be Smart.
be Secure.
Phone: 800-441-6612
How it Works
Learn More


LuxSci's HIPAA-compliant email was specifically designed to satisfy all HIPAA rules and security requirements. With the implementation and utilization of the following features, and after review and lock down by LuxSci Support, we will confirm your account as being HIPAA compliant in terms of our HIPAA Business Associate Agreement.

HIPAA Account Feature Included

Signed HIPAA Business Associate Agreement

LuxSci provides a Business Associate Agreement compatible with the HITECH amendments of HIPAA. This defines LuxSci's role in maintaining the Privacy of Protected Health Information (PHI) for you as you seek to be HIPAA-compliant. A document like this is required by HIPAA of any vendor that you use.

HIPAA Compliance Seal / Trust Mark

Once your account is certified by LuxSci as meeting its HIPAA Security Requirements, you can use a LuxSci HIPAA Compliance Seal on your web site or in your HTML Email Signatures, Taglines, or Disclaimers.

A sample HIPAA Seal looks like this (click on it to see an example certification page):

LuxSci helps ensure HIPAA-Compliance for email and web services.
LuxSci helps ensure HIPAA-Compliance for email and web services.

Accounts with Mixed HIPAA and non-HIPAA Domains

HIPAA accounts can be either globally secure, so all users are compliant and encryption and security are fully-enforced for all messages, or they can be secured on a per-domain basis. In the per-domain case, only users in specified "HIPAA Domains" are required to send all email securely; users in other domains can send insecure email messages but cannot deal with ePHI at all. All users in these accounts share certain basic security considerations such as strong passwords, required use of SSL and TLS for server access, etc.

Use of per-domain HIPAA allows organizations to easily manage their compliant and non-compliant domains in a single account and also permits limited collaboration and sharing between non-HIPAA and HIPAA user logins.

Customers can select account-wide or per-domain HIPAA accounts during the ordering process.

ePHI Safeguarded

As required by the HITECH amendment to HIPAA, LuxSci follows the HIPAA Security and Privacy Rules with respect to all ePHI in your HIPAA-enabled accounts. This means that LuxSci actively ensures that the privacy of all electronic health information is safeguarded while it is stored on our servers, passing through our servers, or on our backups. It also means that LuxSci staff comply with all HIPAA Security and Privacy requirements:

  • Physical safeguards and data access control for ePHI
  • Staff training and administrative policies
  • Facility access control and security for ePHI
  • Contingency plans, backups plans, and disaster recovery for ePHI
  • Workstation security and usage lock down with respect to ePHI

I.e. LuxSci staff themselves obey all of the same HIPAA Security and Privacy requirements that our customers face when dealing with ePHI.

Secure Mobile Email, Calendar, Contact, Task, and Notes Access

Mobile Sync is an optional service that enables you to synchronize email, calendars, contacts, tasks, and notes on your mobile devices automatically and in real time. Mobile Sync is HIPAA-compliant and provides "Remote Wipe", so you can delete ePHI from your mobile device should it become lost or stolen -- preventing possible HIPAA breaches.

Even without Mobile Sync, LuxSci's IMAP, POP, and SMTP services can be used to securely send and receive email on most mobile devices.

Email Archival

LuxSci can offer you an archival solution that is comprehensive, cost-effective, and compliant with most current federal regulations including:

  • Permanent single-instance storage on Write-Once Read-Many (WORM) media
  • Redundant storage in 2 different locations.
  • Powerful full-content search with immediate results
  • Message export and import
  • Unlimited storage capacity included
  • Retention of email for 30-days to 10-years.

Data Transmission Security & Encryption

In addition to enforced use of SSL and TLS for all connections to our servers, all users automatically send and receive email securely using our SecureLine end-to-end encryption service. All outbound messages sent via SMTP, WebMail, or Premium Mobile Sync will be automatically encrypted. Additionally, SecureLine allows your users to send secured messages to anyone with any valid email address, even if they do not have TLS or S/MIME or PGP support. Those recipients can easily reply back securely or use our SecureSend portal to register for free and initiate secure messages to your SecureLine users.

