" high volume email Archives - LuxSci

Posts Tagged ‘high volume email’

New Email Authentication Requirements from Google and Yahoo: What You Need to Know

Tuesday, December 12th, 2023

Google and Yahoo have recently announced their latest updates aimed at reducing spam and spoofed emails.

These updates affect everyone sending emails to Google or Yahoo users. They apply fundamental authentication requirements to regular email, and further requirements apply to those sending higher volumes of bulk emails. These new requirements apply to all email platforms and service providers.

Please note: Many of these new requirements are technical in nature and will require access to your DNS management. You may learn more about these DNS concepts in this LuxSci blog: Understanding DNS Configurations for Email Security: A Guide to SPF, DKIM, and DMARC Records.

As a reminder, it is imperative that you adhere to strong email best practices. Here’s what you need to continue doing on top of your email game:

All senders emailing Yahoo or Gmail:

  • Add DNS SPF records for every domain you use to send emails to authenticate your emails.
  • Add DNS DKIM Records for every domain you use to send emails to further authenticate your emails.

While many have added SPF records in 2023, it’s now crucial to also have DKIM records in place.

For those sending large volumes of emails to Google or Yahoo users (over 5,000 messages on some days)

  • Complete the requirements required for all senders.
  • Implement DNS DMARC: Set up a DNS DMARC email authentication policy for your domains. You can set your DMARC enforcement policy to “none.”
  • Align Your Domains: Ensure the domain used for bounce processing (i.e., the “Return-Path”) matches/is aligned with your From domain in every email.
  • Include Easy Unsubscribe Options: Include a one-click unsubscribe option for marketing and subscription emails.

 

Google’s new requirements begin on February 1st, 2024, and Yahoo will follow in the first quarter of 2024. Aim to make these changes by the end of January 2024.

LuxSci customers will need to:

  • Ensure a DNS Sender Policy Framework (SPF) record.
  • Ensure a DNS DKIM record is in place.
  • Implement a DNS DMARC record.
  • For marketing and subscription emails, enable and use LuxSci’s “Unsubscribe Links” feature.
  • For those using LuxSci Bounce Processing, enable the user of a Custom Bounce Processing domain for every sending domain to ensure that these domains are aligned.

These steps will help ensure your emails continue to reach your audience effectively and responsibly. Without them, messages to Google and Yahoo! recipients may go directly to their Spam folders or be rejected.

As always, your LuxSci team is here to help clarify or provide further guidance. We are happy to support you and help you successfully navigate through these changes.

You may read more about these requirements at the following links:

Prevent Patient No-Shows with Automated Appointment Reminders

Tuesday, September 6th, 2022

Missed medical appointments are not only bad for your business, but they can also negatively impact patient health outcomes. You can improve attendance and health outcomes without adding to administrative overhead by automating appointment reminders and customizing them according to patient preferences.

auto appointment reminders

Why Implement Automated Appointment Reminders

There are many reasons to introduce automated appointment reminders. People are busy, and many rely on digital calendars to stay organized. Many businesses outside the healthcare industry use digital appointment reminders to improve attendance and make scheduling and rescheduling appointments as easy as possible.

Changing Consumer Preferences

Most (88%) of customers said receiving automated appointment reminders via phone and text is important to them, according to a CVS Health survey. The rapid digitization of the healthcare system due to the Covid-19 pandemic has led patients to expect a healthcare experience that fits into their lifestyles. Reminders for haircuts, car appointments, and other personal care services are extremely common, and people expect that from their healthcare providers. In addition, communication preferences are changing. Very few people answer phone calls from unknown numbers. Instead, the majority of patients prefer less intrusive email and text reminders.

Improved Health Outcomes for Patients

As the saying goes, “an ounce of prevention is worth a pound of cure.” Skipping appointments or delaying care puts patients at risk of developing more serious illnesses. Catching conditions like heart disease, diabetes, and cancer early drastically improves prognoses and allows for less expensive and intrusive interventions. Most people don’t intend to skip medical appointments, but life happens. Sending timely appointment reminders before the visit gives overbooked individuals an opportunity to reschedule without a potentially costly missed appointment.

Reduced Administrative Overhead

If your administrative staff members are tasked with making phone calls to confirm appointments, automated reminders can allow them to prioritize other tasks associated with patient care. Keeping the phone lines open to help care for patients with urgent questions improves the patient experience and keeps staff members engaged.

How to Implement Automated Appointment Reminders

Most automated reminders are sent via email, text messaging, or phone calls. We recommend surveying your patient population to find out which communication methods they prefer. By sending the message according to their preference, it increases the likelihood that they will see it and respond appropriately.

