Manage HIPAA-Compliant and non-Compliant Domains with One Account!
LuxSci has introduced a number of per-domain security features that allow us to offer accounts that contain both HIPAA-complaint domains and non-compliant domains.
Previously, customers could order such a combination of domains, but they were segregated into completely separate accounts. These new security features benefit our customers because:
- The overall cost is reduced
- Administration and payment are simplified
- Sharing of email folders, workspaces, contacts, calendars, tasks and other objects from non-compliant users to HIPAA-compliant users is permissible and easy.
Tell me more!
“Per-domain” HIPAA accounts have some domains designated as “HIPAA complaint” and others “not”.
Users in HIPAA-complaint domains are required to send ALL outbound email securely using SecureLine outbound email encryption — no exceptions. Users in non-compliant domains (who will not be using or interacting with ePHI at all) are not required to send encrypted email.
All users, compliant and non-compliant, must:
- Have strong passwords
- Use SSL/TLS for connecting securely to LuxSci for all services
- Have a short (20 minute) WebMail session timeout
- Use other standard “good security” settings.
How to Get Started?
New customers can choose between the old style of “account-wide” HIPAA (where all users and all domains are locked down and compliant) and the new “per-domain” HIPAA when ordering.
Existing customers can convert existing “account-wide” HIPAA accounts to “per-domain” accounts by signing a new HIPAA agreement. There is a small fee for migrating domains and users from an existing account to another.