" escrow Archives - LuxSci

Posts Tagged ‘escrow’

7 Steps to Make your Web Site HIPAA-Compliant

Tuesday, March 2nd, 2021

Telehealth is the new normal thanks to the Covid-19 pandemic. Many medical providers are finding that not only is telehealth a safer option during the pandemic, it can also help increase patient access to healthcare and improve outcomes. Along with video appointments, the virtual medicine push includes making protected health information available to patients via a web site and collecting similar private information from patients or would-be patients online.

However, where the health information of an identifiable individual is involved, the Health Insurance Portability and Accountability Act (HIPAA) is the official compliance document. The Omnibus rule requires all web sites, old and new, to be properly designed or their owners can face potential financial liability into the millions of dollars.

So, what do these requirements mean and how can HIPAA be followed in the context of a website?

Read the rest of this post »

Has Your Email Been Read? Read Receipts and Web Bugs

Wednesday, July 1st, 2020

 

Customers often ask how they can know if a message has been read by a specific recipient.  Typically, this is done by requesting a “Read Receipt” when sending the message; however, read receipts are not reliable. Spammers use techniques such as HTML “web bug” tracking to see if you have read an email message and thus if your email address is valid and ripe for more spamming; this is also not reliable. LuxSci’s SecureLine Escrow service includes a 100% reliable Read Receipt function that can be used when it is essential to know if someone has read a message. It also allows for message retraction (removing further access to an email message).

This article goes over these various methods of determining if a message has been read, shows how each works, and discusses the pros and cons of each.

Read the rest of this post »

Ask Erik: Is misaddressed email a HIPAA breach?

Friday, December 8th, 2017

Read the rest of this post »

Next Generation Data Loss Prevention (DLP) with LuxSci Secure Email

Tuesday, September 29th, 2015

Data Loss Prevention (DLP) describes a plan for companies to control the sending of sensitive data.  E.g. this can include controls to stop the flow of sensitive data or to ensure that sensitive data is always well-encrypted (for compliance) when sent.

In the context of email, DLP is usually achieved through the following formula:

  1. Construct a list of words, phrases, or patterns that, if they are present in an email, signify an email message that may contain sensitive information.
  2. Have all outbound email scanned for these words, phrases, or patterns
  3. For messages that match, take action:
    1. Block: Refuse to send the message, or
    2. Encrypt: Ensure that the message is encrypted
    3. Audit: (and maybe send a copy of the message to an “auditor”)

This classic DLP system is available through many email providers and has been available at LuxSci for many years as well. However, it does have a glaring limitation — no matter how complete and complex your DLP pattern list is, it is almost certain that some messages containing sensitive information will not quite match (or the information will be embedded in attachments that can’t be searched properly).  If they do not match, then they will escape in a way that may be considered a breach.

Read the rest of this post »

SMTP TLS vs Secure Message Pick Up: Which is Better for HIPAA?

Wednesday, November 12th, 2014

There are many methods for sending an email message securely.  These generally vary in terms of the degree of security vs how easy they are to set up and use.  The two most common email encryption methods include:

  • SMTP TLS: Encrypting the message only while it is transmitted between the sender’s and the recipient’s servers.  See: SMTP TLS: All about secure email delivery over TLS.  Note that SMTP TLS is only supported by some email service providers.
  • Secure Message Pickup:  Sending the recipient an email notice with a link.  The recipient clicks on the link and goes to a secure web site to authenticate and access the message. (LuxSci call’s this method “Escrow”).  Secure Message Pickup allows one to send a secure message to anyone.

Other methods, such as PGP and S/MIME, are also in wide use.  However, these require a lot more setup and collaboration between the sender and recipient.  The above two methods are most commonly used for sending messages to people that you have not otherwise communicated with.

So, which is better?  How does that answer change when HIPAA compliance is involved?

Read the rest of this post »

LUXSCI