We are frequently approached by customers in need of HIPAA compliant email who are currently using Gmail, or who have users that are familiar with and like Gmail.   They would, of course, like to add HIPAA compliance without changing any of their business processes or habits.

For example, some customers may want to setup HIPAA compliant email with LuxSci and have those secure messages forwarded to Gmail, where they can access them in their “usual way”.  In general, this is a bad idea — this will almost always be non-compliant and leave them at significant risk for breaches, disclosure, and HIPAA liability.

No one who must abide by HIPAA should be accessing ePHI though Gmail.

Read the rest of this post »

LuxSci has introduced a number of per-domain security features that allow us to offer accounts that contain both HIPAA-complaint domains and non-compliant domains.

Previously, customers could order such a combination of domains, but they were segregated into completely separate accounts.  These new security features benefit our customers because:

Read the rest of this post »

When health care organizations review their operations to see where electronic protected health information (ePHI) is being saved, transmitted, and viewed, a great deal of time is spent on the obvious candidates: email, chat, stored files and health records, etc.

Many overlook the fact that ePHI can be embedded in Contacts, Calendars, and Tasks.  Consider for example:

Read the rest of this post »

If you are in need of HIPAA-compliant email services, this video will answer many of your questions regarding how LuxSci’ secure email services apply to HIPAA and what is needed for a HIPAA-compliant account with LuxSci.

Watch Video: HIPAA-compliant email services at LuxSci

LuxSci’s SecureForm service enables you to quickly make your web site or PDF forms secure and HIPAA compliant. Receive the form data, including uploaded files, via secure email or download the data securely from LuxSci’s web interface.  It also supports insecure form posts and delivery, making the usual form-to-email process easy to setup and protected from form Spam.

Typically, when using SecureForm, your web or PDF form will post to a secure web site address (URL) that is provided by LuxSci in the LuxSci.com domain name.  I.e. something like “https://secureform.luxsci.com/perl/post/xxxxxxx”.  Once the form data is processed, the end user is redirected to a success or failure web page on your site (for web forms), or is shown a success or failure PDF that you provide (for PDF forms).  I.e. under most conditions, the end user will never see the domain name to which the form is posted.

For customers who wish to use their own web site URL for the secure form posts, perhaps something like “https://forms.yourdomain.com/perl/post/xxxxxxx”, LuxSci now has a solution that does not require getting a dedicated server!

Read the rest of this post »

LuxSci offers solutions for secure and HIPAA compliant email and web services,  so we are often asked about secure FAXing.

Many organizations, especially in the healthcare industry, have an urgent need to send important and sensitive information, like protected health information (PHI), to  organizations via facsimile. Why?  Because this is how it has always been done, and everyone is “set up” to be able to handle FAXes quickly and efficiently.

However, with HIPAA security regulations ever-present, our clients are concerned that their use of FAX is compliant, similar to making sure that their email and web sites meet HIPAA security standards.

Update – for electronic FAXing options, see: HIPAA Faxing: How to Send and Receive FAXes i na Secure and Compliant Way.

Can data sent via FAX be “secure enough” for HIPAA?

Read the rest of this post »