" breach Archives - Page 2 of 2 - LuxSci

Posts Tagged ‘breach’

Are you Minimizing your Risk by using the Next Generation of Opt In Email Encryption?

Friday, September 11th, 2015

We have long held that leaving it to each sender/employee to properly enable encryption for each sensitive message (a.k.a “Opt In Encryption”) is too risky.  Why? Any mistake or oversight immediately equals a breach and liability.

Instead, LuxSci has always promoted use of “Opt Out Encryption,” in which the account default is to encrypt everything unless the sender specifically indicates that the message is not sensitive.  The risk with Opt Out Encryption is very much smaller than with Opt In.  (See Opt-In Email Encryption is too Risky for HIPAA Compliance).

The problem is: many companies use Opt In Encryption because it is convenient when sending messages without sensitive information — you just send these messages “as usual,”  without forethought.  These companies are trading large risks in return for conveniences.

LuxSci has solved the “Opt In vs. Opt Out” conundrum with its SecureLine Email Encryption Service.  You could say that SecureLine enables the “Next Generation” of Opt In Email Encryption — combining both usability and security.

Read the rest of this post »

Tags: breach, compliance, email encryption, glba, hipaa, opt in, opt out, pgp, s/mime, secureline, tls, TLS-Only
Posted in LuxSci Library: HIPAA, LuxSci Library: Security and Privacy
No comments »

WordPress for HIPAA and ePHI? Is that a good idea?

Tuesday, February 12th, 2013
For a deep dive, see our white paper: Securing WordPress

WordPress is an extremely popular content management system for both blogging and creating web sites.  It’s popular because it is quick to set up, easy to administer, has a very large supported base of add-ons, and looks good.  As a result, many LuxSci customers use WordPress in one fashion or another for their web sites hosted at LuxSci.

As we cater to a large segment of customers who have specific compliance needs, e.g. HIPAA compliance, we frequently are asked about using WordPress with ePHI … e.g. using WordPress to provide access to protected health information for members of the WordPress site.

Can this be compliant?  Is it a good idea?

Read the rest of this post »

Tags: breach, dedicated, ePHI, hipaa, php, security, web hosting, wordpress
Posted in LuxSci Library: HIPAA
No comments »

Jump/Thumb Drives and PHI Don’t Mix

Friday, July 20th, 2012

It is very common for the staff of small and medium sized healthcare organizations to store patient data on USB Flash Drives (a.k.a. Jump Drives or Thumb Drives).  This is universally a bad idea and guarantees non-compliance with HIPAA.  Below, I will discuss why and suggest some alternatives to accomplish the same ends.

While this article discusses USB Flash drives in particular, the same arguments hold for all portable media — full sized USB hard drives, writable CDs and DVDs, laptops, etc.

Read the rest of this post »

Tags: breach, dropbox, emr, emr/pm, ePHI, file storage, flash drive, google docs, hipaa, hipaa compliance, hipaa security rule, phi, usb drive
Posted in Business Solutions, LuxSci Library: HIPAA
No comments »

Newer Entries »