" high volume Archives - Page 2 of 3 - LuxSci

Posts Tagged ‘high volume’

Secure Bulk Email: The Solution to HIPAA Violations You Didn’t Know You Were Making

Tuesday, May 7th, 2019

If you send emails for marketing purposes, appointment reminders, or any other business transactions, it’s easy to get complacent and think that there is no way that you could be violating HIPAA. Unfortunately, HIPAA laws are incredibly complex and there are a number of unexpected violations that you can make without even realizing it. Using a secure bulk email service is the best way to avoid costly and damaging HIPAA penalties.

HIPAA laws are designed to protect the privacy of individuals and they often play out in ways that aren’t immediately intuitive. They are further complicated because the lines between compliance and non-compliance aren’t always clear. Given the costs of a violation, it’s important that every healthcare provider and business associate errs on the safe side.

How Can Bulk Emails Violate HIPAA?

There are a variety of common situations where healthcare providers can unwittingly leak their patients’ information in a way that violates HIPAA. The following are just a couple of scenarios that are not just compliance issues, but would also have serious ramifications for those who were affected:

Is a Harmless Newsletter Really Harmless?

Let’s say your healthcare organization wants to send out a newsletter to a certain subset of its patients. Surely something so innocent wouldn’t need to be encrypted, right? Unfortunately, this isn’t always the case.

If your company were to email some helpful resources on depression, you might not see any need to send it to all of your patients. You may decide that it’s best to only send it to those who have previously sought out treatment for mental health issues. After all, what can be wrong with sending information to those who are most likely to find it useful?

Such a simple situation could easily have far-reaching consequences. The email connects the patient to the health condition, and it could give away far more information than the patient would be comfortable with. The targeted nature of the email insinuates that the patient has a mental illness, one which is a personal struggle that still carries a strong stigma in our society.

If this information was sent in an insecure manner, it could be accessed by other people, which could take a dramatic toll on the patient’s life. If the patient were a high-powered CEO and the information leaked, it could be personally difficult and also cause stock prices to plummet. A celebrity could see themselves as the center of a scandal, another famous person being hounded by the paparazzi in the grips of a mental breakdown.

Even normal people can face a range of negative consequences, such as if a patient’s spouse finds out that they were receiving treatment without their knowledge, or if a business partner discovers the information and decides not to move forward on the next project.

If your organization had sent out an email like this with the best intentions, it could still be culpable. These intentions don’t matter to the patient, especially if they have gone through a tough ordeal because of the email. In the eyes of HIPAA, the intentions don’t matter either. A violation is a violation.

An Appointment Reminder Can’t Hurt, Can It?

Let’s say a young woman from an extremely conservative background schedules an appointment with an OB-GYN. Under the laws of our society, she should have every right to see whichever kind of medical professional she needs. Her family and community may not see things the same way.

If the message weren’t sent in a secure way, it’s easy to imagine how the details of her appointment could be intercepted by those around her who disapprove. Perhaps they wouldn’t let her go. Maybe she would be shunned by her community or even worse.

No matter what the result, it is clear that there are some vulnerable people who have a strong need to have even their most subtle information protected. Sure, many of us may not care if such an appointment was made public, but that’s not the point. HIPAA laws are for everyone and need to be able to protect the most vulnerable as well.

What Do HIPAA Laws Actually Say About Secure Bulk Email?

The situations mentioned above are focused on the potential human cost of sending health information in an insecure manner. They demonstrate that HIPAA regulations aren’t just the result of a frustrating bureaucracy. Instead, they are important for protecting people.

Now that we’ve gotten that out of the way, we’ll look at the specifics of what the regulations say. This will help you to understand what does and does not constitute a violation, as well as the gray area that lies in between.

When it comes to bulk emailing, the main concern is over electronic Protected Health Information (ePHI). This information needs to be guarded by adequate security measures whenever it is acquired, processed, sent or stored.