Once that is determined, use a tool like LuxSci’s Secure High Volume Email or Secure Texting to integrate with your CRM or EHR and set up trigger points and reminder templates that pull information from the database. For example, maybe you find that five business days before the appointment is the best time to send the reminder. Patients need to have enough time to read the notification and reschedule if necessary. When the appointment is five days away, a message is automatically sent to the patient reminding them of the appointment. Ideally, this message will also include rescheduling options.

One caveat- notice that we mentioned “secure” email and texting. Appointment reminders imply information about health conditions and are PHI that is protected under HIPAA regulations. These messages must be encrypted and follow other HIPAA requirements for access controls, audit logs, and more. Review our HIPAA Compliance Checklist for more information.

Is Medical Billing Information Protected Under HIPAA?

Tuesday, August 9th, 2022

Electronic medical billing requires access to protected health information to accurately bill and receive payment for medical treatments. While not covered entities, medical billing companies are often contracted as business associates and fall under HIPAA regulations.

Title II of HIPAA applies directly to medical billing companies. It dictates the proper uses and disclosures of protected health information (PHI) and simplifies claims and billing processing.

electronic medical billing

What is Protected Health Information (PHI)?

Protected health information is “individually identifiable” health information. It specifically refers to three classes of data:

  1. An individual’s past, present, or future physical or mental health or condition.
  2. The past, present, or future provisioning of health care to an individual.
  3. The past, present, or future payment-related information for the provisioning of health care to an individual.

As listed in item three, payment-related information tied to healthcare provisioning is protected data under HIPAA. This can include information about insurance carriers and payments, billing statements, receipts, credit card numbers, bank accounts, and other financial information.

To be classified as PHI, payment-related information must be tied to an individual identifier. For example, a medical bill with a patient’s address can be tied back to a specific individual. These identifiers can sometimes be quite indirect. There are 18 types of identifiers for an individual (listed below). Any of one of these, combined with information on healthcare payments, would constitute PHI:

  • Name
  • Address (all geographic subdivisions smaller than a state, including street address, city, county, zip code)
  • All elements (except years) of dates related to an individual (including birth date, admission date, discharge date, date of death, and exact age if over 89)
  • Telephone number
  • Fax number
  • Email address
  • Social Security number
  • Medical record number
  • Health plan beneficiary number
  • Account number
  • Certificate/license number
  • Any vehicle or other device serial number
  • Device identifiers or serial numbers
  • Web URL
  • Internet Protocol (IP) address numbers
  • Finger or voiceprints
  • Photographic images
  • Any other characteristic that could uniquely identify the individual

The Risks to Medical Billing Companies

It should be evident that medical billing companies work with a lot of PHI. As such, they must take steps to protect that information under HIPAA regulations.

Third-Party Risk

Many healthcare systems contract medical billing companies to process claims and bill patients and insurance companies. These companies can present significant risks to protected health information if not adequately vetted. All third-party companies that handle PHI on behalf of a covered entity must sign a business associate agreement. This document discusses how sensitive medical billing information will be stored, secured, and transmitted. It is also essential to ensure that the billing companies understand their obligations under the privacy and security rules and have implemented the proper physical, technical, administrative, and organizational standards. This can be verified via security audits and assessments.

Third parties like medical billing companies are often targets for cyberattacks. From 2020 to 2021, cyberattacks on business associates increased by 18%. The rich trove of financial and health data they have is often more comprehensive and less secure than a hospital’s electronic health records system. Unlike covered entities who frequently work under HIPAA regulations, third parties may not wholly understand it. As a result, they may fail to take the technical steps needed to secure sensitive data.

How to protect electronic medical billing information

Like many healthcare organizations, financial institutions are also undergoing digital transformation and are moving to digitize healthcare payment processes. Digitization is an effective way to reduce payment times and improve patient satisfaction. However, it also introduces risk. Digital systems that contain healthcare billing information must implement the proper safeguards, including:

  • Organizational requirements that describe how policies and procedures will be implemented and obligations concerning business associate contracts.
  • Administrative requirements related to how employees access PHI.
  • Physical safeguards that encompass the security of computer systems, servers, and networks, access to the facility and workstations, data backups and storage, and the destruction of obsolete data.
  • Technical safeguards that ensure the security of data transmitted over an open electronic network and the storage of that data.

Protecting Electronic Medical Billing Information In Databases

Digital billing information that is stored in electronic databases or online web portals must be secured in the following ways:

  • Using a secure and HIPAA-compliant web and database host.
  • Limiting access to only authorized users.
  • Requiring unique logins and complex passwords with multifactor authentication to access ePHI.
  • Encrypting the contents of the database so they cannot be accessed if there is a breach.
  • Making regular backups of the database and storing them independently of the main system.

