" New Feature Announcements Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more
LUXSCI

Archive for the ‘New Feature Announcements’ Category

Global Address Books of your Account Users

Saturday, January 4th, 2020

LuxSci has updated its Address Books with a new feature enabling administrators to create address books that are automatically populated with, and synchronized with, the contact information of all the users in the account or of all the users in selected domains.   If your organization has many people in it, this feature, combined with the ability to share these address books with everyone, makes it simple to have a global, shared, always updated address book for your entire organization.

This shared address book can then be accessed over ActiveSync, CardDAV, and used in WebMail for email composition.

Here is how it works.

Read the rest of this post »

HaveIBeenPwned? Selecting passwords that are not known to Hackers

Friday, September 6th, 2019

Users tend to reuse passwords to make their life simple.  This includes reusing the same passwords across multiple sites and using the same passwords for years and years.

This is bad of course.  We see it in the news so frequently that no one is surprised that millions of accounts are compromised at companies every week.  What happens to this compromised data?  Very often it is dumped online where anyone can see it.  In fact, a vast collection of compromised information from usernames and passwords to addresses to employment histories and more is or has been available online related to all of these compromised web accounts.

haveibeenpwned

Read the rest of this post »

Custom Email Header Tracking and Reporting

Thursday, August 15th, 2019

Does your outbound email sending system incorporate custom email headers in each message … headers that track potentially important per-message information such as:

  • Email Campaign ID
  • Customer Segment ID
  • Unique message ID
  • Auto-responder code
  • etc.?

Many systems include such information; however, the email headers that these and other types of tracking information are recorded in are named different things by different programs and even by different users of the same program.

Custom Email Header Tracking

Read the rest of this post »

How to Evaluate any New Software or Service for HIPAA Compliance

Friday, August 9th, 2019

If your organization operates in the health sector or processes data for clients that are, then it will need to deal with all ePHI in a HIPAA-compliant manner. This means that HIPAA-compliant software and services are required whenever and wherever protected health information is dealt with.

HIPAA regulations limit the range of services that a company can use. Due to the complexity of the laws, it’s important to evaluate any potential service in a thorough manner to ensure that it is in fact HIPAA compliant. To make the process a little less daunting, we’ve collected a list of steps that make it easier to discern whether a provider can protect your organization’s data appropriately:

Does the Provider Say That the Service Is HIPAA Compliant?

This is the easiest and perhaps most obvious step. Organizations that provide HIPAA-compliant services generally advertise it quite prominently. If they are putting in the extra work to keep their clients secure and within the regulations, then the odds are that they are going to tell potential customers about it.

If you visit the company’s website (or talk to a sales rep) and don’t come across any information about HIPAA compliance, then it’s pretty safe to assume that the software or service is not HIPAA Compliant. If you want to make sure that you didn’t overlook anything, you can do a site search of the company’s website, looking for “HIPAA Compliant” and related keywords.

If you don’t find any results, it’s probably best to move on to other providers. If a company was actually HIPAA Compliant but didn’t make the information clear, it raises some serious questions about the company’s practices and strategies. Given the importance of HIPAA Compliance, it’s probably best to move on to another provider.

Let’s not get ahead of ourselves and assume that we can trust a company just because it says it’s HIPAA Compliant. This is simply the first step of the evaluation process and it helps to rule out a large number of providers. Once your organization has narrowed down the list, it still needs to analyze other aspects of the service and the company behind it.

Is the Service Provider Willing to Sign a Business Associate Agreement?

The next step is to determine whether the provider is willing to sign a business associate agreement (BAA) with your organization. If the service provider will be processing your company’s ePHI, but won’t sign a BAA with it, then any data sharing will not be HIPAA Compliant.

According to HIPAA, a BAA is required for any third party that may process your organization’s ePHI. This agreement stipulates how the data will be protected and processed, as well as where the responsibilities are delineated.

Let’s say a hypothetical organization did actually secure the data in a HIPAA-compliant manner without having signed the agreement – this would still violate the regulations, because there is no written agreement that ensures the protection of the patient data.

Look at the Company’s Reputation and Reviews

Trust is critical when it comes to HIPAA compliance. While you can’t look into the future and see how your organization’s experience with a service will play out, you can get a rough idea by looking at the company’s reputation, as well as any public reviews that may have been posted.

If a service provider has been in the industry for a long time, it’s generally a good sign. But be wary if the organization is branching out into a new service. A company could be industry-renowned for its HIPAA-compliant email, but if it have just launched a new chat service, it may not necessarily be up to the same standards. While new services aren’t necessarily bad by default, it’s probably best to do additional research before signing up to be a guinea pig.

Another key indicator is the service provider’s reviews. Do you know anyone personally or that you trust who has used the service? What did they say? Did their experience show that the company was committed to security and HIPAA compliance?

You can also look to online reviews and industry forums to find more information and stories from service providers. It’s important to not throw all of your trust into what someone says on the internet, but if you come across negative experience after negative experience, it may be a decent warning sign to steer clear. Watch out for digital marketing though – some companies are especially cunning and post ads that look like honest forum posts or reviews.

Investigate the Details

The steps listed above are a good way to narrow things down, but they are no substitute for a thorough evaluation. It’s your organization’s responsibility to make sure that a potential service has every technical, administrative, and operational measure that it needs to stay within the lines of HIPAA.

While a service provider will be responsible for compliance in a number of areas (if a BAA is in place), your organization is not at all free of obligations. It needs to make sure that it is encrypting data where necessary, that it implements effective access control, and has a host of other measures in place. It also needs an overarching policy that brings all of the elements together in a comprehensive plan.

Any HIPAA-compliant provider should be more than happy to share the technical, privacy, and legal details with a potential client. If not, your organization should be extremely suspicious of its services. If your organization lacks the expertise to thoroughly evaluate a provider, then it may be best to engage an outside consultant who can handle it for you.

HIPAA compliance is serious and complex. It’s important to get it right from the start, through careful examination and planning. If your organization doesn’t tread carefully from the beginning, it could very well find itself on the wrong side of the regulations, facing significant legal penalties.

API Updates: Retrieve Dedicated Server Status on Demand

Monday, July 29th, 2019

LuxSci’s secure REST API enables LuxSci’s customers to automate account management activities, send secure email messages and secure texts, download custom reports, integrate their web sites with LuxSci WebMail using single sign on, and more.

As frequently happens, at LuxSci, we have added some more features to our API at the request of current customers.  These are two new API calls related to dedicated servers.  With these calls, you can take inventory of all of the dedicated servers that you gave with LuxSci (be that one or 20 or more) and then request the current status of each one.  Additionally, we have updated our API documentation guides.

API Updates

New Functions

The API has two new functions for accessing information about dedicated servers. In order to use these functions, you will need to ensure that the configuration that you are using has the “Dedicated Servers – Servers Report” access control permission enabled.   LuxSci’s API is designed with security in mind – existing configurations do not have permission to use significantly new/different features that are added over time until you explicitly grant such access.

Reports:  All Servers

The first new command returns a current list of add dedicated servers assigned to your account.  For each server this includes information such as the server name, unique Id, amount of RAM, number of CPU cores, etc.  This is all static information; information not directly related to the current health and uptime of your server.

Report: Server Status

For any particular server in your account, you can request the server status.  In addition to the static information about your server that you get from the all servers report, the server status report also includes the current values of:

  • If the server is up and responding.
  • How long since the server was last rebooted.
  • The 1-minute, 5-minute, and 15-minute server load averages (divided by the number of CPU cores the server has).
  • How much RAM and SWAP space is available and used.
  • How much network bandwidth has been used in the last 15 minutes, inbound and outbound.
  • Information about all mounted disks: How much space they have, how much is free, and what the current percentage I/O load is.
  • How many email messages are in your outbound email queues.

Accessing the Application Programming Interface

To start using the API, customers should first review the API documentation.  Then, proceed to the API section of your LuxSci account administration pages and create a configuration and assign what types of functions your API configuration should be permitted to perform.

If you have questions, please contact LuxSci support.

LUXSCI