To provide a user-friendly environment, certain work-arounds are possible, such as the use of TLS transmission for certain recipients instead of end-to-end encryption. See Restrictions to HIPAA Accounts at LuxSci.

Message Integrity Controls

LuxSci's SecureLine and enforced connection encryption (SSL & TLS) ensures that the messages cannot be modified while in transit. Message integrity is assured. Additionally, LuxSci's SecureLine permits the addition of digital signatures to encrypted messages to further ensure the message integrity and prove the identity of the sender.

Unique User Identification & Authentication

LuxSci requires that user names and passwords be entered for access to any of its services. The system recognizes users based on their login information, and controls access based on their identity. HIPAA-compliant accounts are required to utilize a high level of password complexity: 8 characters consisting of letters and numbers or symbols. The password must have "high entropy" and not be easily guessable. Automatic auditing of password changes and password resets is required and performed for HIPAA accounts.

Emergency Access to Email

LuxSci provides a facility for securely archiving copies of all inbound and/or outbound messages for backup and auditing purposes. Administrators thus have secure access to copies of all message content for emergency or other reasons. LuxSci also provides other optional features such as Message Continuity that is used to ensure access to email messages in the event of LuxSci server or data center failure.

Automatic System Logoff

HIPAA compliant accounts have a 20 minute default idle period to web-based interfaces (WebMail). The system will automatically log users off after 20 minutes of inactivity; this can be increased to 3 hours by account administrators. Other services such as POP, IMAP, SMTP, Mobile Sync, and Secure FTP also have automatic idle timeouts.

Access Audit Controls

LuxSci provides comprehensive security auditing for all accounts. Included in the security audits are password changes, resets, and lookups by LuxSci staff; user access to services such as WebMail, Email Sending (SMTP), POP, IMAP, Mobile Sync, and more; changes to any of the specific "Maximal Security" settings, as well as changes to the "Maximal Security" lock down status. These reports enable verification of user, administrator, and LuxSci Support staff activity on access and security specific changes to the account.

Data Backups & Data Disposal

LuxSci automatically makes backup copies of all data on our servers, including all customer ePHI. Daily backup copies are kept on-site for 2 days and Weekly backup copies are kept off-site for 4 weeks. All data is transmitted securely to the backup servers and stored there in a HIPAA-compliant way. After 4 weeks, all backup copies are destroyed. Accounts can ask for data to be restored from backup for free once/month. LuxSci's Email Archival provides permanent, immutable email storage on servers in multiple geographic locations, updated in real-time, with weekly backups made to optical media. See our complete backup and restore statement for additional information.

Maximal Security Enforcement

The LuxSci "Maximal Security" setting provides individual accounts with the highest level of email security. Security includes implementing the 20 minute WebMail timeout maximum, forcing appropriate outbound encryption, setting password strength requirements, and forcing secure logins. LuxSci support manually reviews any account needing to be HIPAA compliant and ensures that the Maximal Security setting is locked down so these security settings cannot be altered.

Optional Encryption Opt Out on a Per-Message Basis

Though disabled by default, administrators can choose to allow users the option to opt out of SecureLine encryption for a particular message. However, the user must explicitly agree that the message they are sending does not contain any ePHI. All messages sent without SecureLine encryption are logged for auditing purposes, and copies of them can be sent to an auditor email address for review.

Opt Out is available both in WebMail and for messages sent via email programs using our SecureLine Outlook Plugin or via adding opt out content to the email subject line.

Optional VPN Access for Enhanced Security

LuxSci can provide a Virtual Private Network (VPN) connection to further secure access to our email, web, and database servers.

Starting at $12/mo
Sign Up
Special Offer
Free HIPAA Setup Fee with 10+ email licenses

"As a dentist, I'm glad I found LuxSci to walk me through the process of becoming HIPAA-compliant! Once I signed up, Connie and Peter both helped me setup get situated with my secure email service. Getting my Business Associate Agreement also a snap. Thank you LuxSci. Now I can concentrate on treating patients!"

—Allen Job, All Smiles Pediatric Destistry

TRUSTe Privacy Certification Refund Policy Thawte Extended Validation SSL Certificate
McAfee Secure TRUSTe Privacy Certification Thawte Extended Validation SSL Certificate Refund Policy
• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries