" New Feature Announcements Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more
LUXSCI

Archive for the ‘New Feature Announcements’ Category

What is a HIPAA Compliant Server?

Tuesday, July 24th, 2018

You cannot achieve overall HIPAA compliance if you don’t use a server that ensures the confidentiality, integrity and availability of your organization’s protected health information (PHI). You have the option to use a cloud server, and given the buzz around the affordability and convenience of cloud computing solutions, you may want to take a closer look at this option.

 

What is a cloud server?

Cloud computing involves maintaining information on a remote server (in “the cloud”), and accessing the information over the internet rather than storing it on a local hard drive. What, then, is a “cloud server”?  A cloud server is a “server on the internet somewhere.”  Often instead of using an entire physical machine, it is more cost effective to install special software on the physical machine that allows it to run one or more separate and independent “virtual servers.”  E.g., a virtual server is like an apartment and the physical machine is akin to the apartment building.  If you own the physical server and all the virtual ones, then you have a “Private Cloud” … where you are in control of everything.  If you only own a virtual server and someone else (like Amazon) is in charge of the physical server and allows other people to rent virtual servers on the same machine, then you are in the “Public Cloud” (i.e., you are just a tenant and not a landlord!)

Read the rest of this post »

HIPAA Business Associate Agreement: Do I Need One?

Thursday, July 12th, 2018

A business associate (BA) is an individual or an entity who could come in contact with protected health information (PHI) by providing services to or performing activities on behalf of covered entities. Your employee is not a business associate, but your web host, email encryption service, billing company and lawyers could be, and these are just four examples. BAs of BAs (BA’s contracting with your vendors) further extend the chain.

Not all entities that access PHI must be business associates. For instance, the cleaning company that disposes trash from your office does not qualify as a business associate even though there is a possibility of the cleaning crew coming in contact with identifying patient information in dustbins or laying on FAX machines or desks (though if they do, then your employees did not manage the PHI properly). However, it is important to have a clear reporting mechanism in place where cleaning company workers can alert a point person in your office when they come across PHI.

Business associate agreement do I need one?

The Omnibus Rule provides multiple categories of business associates, including health information organizations (HIOs), anyone offering personal health records to individuals on behalf of covered entities, and covers a variety of service categories such as data aggregation, accreditation, actuarial and administrative services dispensed to a covered entity provided such services involve the disclosure of patient health information. Use this link for more information on business associates.

Read the rest of this post »

GDPR: LuxSci Privacy Policy and Terms and Conditions Changes

Wednesday, May 23rd, 2018

On the 25th of May 2018 a new data protection law, the General Data Protection Regulation (GDPR), will take effect in the European Union. The GDPR aims to strengthen the data protection and privacy for all individuals within the EU and brings with it the most significant changes to data protection law in two decades. Based on privacy-by-design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.

The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardize data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.

Gdpr Protection Business Regulation General

To ensure that LuxSci is ready for the GDPR, we have updated our Privacy Policy and Master Services Agreement (MSA) to comply.  There is now a “GDPR Data Privacy Addendum” to our MSA that is automatically included in all contracts with existing and future customers and which, together with LuxSci’s participation in and certified compliance with the EU-US Privacy Shield,  provides the required contractual framework for ensuring that our customers are GDPR compliant when using LuxSci as a data processor.   The changes to LuxSci’s privacy policy and MSA are effective as of May 23rd, 2018.

Read the rest of this post »

TLS Exclusive: HIPAA-compliant email marketing just got a whole lot better

Thursday, May 10th, 2018

If you are a healthcare organization and have to abide by HIPAA regulations, you may be struggling with HIPAA-compliant email marketing.  Besides getting patient consent, there is the whole concern that the marketing email messages need to be secured, as in many cases the marketing messages plus the addresses or list being used imply something about the recipients … something ePHI-related.

SMTP TLS Exclusive

It is a best practice to use a HIPAA-compliant email marketing service to send healthcare-related email marketing messages, newsletters, appointment reminder emails, etc.  Such a service signs the required HIPAA Business Associate Agreement with you, takes care of your data, and ensures that your email messages go securely to your recipients.

Read the rest of this post »

SecureForm Updates: New Look and New Integrations

Saturday, January 20th, 2018

In December, 2017, LuxSci released SecureForm FormBuilder 2.0 —  significant update that included user interface improvements together with new features like drag-and-drop, enhanced responsive form support, and more support for standard third-party JavaScript libraries.  Since then, we have been busily working on a number of significant improvements to SecureForm itself.  These are now available to all customers and include:

  1. Improved and simplified SecureForm user interface
  2. All of the places that you can send or save your form data have been recoded into “Integrations”
  3. We have added two new Integrations: Webhook and Slack
  4. It is now easy for LuxSci to extend SecureForm with new third-party integrations

Read the rest of this post »

LUXSCI