" encryption Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘encryption’

How do I Encrypt My Windows Hard Drive? Why You Should I Do It and Which Options Are Best?

Monday, June 19th, 2017

We all want to keep our data safe. Whether it’s personal or for business, we don’t want it to be stolen, altered or deleted. From the violation of individual privacy to breaches that cost companies millions to recover from, losing control of data can be damaging in numerous ways.

There are many techniques for keeping data safe and any good security policy must combine a range of them. One important piece of the data-security puzzle is full-disk encryption. This encrypts everything on the disk, apart from the master boot record.

full-disk encryption

Encryption allows you to make data unreadable unless someone has the key. With full-disk encryption, the key must be entered when you boot your device in order to access the disk or any of its files.

Read the rest of this post »

Email Encryption Showdown: SMTP TLS vs PGP vs S/MIME vs Portal Pickup

Monday, May 29th, 2017

While messaging apps may have become more popular over the last ten or so years, email remains an important method of communication, particularly for business. Despite its common use, there are many security problems associated with regular email:

Message Tampering

False messages are a significant threat, particularly when it comes to business and legal issues. Imagine someone else sends an email from your account – how can you prove it wasn’t you? There are many viruses that spread in this way, and with regular email, there is no concrete way to tell whether a message is false or not.

Email Encryption

Normal emails can also be modified by anyone with system-administrator access to the SMTP servers that your emails pass through. They can alter or completely delete the message, and your recipient has no way of knowing if the message has been tampered with or not.

In the same way, messages can be saved by the SMTP system administrator, then altered and sent again at a later time. This means that subsequent messages may appear valid, even if they are actually just copies that have been faked.

Read the rest of this post »

How do I send HIPAA-compliant lab results via email?

Friday, May 5th, 2017

A question about HIPAA-compliant transactional email from Ask Erik:

As a non-technical member of the founding team of a Health Care Startup I have a question about HIPAA-compliant email as we begin to send out lab test results to individuals and the health care providers we partner with:

“Does one dedicated email address for results distribution that is HIPAA-compliant and secure make us in compliance. ”

We have team members who communicate with our DDS clinics but they don’t distribute test results. Only I will do that through a dedicated email address.   What do we have to do to be compliant from day one of distributing test results as part of our service to our customers (primarily dentists and oral surgeons)?

I was told by the service provider of our website and email hosting services that if we made the one email address a Business Premium account using the Microsoft Secure Server, that all the other regular email addresses would be covered as well. Is this true?

Thank you for the forum to ask real life scenario questions.

Lab results to email

Hello,

There are many aspects to your question.  Lets address each one in turn:

Read the rest of this post »

eBook: HIPAA-compliant Email Basics

Thursday, February 25th, 2016

Safeguarding Your Healthcare Practice and Protecting Patient Privacy

Book 1 in the LuxSci Internet Security Series.

Created by Erik Kangas, PhD

This LuxSci eBook is your well-researched guide to both a critical understanding of the specific issues and concepts of HIPAA, HITECH, and the Omnibus rule, and their practical application to your business with respect to email, so that you stay compliant with these government standards. This document will provide a framework for your health care entity to keep the privacy of patient information front and center. Providers will have the necessary tools to meet all requirements established by HIPAA to access email outsourcing services.

This eBook includes sections on:

  1. Overview of HIPAA
  2. What is ePHI?
  3. Provisions of the HIPAA Email Security Rule
  4. Additional Risk Analysis and the Need for Encryption
  5. Gmail and Google Apps?

Download the eBook

7 Ways You Could be Unknowingly Violating HIPAA

Friday, August 14th, 2015

Non-compliance with HIPAA can easily lead to unintended breaches where data is exposed to unauthorized parties.  This can be very expensive!  The cost of a breach depends on your degree of negligence; it ranges from $100 to $50,000 per violation (or per data record).

You don’t want to be caught in a situation where inaction, neglect, or lack of knowledge can result in unintended breaches.  Many small and large organizations are often unknowingly using systems in a way that is either already in breach or which results in frequent sporadic breaches.

