" gmail Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci

Posts Tagged ‘gmail’

Think you know how to protect yourself from phishing? Think again.

Wednesday, March 22nd, 2017

This year kicked off with a sophisticated phishing scam that fooled users and cybersecurity experts alike. Users were giving away their passwords to scammers through a seemingly legit Gmail login page. The scam had all the markers of a legitimate email, including the appearance that it was sent from a known sender.

There are many articles out there about the warning signs of phishing scams. We know the rules: Don’t click on URLs you don’t know, beware of emails that sound urgent or feel pressuring, etc. The reality is that many of these tips aimed to protect against phishing attacks would not have worked in the case of the Gmail attack.

Phishing

Gmail’s spam filters already capture many emails that display common signs of scamming (formal language, unknown senders, etc.). However, phishing scammers and hackers, in general, are becoming more sophisticated in their techniques. A greater understanding of security will help you keep up with hackers in 2017. Here we’ll dive into the details of what made the Gmail scam so unique and address some sophisticated phishing scam avoidance tips you can start trying out today.

Read the rest of this post »

eBook: HIPAA-compliant Email Basics

Thursday, February 25th, 2016

Safeguarding Your Healthcare Practice and Protecting Patient Privacy

Book 1 in the LuxSci Internet Security Series.

Created by Erik Kangas, PhD

This LuxSci eBook is your well-researched guide to both a critical understanding of the specific issues and concepts of HIPAA, HITECH, and the Omnibus rule, and their practical application to your business with respect to email, so that you stay compliant with these government standards. This document will provide a framework for your health care entity to keep the privacy of patient information front and center. Providers will have the necessary tools to meet all requirements established by HIPAA to access email outsourcing services.

This eBook includes sections on:

  1. Overview of HIPAA
  2. What is ePHI?
  3. Provisions of the HIPAA Email Security Rule
  4. Additional Risk Analysis and the Need for Encryption
  5. Gmail and Google Apps?

Download the eBook

LuxSci as SMTP Relay for Gmail = LuxSci Encryption for Google

Monday, June 8th, 2015

Gmail and Google Apps users can route their outbound email through LuxSci to take advantage of SecureLine email encryption, which enables HIPAA compliant sent messages, plus LuxSci’s extensive outbound email management tools.  If you prefer the Google interface or need to use it for some reason, but require encryption and/or compliance, you can meet your needs by adding on LuxSci.

Google Apps

Read the rest of this post »

Google Apps HIPAA Compliance Gotchas: Email encryption not included and higher price

Wednesday, October 8th, 2014

There has been a lot of hype about Google offering a Business Associate Agreement to paid Google Apps customers who must abide by HIPAA regulations.  Those who are familiar with Google may be under the incorrect assumption that simply signing up for Google Apps will solve all their HIPAA compliance challenges.  This seems to be increasingly less likely as of October, 2014.

Myths and hidden costs pervade this equation. If a HIPAA-aspiring entity isn’t fully educated about the finer details of the compliance process, they could end up paying very large amounts of money for Google services and still be non-compliant. Here we discuss some misconceptions about Google services as they apply to HIPAA to help you avoid the pitfalls of non-compliance.

Read the rest of this post »

LuxSci takes email privacy seriously … Google owns your Gmail data forever

Wednesday, April 16th, 2014

In recent news, Google is warning consumers that Gmail and google apps are actively scanning your email.

What does this mean?  Google on Tuesday edited its privacy policy to say:

Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.

When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.

Read the rest of this post »

Gmail is Always Playing Catch Up

Monday, April 7th, 2014

In case you missed it, Gmail’s “big announcement” last week was that it would:

  1. Only allow secure (over https / SSL) web connections from users to its servers, and
  2. Make sure that all email traveling between its servers over the Internet uses SSL so it can’t be eaves dropped upon.

This is generally a very good thing.   Its always nice when companies catch up to normal standard procedures by improving their policies.  This makes the Internet an incrementally more secure and safe place.

Just be careful not to give them too much credit as this is really a case of playing “catch up” and not doing anything new or special.  

Read the rest of this post »

Secure? Google Mail Getting Increasingly Less Private

Thursday, December 19th, 2013

In the news this week: Gmail is trying to make its web interface faster and a little safer … but are they trading away some of your privacy in the process and making Gmail addresses better targets for email marketers?

What is Google Doing?

Instead of waiting for you to click a “show images” button on every message that is displayed, Google is pre-loading all the images on their servers, scanning for viruses, and then displaying them automatically inline. You can turn this off in your Settings.

On this surface, this gives you:

  1. Images right away — fewer clicks
  2. Safer images — they have been scanned for viruses and malware

Sounds good so far, but…

Read the rest of this post »

Are Replies to my HIPAA-Compliant Secure Emails also Secure?

Friday, October 11th, 2013

HIPAACustomers of LuxSci HIPAA-compliant email accounts can send secure email messages in a secure and compliant manner to anyone with an email address.   One common question is whether the replies back to these messages will also be HIPAA compliant.  This is especially a concern when customers choose to use TLS only a a secure means of email delivery.

In this article we will break down the various ways that messages are sent securely from LuxSci to recipients across the Internet, and how replies behave — and whether they are secure and compliant.  At the end, we provide some recommendations for best practices for maximizing data security.

Read the rest of this post »

HIPAA Compliance is Needed for Emailed Appointment Reminders

Friday, September 20th, 2013

HIPAA ComplianceTwice in the past few weeks I have received appointment reminders or scheduling information from doctors via email — via insecure, non-HIPAA-compliant email.

An email message contains identifying information: my email address and my name.  The appointment email messages also contain information about “the past, present, or future provisioning of health care to an individual” … me!  Taken together, this means that these email messages are ePHI (more details – what is ePHI?) and needed to be secured in a HIPAA compliant manner.

That they were not compliant was obvious to me:

Read the rest of this post »

Gmail and Google Apps: Not Really HIPAA Compliant Email

Wednesday, July 24th, 2013

We are frequently approached by customers in need of HIPAA compliant email who are currently using Gmail or Google Apps, or who have users that are familiar with and like these services.   They would, of course, like to add HIPAA compliance without changing any of their business processes or habits.

For example, some customers may want to setup HIPAA compliant email with LuxSci and have those secure messages forwarded to Gmail, where they can access them in their “usual way”.  In general, this is a bad idea — this will almost always be non-compliant and leave them at significant risk for breaches, disclosure, and HIPAA liability.

No one who must abide by HIPAA should be accessing ePHI though Gmail or Google Apps.

Revision Note: This is not strictly true anymore (as of September, 2013)  as Google Apps now can afford customers some level of HIPAA compliance.  We have a new post on this topic that is more relevant than this older one.  See: Google Apps HIPAA Compliance Gotchas: Email encryption not included and higher price.

The remainder of this blog post is still has some relevance, so read it in the context that it was written before Google started offering Business Associate Agreements to paid Google Apps accounts.

 

Read the rest of this post »