Many times when a customer fills out a form on your website, they want a copy for their own records. Providing this copy of the submitted data often takes manual effort on your behalf to search your inbox, WebAides Documents, or database, extract the appropriate file, and email the file as an attachment back to the individual who filled it out.

Of course, this presumes that the submittee entered their email address accurately, and that you send the form back to their correct address. When sending a copy via this method, sensitive information such as medical data that needs to be HIPAA compliant could possibly be sent to the wrong person or insecurely, resulting in a possible breach and violation!

Now, with LuxSci SecureForm it is easy to provide the person submitting the form a copy securely, automatically and immediately after they submit your form.

Read the rest of this post »

For legal reasons, LuxSci’s HIPAA customers are required to physically sign a “Business Associate Agreement” and return it to us.  While this is a simple and commonplace request, it creates a lot of busy work on the part of the customer and LuxSci!

The customer has to

• Download the file
• Print out the 14 pages
• Sign the agreement
• Fax back all pages, or scan it and return electronically

Then, LuxSci has to

• Locate the document
• Sort out faxes that are in the wrong order, upside down, blank, or missing pages
• Figure out who sent the document
• Verify that pages are not missing or changed
• Counter-sign the document and attach them to the customer account
• Contact customers who have not sent in their documents properly or at all which is crucial to the HIPAA certification process

Multiplied by lots of customers, this creates a lot of unproductive busy work for everyone — and this time costs money.

LuxSci has found that it can use its own SecureForm and Ink Signatures technologies to make submission of signed contracts a snap for customers, as well as to eliminate most of the busy work LuxSci itself has to do to manage the process.

In this post, we describe how both technologies work.

Read the rest of this post »

It is a fact of life that passwords are the keys to our online kingdoms … and that keeping these passwords safe is critical to preventing identity theft, ensuring corporate security, keeping private things private, and much more.

However, the number of distinct places that we log into seems to constantly grow.  We have to use secure passwords for all of them and should not use the same password for any two of them.  Oh ya, we should also change our passwords frequently!

Its dizzying and makes your head spin.  Few can remember the plethora of changing passwords and, in desperation, either use the same poor password for everything or use written cheat sheets listing all of the user names and passwords for easy reference (and easy peeking by others should they get a hold of it).

Read the rest of this post »

TLS stands for “Transport Layer Security” and is closely related to “SSL” (Secure Socket Layer). TLS is one of the standard ways that computers transmit information over an encrypted channel. In general, when one computer connects to another computer and uses TLS, the following happens:

1. Computer A connects to Computer B (no security)
2. Computer B says “Hello” (no security)
3. Computer A says “Lets talk securely over TLS” (no security)
4. Computer A and B agree on how to do this (secure)
5. The rest of the conversation is encrypted (secure)

In particular:

• The meat of the conversation is encrypted
• Computer A can verify the identity of Computer B (by examining its SSL certificate, which is required for this dialog)
• The conversation cannot be eavesdropped upon (without Computer A knowing)
• The conversation cannot be modified by a third party
• Other information cannot be injected into the conversation by third parties.

TLS (and SSL) is used for many different reasons on the Internet and helps make the Internet a more secure place, when used. One of the popular uses of TLS is with SMTP.  See also:

• How Does Secure Socket Layer (SSL or TLS) Work?
• The Case for Email Security (Why normal email is insecure)

Read the rest of this post »

LuxSci has released its new “SecureForm” service. Quickly make your web site or PDF forms secure and HIPAA compliant. Receive the form data, including uploaded files, via secure email or download the data securely from LuxSci’s web interface.

What forms types are supported by SecureForm?

• Web site forms hosted anywhere
  • File uploads up to 50MB and 25 files per post
• PDF forms hosted anywhere

How can you receive the form data?

Read the rest of this post »

Several months back, we discussed Enforcing Email Security with TLS when Communicating with Banks. This is a critical stipulation for many banks that have strict requirements that all email messages be encrypted in transit via TLS when communicating with them.

Bank of America

Bank of America (BoA) is a case in point.  Their requirements are as follows:

Read the rest of this post »

LuxSci offers many options for email security. Whether it is PGP, S/MIME, LuxSci’s SecureLine end-to-end email encryption, or forced secure logins over SSL, LuxSci can guide you in making the best choices for secure and safe email.

End-to-end email encryption is one way to ensure that your email can only be read by the intended recipients. SSL and TLS connections are secure, but only to a point. While you can ensure that your users connect securely to LuxSci’s servers, who is to say that your recipient’s connection is secure? With LuxSci SecureLine, even if the recipient’s connection isn’t secure, you can be assured that your message is sent securely and can only be read by whom you intended.

Read the rest of this post »

The situation: your organization needs to collect information from clients through from(s) on your web site, but that information is sensitive. So, you need to be absolutely sure that the information is transferred from the users of your web site to you in as secure a fashion as possible. This means that

1. no one but you (or optionally your authorized staff) can intercept or read the information,
2. the information is never stored insecurely anywhere
3. the information cannot be modified without your knowledge

Why would this high level of security and privacy be necessary? There are many cases where they are essential; some of these include:

Read the rest of this post »

LuxSci offers solutions for secure and HIPAA compliant email and web services,  so we are often asked about secure FAXing.

Many organizations, especially in the healthcare industry, have an urgent need to send important and sensitive information, like protected health information (PHI), to  organizations via facsimile. Why?  Because this is how it has always been done, and everyone is “set up” to be able to handle FAXes quickly and efficiently.

However, with HIPAA security regulations ever-present, our clients are concerned that their use of FAX is compliant, similar to making sure that their email and web sites meet HIPAA security standards.

Update – for electronic FAXing options, see: HIPAA Faxing: How to Send and Receive FAXes i na Secure and Compliant Way.

Can data sent via FAX be “secure enough” for HIPAA?

Read the rest of this post »

It’s the classic problem of having “too many keys”.  You have accounts on many different web sites.  Some are small and relatively insignificant, from a security point of view, like blogs or shopping sites.  Some are large and sensitive, like banking and PayPal accounts.  Since unified login mechanisms like OpenID are not yet pervasive, you must remember the usernames and passwords for every single site.  This is a truly daunting task.

Ideally, you would like to use passwords that are “strong” (i.e. very good, not easily guessable) and different for every site.  However, how can you remember each secure and unique password without resorting to a “cheat sheet”?

Read the rest of this post »