Case Study: Securely Send Medical Laboratory Results to Patients
We count medical laboratories among our many customers. They process tests requested by doctors and send the results to the patients via email.
Medical laboratories, while not HIPAA covered entities themselves, are business associates with Hospitals and Doctors who are required to abide by HIPAA. By the “transitive” nature of the HIPAA privacy laws, such business associates must also take pains to abide by HIPAA security and privacy standards, to protect patient data and ensure confidentiality.
In order to send patients their results via email, these labs must use a HIPAA-complaint system that can send email to anyone with an email address. Enter LuxSci and its HIPAA-compliant SecureLine service.
HIPAA-compliant bulk mailing of lab results
These medical laboratories generally:
- Analyze the tests during the day and generate the results
- Send all of the results in a large mailing at the end of the day
This is a legitimate bulk mailing that:
- Includes individual messages to 1000s of different recipients
- Must include end-to-end HIPAA-compliant encryption for each email message
- Includes tracking so the laboratory can tell if a user has opened his/her results
The laboratory uses email software (such as Outlook, Thunderbird, or a custom program) to:
- Generate each message with the the lab results
- Connect to LuxSci’s outbound email server over SSL or TLS
- Send the message
- Repeat for each recipient’s results message
LuxSci receives these messages and:
- Encrypts them
- Stores them in a secured database using SecureLine Escrow
- Sends a simple notification message to each recipient informing them of the waiting lab results
- Get the notification email message
- Clicks on a link in it
- Registers for free (quick and simple to verify the recipient’s identity) or enters a password
- Securely views the results
The laboratory results company can:
- See who has opened what messages and when
- Retract messages
- Set messages to expire from the recipients view after a pre-determined time period (e.g. 1 day to 10 years)
- Send messages with attachments up to 50MB in size
What kind of LuxSci account does this require?
In order to send occasional HIPAA-compliant secure email messages to patients (e.g. on the order of tens or a couple hundred per day), you could use a regular LuxSci business email account with HIPAA compliance.
To send to large numbers of recipients, you need a Premium High Volume mailing account with HIPAA compliance.
Many of these customers also use LuxSci Spotlight mailer to handle email marketing for these customer email lists as well.