Sending Healthcare Billing Notifications Digitally

Many people now prefer to receive electronic medical billing notifications via email. A survey of 3,000 US consumers found that 85% are already using e-billing, and 47.6% find it is faster to pay bills electronically. However, using email, text messaging, or other digital communication forms introduces new risks and requires remediation to protect ePHI in transmission. These safeguards include:

  • Encrypting messages in transit
  • Authenticating user identities and sending domains
  • Requiring unique user logins and complex passwords
  • Protecting against threats with anti-virus software, email filtering, and other malicious scanning tools.
  • Creating audit logs and reviewing them for suspicious activities.

Services like LuxSci’s Secure High Volume Email can integrate with existing systems to send automated encrypted billing notifications via API or SMTP.

Should You Integrate Secure Email Sending with an EMR or EHR?

Tuesday, February 8th, 2022

Email is the preferred medium for business communications. Although those in the healthcare industry face restrictions on how they can use email, it is a powerful tool if properly secured. By integrating secure email with an EMR or EHR system, healthcare organizations can automate communications to maximize efficiency.

integrate secure email

What Are EMRs and EHRs?

Electronic medical records (EMRs) are digitized versions of medical records. EMRs are sometimes referred to as electronic health records (EHRs). Even though these terms are often used interchangeably, there are slight distinctions between them.

Let’s start with electronic medical records. EMRs are essentially electronic versions of patient charts. They record a patient’s medical history and treatments at one hospital or practice. EMRs tend to stay at the practice, even if a patient switches to a new provider.

In contrast, EHRs contain a record of a patient’s medical history and treatment. They are long-term records that offer insight into a patient’s health, following them as they seek healthcare from different providers. EHRs are designed for information sharing. They help facilitate care when patients visit new clinics or hospitals.

Simply put, an EMR or EHR is the system used to manage or process these respective types of health records. Both EMRs and EHRs come with many of the same benefits and downsides as other forms of digitized information. The data is easier to find, access, and share, which can help speed up medical treatment and improve care. However, if the right data protection mechanisms aren’t in place, EHRs and EMRs are susceptible to data breaches and violations of privacy.

Why Integrate Secure Email with your EMR or EHR?

One of the main advantages of integrating secure email with an EMR or EHR is the ability to automate communications. Actions taken in the EMR can trigger email sequences. For example, an upcoming appointment can trigger an appointment reminder email. It requires no effort on the part of the office staff to send the email or make a phone call. The IT or marketing team simply creates the email template language and uses dynamic variables to personalize each email with the patient’s name, appointment date, and time.

If an organization integrates secure email with its EMR or EHR systems, they can set up automatic emails for a wide range of actions. Whenever there is relevant activity or an update on a patient’s chart, emails can be sent off without having to lift a finger. Some examples of emails that can be triggered by EMR activity include:

  • a request for a review post-appointment
  • follow up information on lab work or scheduling testing
  • flu shot or other vaccine reminders
  • password resets to access EHR

Ultimately, integrating secure transactional email with an EMR makes it easy to promote the organization and increase patient satisfaction. In addition, automating email workflows decreases the administrative burden on office staff without sacrificing the patient experience.

The Risks of Integrating Secure Email with an EMR or EHR 

It’s extremely important to select the right provider to integrate secure emails with an EMR or EHR. The HIPAA laws that govern medical records are stringent, and organizations face serious repercussions for violating them. The provider must comply with HIPAA regulations and encrypt outgoing emails that contain protected health information.

All encryption is not equal. A secure email provider like LuxSci allows users to choose the appropriate type of encryption to suit their email use cases. TLS encryption, which allows recipients to read encrypted emails directly in their inboxes, is appropriate for emailed appointment reminders, but is not suitable for something like lab or test results. Choose a provider who can meet your encryption needs.

Another factor to consider is desired sending rate. Many email providers use shared cloud servers which limit how quickly emails can be sent from an EMR. However, for emails that are time-sensitive, this can be an issue. Using a dedicated server configuration separate from the office’s regular day-to-day email sending has performance and security benefits. Improve your security posture by keeping EMR or EHR data isolated from other customers of your email provider. Learn more: Dedicated Server Benefits: How They Improve Security and Reliability.

Conclusion

Despite these challenges, services like LuxSci’s HIPAA-compliant Secure High Volume Email are specifically designed to help navigate the complex intersections of the regulations and transactional email sending. Our dedicated email solutions are custom-designed to meet our client’s sending needs while adhering to HIPAA requirements.

How to Determine Your Email Throughput Needs

Tuesday, November 2nd, 2021

When designing an email infrastructure to send high volumes of email, you need to determine your email throughput needs. Throughput refers to how much data can be transferred within a specific time frame. It is a practical measure that is influenced by many factors including server power, network speeds, concurrent connections and more. This article will explain some of the factors that you can control to help you design an email sending infrastructure that fits your business needs.

email throughput

Read the rest of this post »