In essence, ePHI is any electronic information that is individually identifiable and that pertains to someone’s physical or mental health, their healthcare and treatments, or any payment-related information. It doesn’t matter whether this data is from the past, present or future. As far as HIPAA laws are concerned, it’s all ePHI.

When HIPAA laws refer to “individually identifiable” information, there’s a long list of 18 separate identifiers, including a patient’s name, address, relevant dates, phone number, email address and much more. The final identifier is “any other characteristic that could uniquely identify the individual”, so pretty much anything that can be connected with a patient counts as individually identifiable information.

Of course, any email address that someone gives to their health provider is clearly an identifier. This means that any organization that processes HIPAA data needs to be extremely careful when sending unencrypted emails, making sure that they don’t include anything that could be related to the patient’s health.

HIPAA Privacy Rule & Informed Consent

Under HIPAA’s Privacy Rule, healthcare providers are allowed to use unencrypted email to communicate with their patients, but only when they take reasonable safeguards and limit the information that is disclosed. These communications should be in accordance with the HIPAA Security Rule, which can be viewed in the Regulation Text (p62).

According to the HIPAA Omnibus Final Rule (p70) the only situation where a healthcare provider can send a patient unencrypted ePHI is if the individual has been informed of the risk, but still chooses to have their information sent in an unencrypted manner. Healthcare providers will want to have this consent in writing so that they can maintain a permanent record as proof.

The HIPAA Privacy Rule also states that individuals must give written consent before their ePHI can be used for marketing. This means that messages about appointments or other transactional emails don’t typically need additional authorization, but messages which promote products or services which aren’t related to the patient’s core healthcare require consent.

What does all of this tell us? That a wide variety of information can be considered ePHI, and that there are many situations where it can be inadvertently sent. The penalties are enormous and can be incredibly damaging for the organization that is responsible, even if the violation was accidental.

What Are the Penalties for a HIPAA Breach?

It depends on just how negligent a healthcare provider’s actions have been. They can range from between $100 and $50,000 per violation or per record that has been violated. That’s right, in cases where the violation has been especially negligent, an organization may have to pay $50,000 for each non-compliant email that was sent.

Secure Bulk Email: The Solution that Protects Your Organization & Your Patients

As you can see, it’s easy to slip up and inadvertently face severe HIPAA penalties. From sending marketing materials to test results or even appointment reminders, there are so many pitfalls where you could be violating HIPAA.

LuxSci’s High Volume Email Sending Service can help to remove this burden from your organization, by giving you a wide variety of security options. In both of the scenarios at the start of this article, our bulk email service could have protected the individuals from having their ePHI exposed, as well as the companies involved from suffering the harsh HIPAA penalties that could follow.

You may think that the majority of your bulk email doesn’t need to be encrypted, and you may even be right. But it’s those few exceptional circumstances which can see your business fall on the wrong side of HIPAA regulations. Our bulk email service helps to prevent this by allowing you to implement the security that is best for both your organization and your patients.

Alternative bulk email providers simply don’t offer the security that is necessary for dealing with information that is as sensitive as ePHI. Organizations that use a service which isn’t HIPAA-compliant may be inadvertently violating the regulations.

You may think that you can get around the need for encryption by simply asking your patients for consent. Sure, it’s possible in some cases, but it still requires a lot of administration. Your organization would need to ask for and obtain consent, then keep permanent records. This can be a complex process where there are numerous opportunities for things to go wrong.

The Benefits of LuxSci’s High Volume Email Sending Service

The standout feature of LuxSci’s bulk email service is that it offers HIPAA compliance for large-scale sending. No other company offers a comparable service, which makes LuxSci the go-to option for organizations that take their HIPAA obligations seriously.

On top of this, we offer a flexible setup that allows your business to send its emails in a manner that suits both your needs and those of your patients. Our TLS Exclusive gives you the option to send emails to only those recipients whose email system supports TLS. This can be a great option for marketing campaigns, especially if you don’t want your non-TLS recipients to be forced to click through to a secure Escrow Portal.

