" secureform Archives « Page 2 of 5 « LuxSci FYI
Secure Email, Web and Form Solutions         +1 (800) 441-6612
LuxSciLuxSci
Secure Email,
Web and Form Solutions
Phone: 800-441-6612
sales@luxsci.com
support@luxsci.com

Posts Tagged ‘secureform’

Creating Secure Web Pages and Web Forms: What You Need to Know

Wednesday, January 29th, 2014

Fred is a busy small business CEO.  He hired a cheap developer online to setup his secure medical web site for him.  The developer got an SSL certificate and setup pages where patients can make appointments and the doctor can receive patient requests and notices, “surely”.  However, the developer didn’t have any real training in security and none in HIPAA and as a result, PHI was being sent in the clear, there were no audit trails or logs, SSL security was not enforced, and may other serious issues plagued the site.

Luckily, Fred was made aware of the situation before a serious security breach happened (that he knew of); however, he had to re-do the site from scratch, more than doubling his time and money costs.

Creating a web site that has “secure” components requires more than slapping together some web pages and adding an SSL Certificate.  All a certificate really does is create a thin veneer of security — one that does not go very far to protect whatever sensitive data necessitated security in the first place.  In fact, naive attempts at security can ultimately make the data less secure and more likely to be compromised by creating an appetizing target for the unscrupulous.

So, beyond paying big bucks to hire a developer with significant security expertise, what do you do? Start with this article — its purpose is to shed light on many of the most significant factors in secure web site programming/design and what you can do to address them.  At a minimum, reading this article will help you to intelligently discuss your web site security with the developers that you ultimately hire.

Read the rest of this post »

HIPAA Compliant Emails Sent From your Web Site: Best Practices

Tuesday, January 7th, 2014

You buy a HIPAA compliant web hosting infrastructure.  You configure your web site to send out email messages in the simplest way, e.g. through PHP mail, or some other generic and standard mechanism.  You think you are all set — but you are not.

HIPAA compliant web hosting services provide a server infrastructure that allows you to be compliant; however, it doesn’t make you compliant.  Your web designers must make choices and program your site so that it properly respects ePHI.  If they do not do all the appropriate things, you will be out of compliance.  E.g. see: 7 steps to make your web site HIPAA-secure.

In particular, email messages sent in the “normal way” from a web site will go out insecurely in a way that will violate the HIPAA Security Rule if they contain ePHI of any kind.  E.g. they will not be encrypted and will not be archived.

Read the rest of this post »

Written Signatures for your Forms. Delivered via PDF

Tuesday, November 12th, 2013

You have a form that customers, vendors, or staff must fill out and return and that form needs to have their written physical signature on it.  Ideally, you would like to get that form, together with their written signature, returned to you as a PDF.

In these days of a paperless workplace and instant digital communications from anywhere, being able to replace the signed and completed form with a simple digital alternative is critically important.  Fortunately, there are several ways to accomplish this.

Read the rest of this post »

PDFExpert for Filling in PDF forms on Tablets and Mobile Devices

Monday, November 11th, 2013

Many customers of our SecureForm service create PDF forms for their staff to fill in while “on the go”.  E.g. order forms, contact forms, inventory tracking forms, etc.  However, while PDFs can be viewed on most devices, tablets and phones do not usually have functionality that enables filling out PDF forms and submitting them properly for processing.  (The Adobe App does not support PDF form submission on mobile devices)

We have found that PDFExpert does a wonderful job of this on both iPad and iPhone.  With PDFExpert, you can:

  1. Fill out and submit PDF forms.  It works seamlessly with LuxSci SecureForm PDF form processing service, to enable you to receive your submitted form data immediately and in whatever format you require. It’s the only iPhone application that can fill PDF forms.
  2. Sign PDF documents with a handwritten signature
  3. Annotate PDF documents quickly and easily
  4. Handles huge PDF documents very easily with fast scrolling

Note that signatures and annotations to PDF forms can be submitted to the server and received only if your PDF form is configured to submit its data “as a complete PDF”.

PDFExpert is ideal to enable your staff-on-the-go to work quickly and efficiently with PDF forms and to include handwritten signatures directly in these documents.  Having written signatures on your submitted PDF forms is especially useful for organizations requiring HIPAA compliance and/or legal authorizations.  Combined with LuxSci MobileSync, PDF Expert offers a complete mobile solution for compliant management of calendars, contacts, tasks, notes, email, and forms.

