting, processing, transmitting and storing data which would normally not be a part of traditional medicine. As we mentioned above, this information can be problematic, even when it is only in the hands of authorized personnel such as healthcare professionals.

But what happens if this data falls into the hands of attackers?

Healthcare information is some of the most valuable of all, because it tends to be comprehensive and can also include sensitive details. For this reason, it is important for any applications of telehealth to use appropriate security measures. These include encryption both in transit and at rest, authentication and access control.

Telehealth Is Still in a Regulatory Gray Area

Since telehealth is yet to be widely used, our laws haven’t had a chance to catch up with it. The best guidance probably comes from HIPAA, although these laws are intentionally vague to allow organizations to implement security in a way that is most suitable for the situation. Because of this, businesses should err on the safe side whenever they use telehealth.

Should Your Organization Use Telehealth?

When deciding on whether your organization should use telehealth, the first step is to determine whether it will actually be beneficial. Will it improve patient outcomes or increase efficiency within your organization?

If you can foresee definite benefits, then you should take the time to examine how it would be applied and secured. Due to the risks involved in telehealth, it’s important to take the appropriate planning steps and make sure that adequate security measures are in place.

Rushing into telehealth without taking the time to examine its repercussions could lead to data breaches, HIPAA violations, or even lower health outcomes for your patients.

If you are interested in pursuing telehealth at your organization, contact LuxSci first. We have almost two decades of experience in healthcare security, so we can help your business get the most out of telehealth, without being trapped by its numerous pitfalls.

Posted in New Feature Announcements
No comments »

Email Open and Click Tracking for Everyone

Tuesday, April 2nd, 2019

Have you ever sent an email message and then wondered:

  • Did they open your email message?  
  • Did they click on any of the links that you included?  
  • Which links?  
  • Was the message forwarded on and opened by other people?  
  • When did they read it?

Typical email marketing platforms, like LuxSci’s Spotlight Mailer, include features that expose this information for the email marketing campaigns sent through them.   However, not all email marketing systems include email open and click analysis.  And, what about sending email via other means, e.g., through WebMail, Outlook, iPhone, API, basic SMTP relaying, etc.   Most outbound email systems that are not explicitly geared towards email marketing do not provide any means to learn the answers to these important questions.

With LuxSci’s new email open and click tracking options, LuxSci will add codes to your messages so that you can gather then answers to such business critical questions for any messages sent through LuxSci:

  • WebMail
  • API
  • SMTP Relaying — i.e., Outlook, Mac Mail, iOS, Android, and other all programs that connect via SMTP

Open and click tracking is included as a standard feature with LuxSci email hosting, LuxSci high volume secure sending, and LuxSci smart hosting.

HOW DOES IT WORK?

When LuxSci email open tracking is enabled, LuxSci adds a small image to the end of the HTML part of every message sent to every recipient.  When the recipient opens this message, that image is requested from LuxSci’s servers and we record the “email open” event.   This includes the date/time it was opened, the recipient of that message, and the IP address / physical location where the message was opened.

When LuxSci email click tracking is enabled, LuxSci modifies the links in all HTML parts of every message sent to every recipient.  When the recipient clicks on any of these links, they are taken first to LuxSci.  We record the click event. This includes the URL clicked, date/time it was clicked, the recipient of that message, and the IP address / physical location where the link was clicked.  Then, LuxSci redirects your recipient to the actually intended web address.  This happens so fast that most people never notice the tracking.

HOW TO I ENABLE OPEN AND CLICK TRACKING?

Open and/or click tracking can be enabled in LuxSci on an account-wide, domain-wide, or per-user basis; you can customize its usage to match your business needs.

To enable account-wide, for all messages sent by all users in your account, go to:

  • Account Settings > Email
  • Scroll down to “Open Tracking” and “URL Click Tracking”
  • Toggle the settings to “On” and press “Save Changes”

To enable domain-wide, for all messages sent by all users whose email addresses belong to a specific domain, go to:

  • Account Settings > Domains
  • Click on the domain in question (if you have multiple in your account).
  • Click on “Outbound Email Settings” on the left
  • Scroll down to “Open Tracking” and “URL Click Tracking”
  • Toggle the settings to “On” and press “Save Changes”

To enable for all messages sent by a specific user, go to

  • Your user outbound email settings:
  • Scroll down to “Open Tracking” and “URL Click Tracking”
  • Toggle the settings to “On” and press “Save Changes”

HOW DO I SEE MY OPEN AND CLICK TRACKING REPORTS?

Once you have enabled open or click tracking and have sent some messages, you can look and see what has happened. Did anyone open the messages? Who clicked on what links? When?

There are several ways to dig into this juicy data.