Check your organization!

If any of the following scenarios apply to you, it is worth bringing them up the person responsible for compliance (your HIPAA Security Officer) to include in your mandatory yearly Risk Analysis.  Is the risk of breach worth continuing with “business as usual?”

Read the rest of this post »

LuxSci as SMTP Relay for Gmail = LuxSci Encryption for Google

Monday, June 8th, 2015

Gmail and Google Apps users can route their outbound email through LuxSci to take advantage of SecureLine email encryption, which enables HIPAA compliant sent messages, plus LuxSci’s extensive outbound email management tools.  If you prefer the Google interface or need to use it for some reason, but require encryption and/or compliance, you can meet your needs by adding on LuxSci.

Google Apps

Read the rest of this post »

Can your web and PDF forms save to an Encrypted Database?

Monday, April 20th, 2015

Many web form processing systems allow you to save the form posts in a database.  However, for security and compliance reasons, that is not really very secure.  Of course, if your form processing and the database are in a secure, compliant environment (e.g. a HIPAA-compliant dedicated server), then the situation is better and it may be OK to have your form data saved unencrypted in your database.

However, as the person doing your compliance risk analysis will tell you, it is always better to have data encrypted at rest if you have a choice.  That greatly reduces your risk of breach / compromise.  The problem is: these web form processing systems and plugins will not encrypt your data for you and it is not easy to get a database that is itself fully encrypted.

So — what can you do to lock down your data?

Read the rest of this post »

Interview with Mason Rothert, CEO of Mediprocity our partner for SecureChat

Friday, February 20th, 2015

Mason Rothert is the CEO of Mediprocity, the company that we have partnered with and worked closely with to provide LuxSci SecureChat.

Mason Rothert & Nicholas Magers conceived Mediprocity while working together in the healthcare field calling on physician offices and healthcare provider centers. At the time, Mason Rothert was working as V.P. of Sales and Technology for a management company overseeing long-term care facilities and a full range therapy company. Nicholas Magers was finishing up his MBA at USC and working for a pulmonary company as a sales director. They decided to combine forces in order to solve the fragmentation of communication amongst covered entities and business associates in healthcare. They would focus on the new technologies available as well as the growing need to encrypt patient health information in order to prevent data breaches.

Mediprocity begin in 2009 as a social network for healthcare.  The Company culture has always been to be physician-centric and to help improve communications.  As smartphone and text messaging popularity grew rapidly, it was clear in 2010 that Mediprocity needed to become a simple secure solution for HIPAA-compliant communication.  They set out to combine the best elements of instant messaging, SMS text, and Email.

LuxSci has integrated the Mediprocity secure communications product into its offering and is continuing to work closely with them to integrate the SecureChat service more and more tightly with LuxSci’s SecureLine secure emailing offerings.

Mason has agreed to this interview so that we can answer many common SecureChat-related questions for you.

Read the rest of this post »

HIPAA Compliance Checklist: What You Need To Do

Thursday, January 29th, 2015

LuxSci provides HIPAA-compliant services and must itself maintain HIPAA-compliant business operations in order to comply with HIPAA HITECH and Omnibus regulations.  As such, many of our customers and leads look to us to find out exactly what they need to do to be compliant.

This article provides you with a quick and easy-to-read overview of the various things needed for compliance.  The items given below should not be considered a complete or formal list for compliance, nor will doing all of these things guarantee that you are compliant.  As always, we recommend that you consult a lawyer to determine the compliance needs specific to your particular situation

Read the rest of this post »

Encryption and Auditing for MySQL Databases under HIPAA

Monday, July 21st, 2014

We get a number of questions every week regarding MySQL databases and HIPAA web site compliance. These range from confusion over auditing of access to stored ePHI to what HIPAA’s data encryption requirements actually are to how HIPAA applies to MySQL databases. Here, we will attempt to address some of these subtle questions for you.

Read the rest of this post »