be Smart.
be Secure.
Phone: 800-441-6612

Case Study: Securely Email Medical Laboratory Results to Patients

We count medical laboratories among our many customers.  They process lab tests for doctors and send the results to the patients via email.

Medical laboratories, while sometimes not HIPAA covered entities themselves, are Business Associates with Hospitals and doctors who are required to abide by HIPAA.  By the “transitive” nature of the HIPAA privacy laws, such Business Associates must take pains to abide by HIPAA security and privacy standards, protecting patient data, and ensuring confidentiality.

In order to send patients their results via email, these labs must use a HIPAA-complaint system that can send email to anyone with an email address.

This post describes how one large medical lab uses LuxSci’s SecureLine to safely deliver lab results to 1000s people every day.

HIPAA-compliant bulk emailing of lab results

The lab’s process:

  1. Analyzes the tests during the day and generates the results
  2. Sends all of the results in a large mailing at the end of the day

This is a legitimate mass transactional emailing that:

  1. Includes individual messages to 1000s of different recipients
  2. Must utilize end-to-end HIPAA-compliant encryption for each email message
  3. Must Include tracking so the laboratory can tell if a user has opened his/her lab results

The laboratory uses email software to:

  • Generate each individualized lab result email
  • Connect and authenticate to LuxSci’s outbound email server securely over TLS
  • Transmit the message to Luxsci for encryption and delivery
  • Repeat

LuxSci receives these messages securely and:

  1. Encrypts them and digitally signs them
  2. Stores them in a secured database using SecureLine Escrow
  3. Sends a simple notification email to each recipient informing them of the waiting lab results
    1. This message has been completely customized by the lab.

The recipient:

  1. Receives the notice in his/her regular email
  2. Clicks on a link in it and is taken to a secure page (at LuxSci) whose look and feel has been customized by the lab.
  3. Verifies him/herself, by either:
    1. Registering for free (quick and simple to verify the recipient’s identity), or
    2. Enters the answer to a custom question provided by the lab (e.g. what is your lab “id number”?)
  4. Securely views the lab results

The laboratory can:

  • See who has opened which messages and when
  • Retract messages
  • Set messages to expire from the recipients view after a pre-determined time period (e.g. 1 day to 10 years)
  • Send messages with attachments up to 70MB in size

What kind of LuxSci account does this require?

In order to send occasional HIPAA-compliant secure email messages to patients (e.g. on the order of tens or a couple hundred per day), you could use a regular LuxSci business email account with HIPAA compliance.

To send to large numbers of recipients, you need a Premium High Volume mailing account with HIPAA compliance.

Many of these customers also use LuxSci Spotlight mailer to handle email marketing for these customer email lists as well.

Managing Recipients & Encryption

There are two ways to have your recipients verify their identities when picking up their secure messages:

  1. You can have them register with you the first time, verifying access to their email, and use that password going forward, or
  2. You can have them answer a question you provide in order to gain access

The latter method is more secure if you provide a good question which is unique to each recipient.  Indeed, this is the method used by your lab results company.  However, when you have 10s of thousands of recipients, how do you manage this database of recipients, questions, and answers?

The answer is quite simple.  When you send secure email though LuxSci, we use your LuxSci address book(s) to see if you have entries for these recipients and, if so, if you have questions and answers (or other encryption data like PGP or S/MIMe keys) for them.  Keeping your address book current is not a problem, you can either:

  1. Upload a CSV of data about your recipients to your address book on demand, though our web interface, or
  2. Use our RESTful API to add/remove/update address book entries automatically from your system

Try LuxSci and see how this all works.

Leave a Comment

You must be logged in to post a comment.

• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries