Sending HIPAA-compliant emails is easy when you use an encryption solution like LuxSci. But what happens when someone replies to an encrypted message? Are the replies also secure? This is primarily a concern when using SMTP TLS as a secure means of email delivery. This article will explain how messages are sent securely, how replies […]
There are many ways to protect ePHI in email. HIPAA is technology-neutral and doesn’t make specific recommendations for how to protect email communications. This article explains the difference between a HIPAA-compliant email host and an email encryption gateway. These are just two of the options for securing email accounts.
One common misconception is that sending emails to a list of recipients using BCC (Blind Carbon Copy) makes it HIPAA-compliant. For example, a doctor’s office sends a newsletter to its patients using BCC to hide the other recipients. Patients who receive a message sent via BCC cannot see who else received it. Some may think […]
A majority of companies that offer email encryption for HIPAA compliance allow senders to “opt-in” to encryption on a message-by-message basis. If the sender “does nothing special” then the email will be sent in the normal/insecure manner of email. If the sender explicitly checks a box or types a keyword in the body or subject […]
We have long held that leaving it to each sender/employee to properly enable encryption for each sensitive message (a.k.a “Opt In Encryption”) is too risky. Why? Any mistake or oversight immediately equals a breach and liability. Instead, LuxSci has always promoted use of “Opt Out Encryption,” in which the account default is to encrypt everything unless […]
