" compliance Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘compliance’

HIPAA-compliance Seals Build Trust

Thursday, November 9th, 2017

Read the rest of this post »

SSL versus TLS – What’s the difference?

Wednesday, September 20th, 2017

SSL versus TLS

TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data encryption and authentication between applications and servers in scenarios where that data is being sent across an insecure network, such as checking your email (How does the Secure Socket Layer work?). The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1. With this said though, is there actually a practical difference between the two?

SSL versus TLS: What is the differenc?

See also our Infographic which summarizes these differences.

 

Read the rest of this post »

HIPAA Law and HITECH/Omnibus Conformance – Small Medical Practice

Monday, August 14th, 2017

As the owner of a small to medium-sized medical business (a 1-19 physician practice, say, with 5-50 employees) you have many concerns – how to hire and retain competent staff, how to deal with your vendors such as office payroll, billing and collection services, and, above all, how to serve your patients’ needs in the most economical and expeditious way.  I.e., by speeding up scheduling, quickly accessing medical records, coordinating treatment with other doctors, etc. Time spent managing your information and communications infrastructure for HIPAA or HITECH compliance may not seem to be the most critical aspect of your work.

HIPAA / HITECH

However, the use of ICT – information and communications technologies –  in the healthcare industry has become increasingly pervasive and has special relevance for every medical practitioner, given the provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, which adds more substance to the original Health Insurance Portability and Accountability Act (HIPAA)  privacy and security rules.  HITECH also incentivizes medical practitioners to step up their use of electronic health records (EHR) to “exchange electronic health information with, and integrate such information from, other sources.”

Read the rest of this post »

Why Should You Bother with Information Security? Isn’t Everything Hackable Anyway?

Thursday, June 1st, 2017

With the ever-increasing flow of large-scale hacks, many seem resigned to the fact that its only a matter of time before they get hit too. Security and its challenges have fully penetrated mainstream thought. Everyone knows that the CIA, the FBI, Russia, and even the hacker next door can break into your computer or phone, hijack your router, intercept your traffic, and take over your life.

In response, there has been a huge cry for better training, more secure software, secure email and secure texting. Basically, security everywhere. But if the hackers and agencies are really this powerful, why should you bother?

Cynbersecurity

Are security services and products worth anything these days? Do they actually provide any protection? Or are they the emperor’s new bullet-proof-vest? It is surprising how many people have come to accept a complete lack of security. Some seem to use this as an excuse to avoid technologies that could benefit both their personal and business lives.

A great example comes from a dentist who was interested in sending notices to his patients via text, but resigned himself to “not bothering” as there is “no way to secure these things, anyway.” While that may be true in an absolute sense, it is not true practically.

In this article we will examine the reasons why we should bother with security and how it can help us in our personal and business lives.

Read the rest of this post »

17 Questions To Ask Yourself Before You Send A HIPAA-Compliant Marketing Email

Friday, March 10th, 2017

You’ve just been told that you need to rethink your entire email marketing system. Your attorney and compliance specialist are both telling that you need implement HIPAA-compliant email marketing.

Your starting point is to break down that goal into two components: business goals and HIPAA compliance. Your email marketing has to achieve your business goals like providing fast customer service and generating more appointments. Next, you need to put HIPAA compliant systems and processes in place.

Use these 17 questions to review your email marketing aligns with your business goals and HIPPA.

HIPAA-compliant email marketing

Image by Nick Youngson

Read the rest of this post »

Are you Minimizing your Risk by using the Next Generation of Opt In Email Encryption?

Friday, September 11th, 2015

We have long held that leaving it to each sender/employee to properly enable encryption for each sensitive message (a.k.a “Opt In Encryption”) is too risky.  Why? Any mistake or oversight immediately equals a breach and liability.

