We are frequently approached by customers in need of HIPAA compliant email who are currently using Gmail, or who have users that are familiar with and like Gmail.   They would, of course, like to add HIPAA compliance without changing any of their business processes or habits.

For example, some customers may want to setup HIPAA compliant email with LuxSci and have those secure messages forwarded to Gmail, where they can access them in their “usual way”.  In general, this is a bad idea — this will almost always be non-compliant and leave them at significant risk for breaches, disclosure, and HIPAA liability.

No one who must abide by HIPAA should be accessing ePHI though Gmail.

Read the rest of this post »

LuxSci has supported login to Web-based email and administration consoles since January, 2009. OpenID allows users with logins to other websites to use those logins to access their LuxSci accounts as well — thus needing to remember fewer passwords, or to have enhanced security.

Now, in addition to permitting any generic OpenID login, LuxSci has specific OpenID login support for logins from Google, Windows Live ID, myOpenID, Yahoo!, Facebook, AOL, flickr, VeriSign Personal Identity Portal, Livejournal, Blogger, and WordPress.

These specific options make it easier and faster to use OpenID logins from these providers.

To use an OpenID to login to your LuxSci account, you need to login normally first, go to “Account > My Profile > OpenIDs”, and then add your OpenID login to your account as an authorized means of logging in for you.

LuxSci recently had the opportunity to speak with Nate Fitzgerald, Product Manager of Message Archiving at MX Logic.  Nate has been with MX Logic for over 4 years and is responsible for their successful archival service.  His insight has been invaluable in helping LuxSci get up to speed with all of the technical nuances of this service. We would like to share with you his knowledge and thoughts regarding the security, reliability, and utility of LuxSci’s Premium Email Archival service.

Read the rest of this post »

Frequently, we are asked to verify if an email that someone sent or received was encrypted using SMTP TLS while being transmitted over the Internet.  For example, banks, health care organizations under HIPAA, and other security-aware institutions have a requirement that email be secured at least by TLS encryption from sender to recipient.  This can and should be locked down to ensure that the email message content cannot be eavesdropped upon.  This check, to see if a message was sent securely, is fairly easy to do by looking the the raw headers of the email message in question.  However, it requires some knowledge and experience.  It is actually easier to tell if a recipient’s server supports TLS than to tell if a particular message was securely transmitted.

To see how to analyze a message for its transmission security, we will look at an example email message sent from Gmail to LuxSci, and see that Gmail does not use TLS when sending messages, even when it can.  This indicates that Gmail is probably not a service to be used when you have any kind of encryption requirements.

Read the rest of this post »

LuxSci now fully supports Google’s Chrome web browser in its WebMail Interface.  Chrome is built on the same foundation as Apple’s Safari web browser, but is optimized for use with high performance, modern, web-based applications such as LuxSci’s WebMail and collaboration interfaces.  We find that Chrome is an exceptionally fast and responsive browser to use.