LuxSci is pleased to present our latest feature for improving the secure email experience for Microsoft Outlook users — the new SecureLine Plugin for Outlook!

This tool integrates the outbound encryption features of the LuxSci WebMail interface into Outlook versions 2007+, allowing our SecureLine users to easily send encrypted messages to any email address via SecureLine Escrow, TLS, PGP, or S/MIME (based on the recipient’s encryption capabilities).

Read the rest of this post »

Frequently we are approached by customers who have automated systems that need to send out secured emails on demand and without any manual interaction.  These could be web site response systems for sensitive information, health care labs emailing results which need to meet HIPAA compliance, or other situations where the email messages must all be secured.

LuxSci’s SecureLine service provides a means for encrypting some or all outbound email messages using any combination of 4 different email encryption techologies: SMTP TLS, PGP, S/MIME, and SecureLine Escrow (secure message pickup).

Read the rest of this post »

For legal reasons, LuxSci’s HIPAA customers are required to physically sign a “Business Associate Agreement” and return it to us.  While this is a simple and commonplace request, it creates a lot of busy work on the part of the customer and LuxSci!

The customer has to

• Download the file
• Print out the 14 pages
• Sign the agreement
• Fax back all pages, or scan it and return electronically

Then, LuxSci has to

• Locate the document
• Sort out faxes that are in the wrong order, upside down, blank, or missing pages
• Figure out who sent the document
• Verify that pages are not missing or changed
• Counter-sign the document and attach them to the customer account
• Contact customers who have not sent in their documents properly or at all which is crucial to the HIPAA certification process

Multiplied by lots of customers, this creates a lot of unproductive busy work for everyone — and this time costs money.

LuxSci has found that it can use its own SecureForm and Ink Signatures technologies to make submission of signed contracts a snap for customers, as well as to eliminate most of the busy work LuxSci itself has to do to manage the process.

In this post, we describe how both technologies work.

Read the rest of this post »

We are frequently approached by customers in need of HIPAA compliant email who are currently using Gmail, or who have users that are familiar with and like Gmail.   They would, of course, like to add HIPAA compliance without changing any of their business processes or habits.

For example, some customers may want to setup HIPAA compliant email with LuxSci and have those secure messages forwarded to Gmail, where they can access them in their “usual way”.  In general, this is a bad idea — this will almost always be non-compliant and leave them at significant risk for breaches, disclosure, and HIPAA liability.

No one who must abide by HIPAA should be accessing ePHI though Gmail.

Read the rest of this post »

We are often asked questions about Cloud Servers and Virtual Private Servers (VPS) and which is better and in what circumstances.  We also find that many customers are using these terms without a good understanding of what they mean and the differences between them.

Virtual Servers

Virtual servers are very common these days.  Anyone can have one on his/her own desktop computer using software like VirtualBox (FREE for Windows, Mac, and Linux) or Parallels (Paid, for Mac). Essentially, these software products allow you to run one or more other “computers” in windows on your desktop.

Read the rest of this post »

LuxSci provides HIPAA-compliant services and must itself maintain HIPAA-compliant business operations in order to comply with HIPAA HITECH regulations.  As such, many of our customers and leads look to us for exactly what they need to do to be compliant.

This article provides you with a quick and easy-to-read overview of the various things needed for compliance.  The items given below should not be considered a complete or formal list for compliance, nor will doing all of these things guarantee that you are compliant.  

Read the rest of this post »

We have previously discussed how it may be OK according to HIPAA to send and receive FAXes with ePHI over standard analog phone lines.  See: Is a FAX document HIPAA-Secure?

However, we have observed that customers more and more wish to integrate FAXing with their computers, taking advantage of the “paper-free” office that is arriving most places.  Why should they have to print and manually fax things or receive FAXes on an old-fashioned FAX printer, when their computers have FAX capability?  Can that capability be used in a HIPAA-compliant way?

The answer is “Yes, you can”.  This article explains how and points out things to watch out for.

Read the rest of this post »

LuxSci has introduced a number of per-domain security features that allow us to offer accounts that contain both HIPAA-complaint domains and non-compliant domains.

Previously, customers could order such a combination of domains, but they were segregated into completely separate accounts.  These new security features benefit our customers because:

Read the rest of this post »

LuxSci’s SecureLine end-to-end email security system enables allows customers to enable use of TLS for email delivery, without any further encryption, when TLS is supported by the recipient email servers and the customers’ needs only include transport encryption (i.e. for HIPAA).  This provides security with maximum usability, when available.

However, TLS is not as secure as SecureLine Escrow for email communications.  For cases where enhanced security is desired, even to a recipient whose email servers support TLS, LuxSci’s WebMail email composer now permits users to override the use of “TLS Only” so that “SecureLine Escrow” can be used instead — on a message-by-message basis.  I.e., users can now use Escrow “on demand” to provide enhanced security over TLS.

Additionally, users have a new preference (under “Email Composition > SecureLine” preferences), where they can alter the behavior of WebMail so that “TLS Only” delivery is NOT used for them unless requested — Escrow can be used by default if desired.

These new security settings only apply to SecureLine customers who have “TLS” enabled as a viable secure email delivery method in their account.

LuxSci now supports databases running on MySQL v5.5.x.  Customers have the option of using v5.5.x or v5.0.x when making new databases.  Version 5.5 brings many enhancements that users have been asking for, including:

• Improved performance
• Improved InnoDB engines
• Triggers that can be managed by the end user (i.e. for HIPAA auditing purposes and other reasons)

MySQL v5.5 databases can be added by anyone in a database-supporting account via the “Databases” administrative control. If you have a dedicated server, and would like MySQL v5.5 added to your server, please contact Support.

MySQL v5.5 databases are compatible with LuxSci web hosting accounts, SecureForm database storage, and HIPAA accounts.

LuxSci’s Database Management User Interface has also been updated to allow Account Administrators to change the password to their database on demand.  See the “Change Database Password” tool in this area.