As an alternative, our Escrow service allows anyone to access secure email messages, without any complicated steps or security compromises. With our bulk email service, you can configure your messages dynamically, without the need to adjust your settings for every message.

Another key feature of LuxSci’s service is its scalability. As your email needs grow, we can support you along the way, with the capacity for up to hundreds of millions of emails each month. Our dedicated infrastructure installations offer high availability and disaster recovery, giving your organization everything it needs for enterprise-level bulk emailing.

This makes our High Volume Email Service an excellent solution for your business. Not only can it be used to bring your current bulk email practices in-line with HIPAA regulations, but it can form a key part of your marketing campaigns, helping to grow your business well into the future.

Case Study: Halloween Express Chooses LuxSci for Large Scale Seasonal Email Marketing

Monday, January 26th, 2015

Halloween Express
 is one of the most aggressive and dynamic Halloween chains in the United States. Started in 1990, Halloween Express has both company owned and franchised locations throughout the U.S. Their success is based on offering the largest selection of Halloween merchandise available anywhere.

Halloween Express chose LuxSci in 2014 for their massive seasonal email marketing needs.  LuxSci resolved the issues that they experienced with previous providers, saved them money, and enabled an extremely successful online campaign involving millions of email messages sent in a short period of time.

Halloween Express was very pleased that they could quickly scale up sending for the Halloween season, and then back off to a lower level for the rest of the year, without compromising their sending reputation.  They are so satisfied with their experience, that they are staying on for 2015 and are moving their business email services for their hundreds of employees over to LuxSci as well.

This is the story of Halloween Express’ timely switch to LuxSci’s dedicated High Volume SMTP Relaying service.

Read the rest of this post »

Maximizing Delivery Speed and Reliability for Large Scale Email Marketing

Monday, September 8th, 2014

large-scale email marketingMany customers want to send millions of marketing messages within a short timeframe without getting blocked by recipient ISPs to maximize the number of recipients and the conversion rates on these messages.

This is a common scenario that we see, often from customers who have been using another costly provider, where delivery is sluggish or where messages are blacklisted or greylisted by their recipient’s systems.

Here we will share our standard prescription for solving this delivery dilemma once and for all. There are multiple factors involved, each of which will contribute to success.

Read the rest of this post »

Maximize Your Outbound Email Throughput: How to Send More Email, Faster

Tuesday, July 24th, 2012

Customers of our Secure High Volume bulk outbound email service often ask how they can “send faster.” They want to get their mailing out ASAP, no matter if it is to hundreds or millions of recipients.

This post codifies all of the various types of advice we give for optimizing outbound email throughput. Much of it applies to outbound email sending over SMTP in general — i.e. its not limited to the LuxSci Secure High Volume service.

Use Concurrent Connections

When sending an email message, your emailing program connects to our servers, establishes your identity, and passes the message through. If you have to send 1000 messages, then you might connect 1000 times to do this. Many sending programs can be configured to make more than one connection at a time. If you make 10 connections at once (e.g. concurrently), then you could send those messages about 10 times faster. That is a really significant speedup!

Don’t make too many concurrent connections, however! The more connections that you make at once, the harder your server has to work to process the mail. At some point, the server can get so busy and overloaded that the average time to send a message starts getting longer and longer. You never want to push your server to the point where it is struggling to keep up with your sending, as that will only make things slower for you. Instead, you want to use a modest number of concurrent connections so you can take advantage of parallel sending and so the server can easily and efficiently process all of the messages.

For shared High Volume accounts, where you are sharing capacity with other bulk senders, we recommend keeping your number of concurrent connections to 1o or less. Single dedicated servers can support 20-30 concurrent connections (or more depending on many factors discussed below), and dedicated server clusters can support as many as you need (depending on how large a cluster you have).

