" encrypted Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘encrypted’

SecureLine Message Center: Free, Secure Message Access Portal

Thursday, April 23rd, 2015

LuxSci customers send encrypted email messages to anyone using the SecureLine Escrow system — recipients receive a notification of their waiting secure message and click on a link to access it after either answering a security question or logging into their free SecureSend account to verify their identities.

The SecureLine Namespace and Message Center features enable your recipients to login and see a history of all secure messages sent to them from your users and to easily open, read, reply to, and delete these historical messages any time … at least until they have expired.  The Message Center also keeps copies of sent messages — so it enables free WebMail-like behavior in the SecureSend secure messaging portal

Read the rest of this post »

Is your Accountant protecting your privacy and identity?

Wednesday, April 15th, 2015

Everyone always harps on the necessity of privacy when discussing health care, government, and banking communications.  It is surprising how little attention is paid to email security with regards to accounting and tax preparation.   There is a real danger of identity theft, unintended information disclosure, as well as invasion of privacy when using tax preparation services or organizations that do not use secure email.  Why is this?

Read the rest of this post »

7 Steps to Make your Web Site HIPAA-Secure

Friday, February 13th, 2015

Doctors and medical professionals are feeling increasing pressure to get their business online (e.g. use of electronic prescriptions, web appointments, and remote medicine are both trendy and critical for building and sustaining revenue streams in the tightening medical market).  This push includes making available protected health information to patients via a web site and collecting similar private information from patients or would-be patients.

However, where the health information of an identifiable individual is involved, the Health Insurance Portability and Accountability Act (HIPAA) is the official compliance document.  And with the Omnibus rule in place, all web sites, old and new, must be properly designed or their owners face potential financial liability into the millions of dollars.

So, what do these requirements mean and how can HIPAA be followed in the context of a website?

Read the rest of this post »

Ebola is Infecting Computers; How to Protect Yours

Monday, October 20th, 2014

Spam and Virus FilterNo, your computer can’t catch the actual Ebola virus… its not even airborn yet.  However, we are finding that criminals are taking advantage of the hype and scare and curiosity over Ebola to infect people’s computers more easily.

This is commonly being done via email.  There are four prevalent types of email going around now that are meant to infect your computer:

  1. A fake report on the Ebola virus — when you click the link to read more, your Windows machine is infected with a virus that can collect and steal your personal information.
  2. A fake email from telecommunications provider that contains an important “Ebola Presentation” for your to download and view.  If you do it, you install malware that can allow others to remotely control your computer, access your web cam, log what you type, etc.
  3. Fake emails talking about an “Ebola Cure” which contains a malware attachment and which asks you to forward the news on to your friends.  The malware records your keystrokes and downloads additional malware on to your computer
  4. Fake emails about Ebola news and lists of “precautions”.

There are many other types of attacks and attack vectors that are being and can be exploited.  We will go over many of these, below, and how to protect yourself from them.  You should be very wary of any email received about Ebola, even if it appears to be from a friend.  You should be especially wary of opening any attachments sent through email, unless you have good confidence that they are malware-free.

Read the rest of this post »

Collaborative Access to Encrypted Archived Form Data with SecureForm

Friday, February 7th, 2014

LuxSci SecureForm service uniquely enables web site and PDF forms to post their data and files to a secure URL and have that data automatically securely emailed to one or more recipients, uploaded to an S/FTP site, archived in an online collaborative WebAides file storage space, and/or saved to a MySQL database.  With a few clicks and minimal changes to existing forms, customers can have sophisticated and secure forwarding, processing, and storage of their form posts, including re-filling the posted data into template PDF, html, xml, and other files.

Collaborative Access to Encrypted Archived Form Data

When using SecureForm to store copies of uploaded form data to an online Documents WebAide, you can choose to have that data automatically encrypted so that only the “recipient” of the encryption (i.e. one of your users) can ever open it.  Not even LuxSci’s technical support staff would be able to access this data unless you specifically allowed it.  

Read the rest of this post »

HIPAA Compliant Emails Sent From your Web Site: Best Practices

Tuesday, January 7th, 2014

You buy a HIPAA compliant web hosting infrastructure.  You configure your web site to send out email messages in the simplest way, e.g. through PHP mail, or some other generic and standard mechanism.  You think you are all set — but you are not.

HIPAA compliant web hosting services provide a server infrastructure that allows you to be compliant; however, it doesn’t make you compliant.  Your web designers must make choices and program your site so that it properly respects ePHI.  If they do not do all the appropriate things, you will be out of compliance.  E.g. see: 7 steps to make your web site HIPAA-secure.

In particular, email messages sent in the “normal way” from a web site will go out insecurely in a way that will violate the HIPAA Security Rule if they contain ePHI of any kind.  E.g. they will not be encrypted and will not be archived.

Read the rest of this post »

Mobile Site Access to Encrypted Blogs and Files

Friday, April 6th, 2012

LuxSci’s Blog and File/Document WebAides have a great feature to optionally encrypt individual entries:

  • The File and Blog entry data is PGP-encrypted “at rest” (while stored on the servers).
  • Only your specified recipients (users or groups of users) can decrypt the data (even LuxSci staff cannot decrypt the data unless you give us your passwords).
  • Ideal for HIPAA or the storage of other very sensitive data.

While encrypted entries have been available for many years, access to the encrypted data via LuxSci’s Mobile Site is new.  Users can now login from their mobile device to our fast and slick mobile portal and unlock this data, view the secure content, and download decrypted files.

You no longer have to be separated from your sensitive data, just because all you have on you is your phone!

The Mobile Site will soon be expanded to enable editing and creation of new secure entries as well.

Reliable Read Receipts with SecureLine Escrow

Tuesday, April 14th, 2009

Read receipt requests are generally an extremely unreliable way to find out if your recipient has read an email messages that you have sent to him/her.

Why? Because

  • Some email programs do not support read receipts, and thus messages viewed with these would never send you a notice that the message was read.
  • Programs that do support read receipts allow the user to respond to them “always”, “never”, or “ask each time” … with “asking each time” being the default.  As a result, users often will decline your request for a receipt that you have read the message.

However, when messages are sent via LuxSci’s SecureLine Escrow encryption service, read receipts are guaranteed to work.

Read the rest of this post »

Security Simplified: The Base+Suffix Method for Memorable Strong Passwords

Thursday, February 19th, 2009

keysIt’s the classic problem of having “too many keys”.  You have accounts on many different web sites.  Some are small and relatively insignificant, from a security point of view, like blogs or shopping sites.  Some are large and sensitive, like banking and PayPal accounts.  Since unified login mechanisms like OpenID are not yet pervasive, you must remember the usernames and passwords for every single site.  This is a truly daunting task.

Ideally, you would like to use passwords that are “strong” (i.e. very good, not easily guessable) and different for every site.  However, how can you remember each secure and unique password without resorting to a “cheat sheet”?

Read the rest of this post »

How Secure are Password-Protected Files?

Saturday, February 14th, 2009

We recently discussed email security for accountants and mentioned that the use of password-protected files is not usually a very good solution for meeting data privacy needs.  After writing this and getting some feed back, we thought that the issue of password-protected files really deserves some further discussion.  Many people are under the assumption that if they use the “password protection” features of whatever software they are using, that their data is safe and secure.  However, this is not necessarily the case.  Why?

Using password-protected files to secure data is fast and easy and built into many applications.  Why not use it?  Certainly, password protecting files is much better than not doing so.  However, there are several things that determine how secure these “protected” files really are.

Read the rest of this post »