User-Level Reports

Login to you LuxSci Account and go to your Reports area. From there, open up the menu area on the left for “Sent Email – From WebMail” or “Sent Email – From SMTP Server,” depending on which messages you are interested in. Next, you can look at the “Message Opens” and “URL Clicks” reports to see what has been opened and clicked. Note that you can export data using the “Download CVS File” button on the upper right of the page. Also, Open and Click details are also available in the “Delivery Status” reports via the “Advanced” reporting tab.

Account-Level Reports

As an account administrator, you can view reports covering sending across all users in your account. Go to your Account Reports area. Then, open the “Sent Email” menu on the left and you can find reports analogous to the user-level ones, described above, but inclusive of the sending from all users.

API Reports

If you would like to integrate email open, click, and other deliverability information into our own database or application, your can use LuxSci’s REST API. The API provides all of the functionality of the user and account user interface reports, but through programmable queries and filters.

WHAT ABOUT WHITE LABEL BRANDING

When open or click tracking are enabled, images and/or links are added to your email email messages that reference luxsci.com.  If you would like to customize this so that your own domain name is used for these images and links, LuxSci offers “Private Labeling.”  Customers with Private Labeling can customize many aspects of LuxSci, including the look of the WebMail interface and the domain name used for these links and images.  If you already have Private Labeling enabled, then your configured secure domain name will be automatically used with open and click tracking.

Want to learn more about HIPAA-compliant email marketing and reporting? Contact us.

Tags: click tracking, click tracking email marketing, email marketing HIPAA, HIPAA-compliant email marketing, open tracking email marketing
Posted in Email Marketing, New Feature Announcements
No comments »

How Secure Is Your Email Provider?

Tuesday, March 26th, 2019

Most people don’t put a lot of thought into the security of their email. As long as it sends and receives messages without overloading them with spam, it seems to be enough, right?

Well, that depends on what you use your email for.

If you only use it for reading chain letters from your aunt and skimming through the newsletters from your favorite organizations, then you might not have much to worry about.

But very few people use their email in such a limited manner. It’s often used as a second authentication factor for other accounts, many people get their bank statements sent to them via email, and others use it to talk about critical work details.

That’s not to mention the countless other pieces of sensitive and valuable information that people communicate over email each day.

If you use your email for any of the above, then you need to think twice about your email’s security.

Why?

Because email is inherently insecure.

Without additional protective measures, the plaintext of your emails can easily be intercepted by attackers.

That’s right. Someone could have seen your online banking passwords that time you emailed them to your husband. A hacker could have read that message you sent to a friend where you called your boss every bad name in the book, then used it to blackmail you. An attacker could even receive the link to reset your password and use it to hijack your account.

If that’s not bad enough, your messages can also be modified or deleted in transit. And this is just the tip of the iceberg when it comes to the security and privacy issues that surround email.

Let’s look at some of the particular problems associated with some of the world’s most popular email providers, Gmail and Outlook:

Gmail

Thankfully, in 2017, Google announced that it would no longer be automatically scanning emails for advertising purposes. It’s good news that they are no longer diving through their customers’ messages with their tools. However, third-party apps that are installed on people’s devices can still be configured to scan through emails instead.

So maybe Google isn’t going through your messages any more, but there is the potential that other companies are.

Messages are encrypted within Gmail’s systems and when traveling to some of the major email providers. However, this all depends on the recipient’s email provider, and some providers may not offer TLS encryption. This means that a message may travel part of the way as cleartext.

When you add in Google’s strong history of collecting as much user data as they can, it’s safe to assume that Gmail is not the best option for those who are privacy conscious.

Outlook

Outlook does offer configuration options to send completely encrypted email, but it is not set up by default and can easily be misused. It operates under a different funding model to Gmail, so one positive aspect is that it hasn’t been as rife with privacy issues as Google’s offering.

While it is possible to sign a Business Associate’s Agreement with Microsoft, Outlook isn’t really set up to be HIPAA-compliant, so using it for your HIPAA needs can be very dangerous.

Looking for a Provider that Takes Your Email Security Seriously?

None of the major providers make it easy to be HIPAA compliant, nor are they designed with your security needs in mind. These organizations are also huge targets for hackers and they have massive attack surfaces that they need to defend. All of them have had a number of serious data breaches over the years as well.

LuxSci is a security provider that specializes in HIPAA compliance, and keeping our customers safe is one of the foremost design objectives in all of our services. That’s why we’ve tailored our secure email service to offer completely encrypted email in a number of different ways, including TLS, portal-pickup, PGP and S/MIME.

We also offer a range of configuration options that make it easy to prevent user errors, such as opt-out encryption.

If you really care about your email’s security, then you should be choosing a provider who prioritizes it at the core of their service, rather than a mainstream competitor who has only tacked it on over the years after countless damning media reports. Keep your messages safe with LuxSci.

