" hipaa compliant Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci

Posts Tagged ‘hipaa compliant’

LuxSci’s 2016 Advancements – The Year in Review

Saturday, December 31st, 2016

LuxSci has been really busy in 2016!  Besides migrating customers from McAfee due to the “end of life” of their filtering and archival services, keeping up with the changing security landscape, and replacing our Enterprise Server Environment with a newer, faster, more scalable, and more secure private cloud, LuxSci has been hard at work adding new features and extending existing services in the directions most requested by our customers.  Here are some of the highlights.

Read the rest of this post »

What is the least expensive way I can get my company HIPAA Certified?

Thursday, April 14th, 2016

A common question posed to Ask Erik involves how small organizations can get “HIPAA certified” quickly and with minimal expense.  These questions stem from desperation (people know that they are not compliant), fear (people know that non-compliance is extremely risky in terms of potential fines and bad publicity, not to mention risk to their customers/patients), lack of an understanding of HIPAA (they do not really know what getting “HIPAA certified” means), and lack of resources (time and money are both scarce).  Organizations in this situation know that they need to take steps for compliance ASAP, but they may not know what those steps are and really want to allocate the minimum possible time or money towards them.

What does getting “HIPAA Certified” mean?

The first hurdle is that there is no official, government-sanctioned HIPAA certification program.  So, there is no way to be officially “HIPAA certified” and thus be “all set.”  What you really must do is strive to be HIPAA-compliant in all aspects of your business that deal with Protected Health Information (PHI) and strive to keep up with your changing organization and the changing compliance landscape over time.

So how can I be HIPAA-compliant?

This is an ongoing process, but here are some steps to get started:

Read the rest of this post »

Adding HIPAA-Compliance to your Web Forms in 10 minutes

Tuesday, April 21st, 2015

Forms are pervasive on web sites; the number of forms associated with medical web sites is growing exponentially as everyone is scrambling towards the goal of a paperless office, seeking to optimize time spent processing applications and managing patient data, speeding up the process of making appointments and getting referrals, meeting meaningful use, etc.

Web forms used in the medical industry generally have to be HIPAA-compliant, however, as they almost always involve the input and transfer of ePHI in one way or another.  That presents a problem as the requirements for a HIPAA-compliant web site are complex and take knowledgeable and experienced developers to implement and take extra time and money to get right — and you really have to get things right where HIPAA is concerned.

So, this is where most people are:

  1. They have a web site, which itself is likely not HIPAA compliant yet
  2. The have some web forms already … or maybe have some forms that they want to put up
  3. These forms will collect ePHI
  4. They need to set this up and have it be HIPAA compliant and don’t want to spend a lot of money or time getting it going.

What they need is “HIPAA Form Processing“. 

Read the rest of this post »

Is a FAX document HIPAA-Secure?

Wednesday, January 28th, 2015

Many organizations, especially in the healthcare industry, have an urgent need to send important and sensitive information, like protected health information (what constitutes PHI?), to organizations via FAX (facsimile).

Why?  Because this is how it has always been done, and everyone is “set up” to be able to handle FAXes quickly and efficiently.

However, with HIPAA security regulations ever-present, our clients are concerned that their use of FAX is compliant, similar to making sure that their email and web sites meet HIPAA security standards.

Update – for electronic FAXing options, see: HIPAA Faxing: How to Send and Receive FAXes in a Secure and Compliant Way.

Beyond compliance issues, a FAX is not really useful — you essentially get a printout or an image and not an electronic document that can be efficiently used.  This is not good for productivity or for meeting other standards.

Can data sent via FAX be “secure enough” for HIPAA?

Read the rest of this post »

Private Labeling SecureForm

Monday, February 10th, 2014

LuxSci’s SecureForm service enables you to quickly make your web site or PDF forms secure and HIPAA compliant. Receive the form data, including uploaded files, via secure email or download the data securely from LuxSci’s web interface.  It also supports insecure form posts and delivery, making the usual form-to-email process easy to setup and protected from form Spam.