SMTP Pipelining

Your email program sends a message by:

  1. Connecting to your SMTP server
  2. Establishing SSL or TLS encryption, if configured
  3. Authentication to establish your identity and permission to send
  4. Uploading the list of recipients and message content
  5. Disconnecting
When sending small messages, the time taken by steps 1, 2, 3, and 5 are very significant relative to the time it takes to upload the message data.  With SMTP Pipelining, the connection is reused for successive messages.  I.e. when sending 3 messages, it would look like:
  1. Connecting to your SMTP server
  2. Establishing SSL or TLS encryption, if configured
  3. Authentication to establish your identity and permission to send
  4. Message 1: Upload the list of recipients and message content
  5. Message 2: Upload the list of recipients and message content
  6. Message 3: Upload the list of recipients and message content
  7. Disconnecting
By not repeating the connect-authenticate-disconnect steps for every single message, a lot of time in saved and your messages are sent much faster.  SMTP Pipelining should always be used if supported by your email sending program and outbound email service (LuxSci High Volume supports SMTP Pipelining).

Multiple Recipients in One Message

Imaging sending the same message to 1000 recipients.  If your send these one at a time and it takes 1 second to send each one, then that is almost 20 minutes to send.  However, if you instead include all of these recipients in the BCC line of one single message, then it will take only about 1-2 seconds to get the message uploaded to the server (though it will still take the server some time to actually deliver it to those recipients).

Sending messages to multiple recipients using BCC allows you to upload your messages to the server very much faster than otherwise.

There are two downsides, however:

  1. The received message may appear more SPAM-like, since the recipient would not see his/her email address as the “To” recipient.  Bccs are more SPAM-like than messages individually addressed (because it is so much easier and faster to send this way).
  2. A single message to 1000 recipients may take longer to be delivered to all of those recipients as the mail server will not generally parallelize delivery to the recipients but will instead process them sequentially.  If the delivery time is not very time sensitive, then this point can be discounted.
LuxSci’s High Volume servers allow you to send to up to 1000 recipients in each message.  Customers with dedicated servers and clusters can have this limit increased arbitrarily.

Smaller Messages are Better

A significant factor in determining how fast messages can be delivered is how long it takes to upload each one to the server.  To see the difference, lets look at an example — sending a PDF to 1000 people in 1000 separate messages.  This PDF is 1 Megabyte in size.

Case 1 – the PDF is attached to the message and it takes 10 seconds to upload the large message to the mail server.  This results in it taking 10,000 seconds (almost 3 hours) to send these messages (unless you use concurrent connections or multiple recipients/message).

Case 2 – the PDF is placed on a web site and a link to it included in each message instead. The resulting email message is only 10 KB in size (100 times smaller) and it is able to be sent about 100 times faster. That’s less than 2 minutes without any other optimization.

It is best to remove images and other attachments from bulk messages to decrease the size.  Images can be hosted on a web site and displayed in the message by merely linking to the image, rather than including the image content every time.  Attachments that are not sensitive in nature can be similarly hosted on a web site and linked to.  Keeping your email message size down will have a big impact on sending speed.

Clean Mailing Lists are Important

Obviously you should only be sending bulk messages to addresses that have opted into your mailings and/or with whom you have established business relationships.  This, and all that is implied, are standard terms for the use of any bulk mailing service.

However, mailing lists get stale as people change addresses, domain names go defunct, etc.  It is very important to cull invalid email addresses off of your lists. Why?

  • Bad Domains. Sending email to an email address whose domain name is no longer valid (e.g. which has expired) can be very slow as it can take much more time to determine that the domain is bad than to determine that it is good and where to deliver the mail.  The delay caused by bad domain names can really slow down your sending.
  • Defunct Addresses. Sending email to now-invalid email addresses looks like spamming.  Recipient servers like Yahoo!, AOL, McAfee, etc., are very sensitive to the number of messages that come through addressed to defunct email addresses.  If they see a lot of these, they will either block your emails, or slow down the rate at which they process them.  This will result in more delays and/or non-delivery to valid recipients.
  • Waste of Time. Obviously, sending messages to invalid recipients also just wastes time and money.

