This article discusses what types of email encryption are sufficient to comply with government regulations. TLS email encryption is a good option for many organizations that manage sensitive data. However, it does not protect data at rest. Each organization must perform a risk assessment to determine which encryption methods suit their legal requirements.
It is not easy to create a HIPAA-compliant web site and webmasters often ask us for clarification on best practices when it comes to HIPAA compliance. We have previously discussed what makes a web page secure and also what makes a web site HIPAA-compliant, but it seems that an explainer on what you should and […]
Data Loss Prevention (DLP) describes a plan for companies to control the sending of sensitive data. E.g. this can include controls to stop the flow of sensitive data or to ensure that sensitive data is always well-encrypted (for compliance) when sent. In the context of email, DLP is usually achieved through the following formula: Construct a […]
We have long held that leaving it to each sender/employee to properly enable encryption for each sensitive message (a.k.a “Opt In Encryption”) is too risky. Why? Any mistake or oversight immediately equals a breach and liability. Instead, LuxSci has always promoted use of “Opt Out Encryption,” in which the account default is to encrypt everything unless […]
Email and other data are either being “transmitted” or “processed” or are “at rest.” I.e., it is moving from one computer to another, stored/at rest on a computer, or preparing to be transmitted or stored. While most types of compliance regulation, such as HIPAA, specifically require that data be transmitted securely, not all regulations require […]