Typically, when using SecureForm, your web or PDF form will post to a secure web site address (URL) that is provided by LuxSci in the LuxSci.com domain name.  I.e. something like “https://secureform.luxsci.com/…”.  Once the form data is processed, the end user is redirected to a success or failure web page on your site (for web forms), or is shown a success or failure PDF that you provide (for PDF forms).  I.e. under most conditions, the end user will never see the domain name to which the form is posted.

For resellers or businesses who wish to use their own web site address in their forms so as to brand the secure form posts and hide the fact that LuxSci is the back end, perhaps something like “https://forms.yourdomain.com/…”, LuxSci has an easy solution: Private Labeling.

Read the rest of this post »

HIPAA Alert: Contacts, Calendar Events and Tasks may contain ePHI!

Monday, February 3rd, 2014

When health care organizations review their operations to see where electronic protected health information (ePHI) is being saved, transmitted, and viewed, a great deal of time is spent on the obvious candidates: email, chat, stored files, and health records, etc.

Many overlook the fact that ePHI can be embedded in Contacts, Calendars, and Tasks.  Consider for example:

Read the rest of this post »

Gmail and Google Apps: Not Really HIPAA Compliant Email

Wednesday, July 24th, 2013

We are frequently approached by customers in need of HIPAA compliant email who are currently using Gmail or Google Apps, or who have users that are familiar with and like these services.   They would, of course, like to add HIPAA compliance without changing any of their business processes or habits.

For example, some customers may want to setup HIPAA compliant email with LuxSci and have those secure messages forwarded to Gmail, where they can access them in their “usual way”.  In general, this is a bad idea — this will almost always be non-compliant and leave them at significant risk for breaches, disclosure, and HIPAA liability.

No one who must abide by HIPAA should be accessing ePHI though Gmail or Google Apps.

Revision Note: This is not strictly true anymore (as of September, 2013)  as Google Apps now can afford customers some level of HIPAA compliance.  We have a new post on this topic that is more relevant than this older one.  See: Google Apps HIPAA Compliance Gotchas: Email encryption not included and higher price.

The remainder of this blog post is still has some relevance, so read it in the context that it was written before Google started offering Business Associate Agreements to paid Google Apps accounts.

 

Read the rest of this post »

HIPAA Compliant Calendars, Contacts and Reminders – Tasks for your iPhone and Android

Wednesday, April 3rd, 2013

While use of mobile devices and tablets in medical situations is pervasive; HIPAA compliant synchronization and storage of such information is often seriously lacking.  Everyone knows email can contain ePHI, but calendar appointments, address books, and task lists can and do contain just as much ePHI and their secure use must be strictly enforced.

LuxSci’s WebAide collaboration tools, combined with MobileSync for real-time synchronization with mobile phone and tablets (and Outlook 2013), provide a simple and effective HIPAA compliant solution for synchronized mobile accessible calendars, contacts and reminders or tasks (oh ya, and email).

Read the rest of this post »

LuxSci HIPAA Services a Perfect Fit for Home Health Care Agencies

Monday, August 27th, 2012

LuxSci’s HIPAA-compliant email services (see overview video) are a big hit in many different sectors, from legal, to accounting, to the myriad facets of the health care industry.  Why? Because it ensures security and compliance, enables privacy, is easy to use, and integrates well with traditional work flows.

As a case in point, we see that many “Home Health Care” companies find the breadth of our services a particularly good fit for them — enabling them to communicate quickly, efficiently, and securely while everyone is on the go.

Read the rest of this post »

Manage HIPAA-Compliant and non-Compliant Domains with One Account!

Friday, April 22nd, 2011

LuxSci has introduced a number of per-domain security features that allow us to offer accounts that contain both HIPAA-complaint domains and non-compliant domains.

Previously, customers could order such a combination of domains, but they were segregated into completely separate accounts.  These new security features benefit our customers because:

Read the rest of this post »