You just sent an important business communication via email and assume all is well … but what if that email was not received?

How do you know?  There could be significant delays or consequences if the message was not delivered.  What can you do to put your mind at ease?

Many organizations use Google G Suite or Microsoft Office 365 for their email services.  A large number of these have issues with outbound email deliverability or need outbound email encryption to achieve HIPAA compliance.    LuxSci has a very simple and cost-effective solution via its email smart hosting service.

Neither Google nor Microsoft offer email encryption as part of their already expensive standard business service offerings, even if you have a HIPAA business associate agreement with them.  As a result, many folks rely on third parties, such as LuxSci, that specialize in HIPAA-compliant email to fill the gap and enable the sending of secure email messages (and secure text messages) to anyone.  For more information on each of these services, see:

• Making Google Apps / G Suite HIPAA Compliant
• Microsoft Office 365 HIPAA-Compliant Encryption

Our latest “Ask Erik” question involves TLS delivery of email over SMTP.

Hello! I read the “How Can You Tell if an Email Was Transmitted Using TLS Encryption?” article, and found it very helpful and informative! I am currently looking into Mail Chimp’s encryption practices. On their website they advertise “SSL Encryption”. I’m not sure whether this actually means TLS yet, but I’m wondering: (1) is it possible to see if an email is SSL-encrypted (actually SSL, not TLS) other than by looking at the email headers? (2) if an email header does not contain “TLS” or “SSL”, like Hotmail’s “received” header from the article, does this necessarily mean it was sent unencrypted? Or is it possible (or likely) that hotmail would not record its encryption use?

A majority of companies and hospitals that offer email encryption for HIPAA compliance allow senders to “opt in” to encryption on a message-by-message basis.  E.g., if the sender “does nothing special” then the email will be sent in the normal/insecure manner of email in general.  If the sender explicitly checks a box or adds some special content to the body or subject of the message, then it will be encrypted and HIPAA compliant.

Opt-in encryption is desirable because it is “easy” … end users don’t want any extra work and don’t want encryption requirements to bog them down, especially if many of their messages do not contain PHI.  It is “good for usability” and thus easy to sell.

However, opt-in encryption is a very bad idea with the inception of the HIPAA Omnibus rule.  Opt-in encryption imposes a large amount of risk on an organization, which grows exponentially with the size of the organization.  Organizations are responsible for the mistakes and lapses of their employees; providing an encryption system where inattention can lead to a breach is something to be very wary of.

In the last ten or so years, apps have swept through the world alongside the smartphone boom. Smartphones enabled us to carry miniature computers everywhere we went, so we quickly began to integrate them into our everyday lives.

We stopped asking for directions and used the GPS app instead, we checked out the Yelp app when we wanted to find somewhere good to eat, and we kept track of our friends on Facebook from our mobiles.

People have become accustomed to using apps these days, which has put pressure on many organizations to conduct their services through them. If they don’t offer an app, they may lose customers to their more tech-savvy competitors. The health industry is no different, so apps have become an essential offering for many organizations.

In some industries, developing apps may be relatively straightforward, but those that deal with PHI need to make sure that their app is HIPAA compliant. If your company’s app isn’t HIPAA compliant, it could result in heavy fines or a breach of patient data, which could seriously harm your business’s finances and its reputation.

To make a HIPAA-compliant app, privacy and security need to be consider at each step of development.

Technology sure has come a long way. The rise of computers and the internet has meant that we can conduct so much of our lives online. With Wi-Fi or mobile data, you can work on your laptop by the beach, do the weekly shopping on your phone and even find the life partner of your dreams through an app. One task that is notably absent is voting.

It seems like online voting would be a great idea. You could participate in democracy from the comfort of your couch, rather than having to march all the way down to the polling booth. Many believe that it would increase voter turnout as well, resulting in a more engaged democracy.

Some countries have dipped their toes in the waters of online voting and Estonia has cannonballed  in, but why don’t we do it in the US? While it may seem like a relatively straightforward process, online voting presents a range of technological and security challenges that the US isn’t quite ready to deal with.

When you consider how important elections are, as well as how willing other nations are to influence elections, it is best to tread cautiously with online voting. After last years attacks on our election, it has become evident just how vulnerable the voting process is. While online voting may certainly be viable in the future, there are several obstacles that we need to traverse beforehand.

With all the talk of Russia influencing the election through the DNC hacks and fake news, we are finally realizing just how open the political process is to manipulation. One aspect that had taken a backseat until recently was how the votes themselves can be tampered with.

Over the last month, we have uncovered more and more information about just how severe the hacks were. At this stage, it is confirmed that 39 states had their voter registration databases accessed, although officials assume that attempts were made to break into all 50.

There was at least once incidence of voter data being altered, however it was detected and rectified without any long term damage. Almost 90,000 records were accessed and stolen from Illinois, 90% of which contained details such as drivers license numbers and the last for digits of an individuals’ Social Security number.

Officials are stating that these hacks didn’t influence the results of the election, as no databases were permanently changed. Some have suggested that the only reason the damage wasn’t worse is because US intelligence agencies caught onto the attacks and the Government issued Russia a stern warning.

Given that another country clearly had the chance to tamper with the voting process, it’s time to reevaluate our election security. How can we bolster our defenses to prevent further attacks? First, we need to understand which parts of the system are vulnerable.

Protected health information (PHI) is heavily regulated under HIPAA, but the exact details can be confusing. The regulations are designed to keep everyone’s private information safe, but they also put a significant amount of responsibility on businesses.

HIPAA regulations apply to just about every aspect of a person’s medical information, including their transit, storage and security. Because email is such an important and extensively-used form of communication, HIPAA regulations apply to it as well.

Some may think that secure and encrypted email is all you need to keep PHI safe and emails compliant. The reality is that HIPAA email regulations go above and beyond standard secure email. To protect your business, you need to make sure that your email provider is HIPAA-compliant, not just secure.

We all want to keep our data safe. Whether it’s personal or for business, we don’t want it to be stolen, altered or deleted. From the violation of individual privacy to breaches that cost companies millions to recover from, losing control of data can be damaging in numerous ways.

There are many techniques for keeping data safe and any good security policy must combine a range of them. One important piece of the data-security puzzle is full-disk encryption. This encrypts everything on the disk, apart from the master boot record.

Encryption allows you to make data unreadable unless someone has the key. With full-disk encryption, the key must be entered when you boot your device in order to access the disk or any of its files.

Someone claims to have sent you an email message.  You never got it, as far as you know.  How can you determine if the sender actually sent the message?  How to you prove or disprove the claim?

This question is submitted by a reader via “Ask Erik” — a channel by which anyone can ask LuxSci a technical question.