Instead, LuxSci has always promoted use of “Opt Out Encryption,” in which the account default is to encrypt everything unless the sender specifically indicates that the message is not sensitive.  The risk with Opt Out Encryption is very much smaller than with Opt In.  (See Opt-In Email Encryption is too Risky for HIPAA Compliance).

The problem is: many companies use Opt In Encryption because it is convenient when sending messages without sensitive information — you just send these messages “as usual,”  without forethought.  These companies are trading large risks in return for conveniences.

LuxSci has solved the “Opt In vs. Opt Out” conundrum with its SecureLine Email Encryption Service.  You could say that SecureLine enables the “Next Generation” of Opt In Email Encryption — combining both usability and security.

Read the rest of this post »

Toggling Between TLS-Only and More Secure Encryption Methods

Thursday, September 10th, 2015

There are many ways to send an email securely.  These range from the super-easy-to-use but less secure “TLS” method (see About SMTP TLS) to the universal “pick it up on a secure portal method” (that we call Escrow), to the very secure but harder to deal with PGP and S/MIME methods.

Many people like to use just TLS for email transmission security whenever possible, simply because it is so easy for everyone to use — you can encrypt everything, using TLS when possible and Escrow when TLS is not supported by your recipients.

However, if you have compliance needs or deal with sensitive information, there are many situations where you may like to “jack up” the level of encryption from just enforced TLS to TLS if possible plus one of the other methods … one that is more secure and which provides for encryption at rest.  (See: Is Email Encryption via Just TLS Good Enough for Compliance with Government Regulations?)

Disabling “Just TLS” on a per-message basis is quite easy with LuxSci.

Read the rest of this post »

5 Things Everyone with HIPAA Email Should be Doing

Monday, August 25th, 2014

Ok — So you have “HIPAA Compliant Email” because you just signed up with a company that says they handle that.  One thing checked off of your “to do” list and on to the next.

Well, not so fast.

HIPAA is a complex beast, as you are probably already aware.  Just signing up for a service that claims to be HIPAA compliant does not mean that you are done.  You may need to:

  1. Learn nuances of what you can and can’t do in order to remain compliant
  2. Train yourself and your staff on these nuances
  3. Make sure that you have purchased all of the things needed by your organization for your particular compliance goals
  4. Ensure that you have set things up properly with your systems and at your new vendor

Here are some of the top things that everyone who has HIPAA-compliant email really should be doing:

Read the rest of this post »

HIPAA Compliant Emails Sent From your Web Site: Best Practices

Tuesday, January 7th, 2014

You buy a HIPAA compliant web hosting infrastructure.  You configure your web site to send out email messages in the simplest way, e.g. through PHP mail, or some other generic and standard mechanism.  You think you are all set — but you are not.

HIPAA compliant web hosting services provide a server infrastructure that allows you to be compliant; however, it doesn’t make you compliant.  Your web designers must make choices and program your site so that it properly respects ePHI.  If they do not do all the appropriate things, you will be out of compliance.  E.g. see: 7 steps to make your web site HIPAA-secure.

In particular, email messages sent in the “normal way” from a web site will go out insecurely in a way that will violate the HIPAA Security Rule if they contain ePHI of any kind.  E.g. they will not be encrypted and will not be archived.

Read the rest of this post »

Do Law Firms have Data Security Liability?

Friday, July 19th, 2013

As of 2010, 91% of all law firms have 10 or fewer employees; 99.6% have less than 100 employees[1].  The smaller the firm, the less likely they are to have a strong IT department and are much more likely to be focused on case load rather than on current changes in the compliance landscape that are now impacting them.  Indeed, one of the largest segments of new law firms are small practices run by folks that have left larger firms … and such folks arguably have less time to spend on such considerations with the amount of legal work per lawyer in the United States becoming increasingly less.

Email and messaging — more and more information is sent digitally.  For the legal profession, this is also increasingly true due to the time saving nature of such communications, the high time cost associated with legal work, and the ever-present push to get things done faster.

Read the rest of this post »