 

Compliant Web Forms in an Instant – HIPAA Form Processing

Monday, August 26th, 2013

Forms are pervasive on web sites; the number of forms associated with medical web sites is growing exponentially as everyone is scrambling towards the goal of a paperless office, seeking to optimize time spent processing applications and managing patient data, speeding up the process of making appointments and getting referrals, etc.

Web forms used in the medical industry generally have to be HIPAA-compliant, however, as they almost always involve the input and transfer of ePHI in one way or another.  That presents a problem as the requirements for a HIPAA-compliant web site are complex and take knowledgeable and experienced developers to implement and take extra time and money to get right — and you really have to get things right where HIPAA is concerned.

So, this is where most people are:

  1. They have a web site, which itself is likely not HIPAA compliant yet
  2. The have some web forms already … or maybe have some forms that they want to put up
  3. These forms will collect ePHI
  4. They need to set this up and have it be HIPAA compliant and don’t want to spend a lot of money or time getting it going.

What they need is “HIPAA Form Processing“. 

Read the rest of this post »

Web Form Signatures: Fast, Easy Method of Informed Consent

Friday, August 23rd, 2013

 A dentist looking for a consult on x-rays needs explicit consent from the patient to transfer the x-rays and related information [securely] to the other doctor, at least in many states.

There are many similar cases where “written” consent is needed to transfer private information, transfer responsibility, request actions, etc.  Simply sending information over email or through a web form does not easily include a mechanism for transferring consent — e.g. written authorization signatures.

Fortunately, there is a simple, cost effective, and secure solution — use of web-based forms which include written signature field(s).

Read the rest of this post »

Web Forms Reduce Spam and Optimize Business Processes

Wednesday, July 10th, 2013

Businesses of all sizes use general purpose email addresses, like info@company.com or support@company.com, as conduits for information, Support, Sales, Billing, and other requests from customers.  On the surface, there is an apparently very good reason for this: many customers appreciate the simplicity of being able to send an email message.  It’s best to be as flexible as possible and reduce the time that the customer must spend to get a response, right?

There are actually many significant downsides to accepting general customer requests via email; downsides which can actually cause friction, slow the response process, or result in missed opportunities.  We will cover many of these issues, below.  The solution, is to use targeted specific web-based forms to collect customer requests; we will also discuss why this is a better approach.

Read the rest of this post »

Ensuring all Data is Encrypted at rest with LuxSci

Friday, May 10th, 2013

Email and other data is either being “transmitted” or  ”processed” or “at rest”.  E.g. it is moving from one computer to another, or it is stored / at rest on a computer, or it is preparing to be transmitted or stored.

While most types of compliance regulation, such as HIPAA, specifically require that data be transmitted securely, not all regulations require that data be stored in an encrypted format while at rest.  E.g. HIPAA does not require at rest encryption, though it may be recommended to decrease potential liability.

However, having your email and other data encrypted while at rest does significantly increase the security of that data, even if that level of security is not explicitly required.  As a result, many LuxSci customers have asked about how to ensure that all of their email and other data is encrypted while at rest.

Read the rest of this post »

SecureForm Enhancement Rollup

Wednesday, February 27th, 2013

Several improvements to LuxSci’s SecureForm service are now available to all customers.  These include:

Read the rest of this post »

Send your Web and PDF Form Posts Securely to Anyone: SecureForm to SecureLine Escrow has Arrived

Tuesday, February 26th, 2013

LuxSci’s SecureForm service enables customers to collect data from web and PDF form posts and securely save and/or send that data in many formats to many places via email, FTP, MySQL, and online file storage.

Until now, if you wanted to send your form data over email securely to a recipient you had your choice of encrypting via SMTP TLS, PGP, or S/MIME.  TLS is great, but not all recipient email service providers support it; PGP and S/MIME are very secure but require special setup and support by the email programs that the recipient uses to access these messages.

Now, SecureForm supports secure delivery of form post data to any recipient’s email address via the SecureLine Escrow secure message pickup service.

Read the rest of this post »

Security Certifications TRUSTe EU Safe Harbor Thawte Extended Validation SSL Certificate McAfee Secure Authorize.net Merchant