Want to discuss how LuxSci’s HIPAA-Compliant Email Solutions can help your organization?  Contact Us

Posted in New Feature Announcements
No comments »

CalDAV & CardDAV: The Keys to Syncing Your Calendar & Contacts

Wednesday, February 6th, 2019

If you use a calendar app to organize your life, you may have noticed that you can add a new event on your phone and it will be immediately updated to your desktop. Likewise, your contacts can also be updated instantly across your devices whenever you make changes.

Have you ever stopped to wonder how this happens?

Unfortunately, it’s not magic, unless you consider the painstaking process of a bunch of engineers sitting in a room and bickering to be magical.

The answer behind what is actually going on will depend on which system we are talking about, but some of the most common underlying protocols for syncing are CalDAV and CardDAV.

Calendaring Extensions to WebDAV (CalDAV), and vCard Extensions to WebDAV (CardDAV) are Internet Standards that are frequently used to sync calendars and contacts, respectively. They are both based on the HTTP extension, WebDAV, which enables clients to remotely edit documents on a web server.

 

What Does CalDAV Do?

To understand what CalDAV does, let’s first discuss one of the main problems that led to its development. Let’s say you’re a businesswoman in 1995. You have a secretary who normally handles your scheduling, but you run into an old friend on the street.

You have a quick conversation and then, knowing that you have the night free, you agree to meet up that for dinner. The problem? Just minutes before, your secretary had scheduled drinks with your superiors at the exact same time.

When you see your secretary a little while later, you find out that you have been double-booked and face the difficult decision of either ditching your friend or skipping the business drinks, which could lead to numerous career opportunities.

The real issue here is that previous systems just weren’t reliable enough to make real-time changes to your schedule. Well, what if a current version of your schedule could be accessed at any time from anywhere?

This is what CalDAV can give us. There is a range of other calendar systems that perform similar functions, but CalDAV is an interoperable standard that is now used in a range of calendar applications.

 

Where Is CalDAV Used?

Some of the most common clients that use the CalDAV standard include:

    • iCloud Calendar (i.e., iOS and macOS)
    • Google Calendar
    • Windows 10 (for integration with both iCloud and Google’s calendars)
    • Open Sync (an open source Android synchronizer)
    • BusyCal
    • Many other apps for mobile and desktop

There is also a range of third-party applications that support CalDAV and make it easy to use on systems like Windows.

At LuxSci, we also offer CalDAV synchronization as part of our HIPAA-compliant secure email. Our setup makes it simple for users to access, share and update their calendars across their devices. On top of this, our CalDAV solution also comes with our security-first approach. Your calendar is guarded by TLS and can only be accessed with your password, meaning that only authorized individuals have access to your data.

 

How Does CalDAV Work?

To understand CalDAV and how it can update in real-time, we have to think about where the calendar is actually stored. Is it stored on your computer? On your phone? In the ether? Or is it somehow simultaneously stored everywhere?

The answer is that your calendar is stored on a remote server. This provides a central hub that gives your devices up-to-date information.

If someone wants to schedule something on your calendar, they can perform queries to find when you have free time available. The owner of a particular calendar can set their own security levels, as well as nominate who can make changes to their calendar. Since CalDAV is an interoperable standard, it can do this between organizations and across a range of different types of software.

 

What Does CardDAV Do?

As you might have already guessed, CardDAV allows people to keep their address books and contact information updated in real-time and across all of their devices.

With CardDAV, you can alter the personal details of a contact on your phone and the same changes will be made on your computer, without you having to do anything else. Its interoperable nature makes it easy to sync contacts between a variety of different platforms, saving you the hassle of doing it manually.

 

Where Is CardDAV Used?

Some of the most common clients that use the CardDAV standard include:

    • iCloud Contacts (i.e., iOS and macOS
    • Google Contacts
    • Windows 10 (for integration with both iCloud and Google’s contacts applications)
    • BusyContacts
    • Many other apps for mobile and desktop

Third-party applications can also be used to integrate your contacts into platforms that don’t natively support CarDAV.

Just like with CalDAV, CardDAV synchronization is also a part of LuxSci’s HIPAA-compliant secure email. This makes it easy for you to sync your contacts, all with LuxSci’s renowned approach to security keeping your information safe.

 

How Does CardDAV Work?

Since we have already introduced CalDAV, which is similar in a number of ways, much of the mystery behind CardDAV is pretty easy to figure out. Once again, your address book is kept on a remote server. When updates are made from your phone or computer, the changes are put through to the server, which keeps all of your other devices in sync.

The CardDAV standard makes it much easier to keep your contacts in order and up-to-date. Without it, we’d either be faced with the arduous task of constantly editing our own address books or having to deal with confusing address books that are filled with duplicates and errors.

Posted in New Feature Announcements
Comments Off on CalDAV & CardDAV: The Keys to Syncing Your Calendar & Contacts

« Older Entries
Newer Entries »