You should take advantage of any and all tools available to track what recipient email addresses are failing and to actively remove them from your mailing lists.  LuxSci provides many such features — including ones which can automatically email you digests of all failing email addresses and which let you create your own reports.

Insecure is Faster than Secure

OK, while encrypting your username and password and message content is always a good thing and always recommended, this encryption will always slow things down to some extent.  It requires extra processing on the part of the server and your sending machine.  It also requires somewhat more bandwidth to transmit all of the data.

So, if you are looking to “eek” out every bit of speed, we would recommend not using TLS or SSL when connecting to your bulk SMTP server.  However:

  • Be sure that the username and password being used to authenticate the message sending is NOT used for anything else.  I.e. it is not your administrator user, the password is not one of your “standard” passwords, etc.  You must assume that this username and password could be compromised.
  • Do not grant this user any permission except for sending email.  In LuxSci, you can restrict it from using the web interface and any other services.
  • Change the password often.  Change the sending user’s password often. I.e. weekly.
  • Use tools to check that noone else is using this user to connect to your SMTP service.  I.e. LuxSci provides alerts and reports about logins (successes and failures), which you can use to be sure that no one else is accessing this user account.
In the worst case scenario, if you have followed these guidelines, the username could be only used to allow someone to send email though your account until you next change your password or until you hit your sending limits.

Use an Appropriate Email Program

Many programs that are good for regular email usage are terrible for sending email in bulk.  E.g. don’t try to use Outlook, Thunderbird, Mac Mail, and similar programs to send bulk mail if you are interested in sending speed or efficiency. Why?  Such programs
  • Generally do not support concurrent connections
  • Might not support SMTP Pipelining
  • Cannot handle large mailing lists (e.g. more than 100s of recipients) well
  • Get bogged down and can be very slow when sending many messages
They are just not designed for it or optimized for it.  Instead, use a program explicitly designed for bulk mailing.  I.e.
  • LuxSci Spotlight Mailer
  • GroupMail
  • Interspire Email Marketer
  • Atomic Mail Sender
  • SendBlaster
  • Email Marketing Director
See our videos on how to set these programs up with High Volume email.

Increase Capacity!

Finally, if you must send to many recipients in a short time, you may need to increase your outbound server’s sending capacity.  At LuxSci there are tiers of capacity:
  • Shared – Your account shares a single server with multiple other accounts.  The capacity of the server is shared and your sending throughput (i.e. maximum concurrent connections, maximum recipients/month, etc.) is more restricted so that you play nice with other customers.  Your outbound IP reputation is also shared with others.
  • Dedicated – This is like “shared”, except that the sending server and IP is yours, and yours alone.  You get all of the capacity to yourself and thus can attain a much higher throughput.  Your IP reputation is also not subject to other customer’s actions.
  • Cluster – When the capacity of a single powerful server is insufficient, a cluster is the perfect solution.  It consists of 2 or more (really, any number) of outbound servers behind a load balancer.  The more servers you put in your cluster, the higher your throughput can be.  As a “side effect”, you also end up with multiple sending IP addresses for reputation management and with fail over so your sending can be resilient against server failure.

Which one should you get?  That really depends on the number of recipients you want to send per month. Also, if you have requirements to send to large numbers of recipients in a very short time, you may need a dedicated or cluster solution even if the overall number of recipients in a month is not excessively large.  Contact us for help in determining the best solution for you.


High Volume Resellers Can Brand Their Own Bulk Email Service

Tuesday, July 17th, 2012

LuxSci’s High Volume Bulk Emailing service enables users to send mass emails with high speed, reliability, and deliverability.

Resellers purchase quantities of sending and distribute these to their customer accounts, charging their customers their own rates for sending and for any additional value adds that they provide.

Resellers typically do not want their customers to know that LuxSci provides the back-end mailing service that they are selling… they would much rather present their own service as their own brand.  With Private Labeling for High Volume accounts, LuxSci enables just that!

Read the rest of this post »