" hipaa Archives - Page 16 of 22 - LuxSci

Posts Tagged ‘hipaa’

Press Release: How To Text and Remain HIPAA-compliant

Tuesday, March 15th, 2016

WESTWOOD, MA, March 15, 2016 — LuxSci® announces the recent launch of SecureText, a unique solution to concerns about HIPAA-compliant text messaging, and an important step to safeguard and secure electronic patient health information (ePHI).

Communicating through text message is a convenience to which we have grown rapidly accustomed. However, sending unsecured texts places healthcare providers and patients at risk in several ways: (1) ePHI-laden messages are not always encrypted during transmission or storage; (2) anyone with access to a recipient’s phone or stored messages can view ePHI-laden messages; (3) and some ePHI-laden text messages travel through organizations which lack required HIPAA Business Associate Agreements. Additionally, since healthcare providers are required to obtain and maintain consent from patients for texting – providers must ensure that patients are adequately educated on the risks associated with sending ePHI via text and presented with secure alternatives to insecure texting.

Read the rest of this post »

Tags: ePHI, hipaa, press release, securetext, text message
Posted in LuxSci Insider, LuxSci Library: HIPAA
No comments »

To Text or Not To Text: Texting under HIPAA

Monday, February 29th, 2016

Sending text messages under HIPAA

Sometimes, technology just sneaks up on you. Patients want to speak with you – stat – about lab results or to schedule, be reminded of, and confirm an appointment without an interminable wait in the phone queue. Patients want text messaging — which has quickly become the new normal for everyday communication — to be used routinely for their healthcare needs, as well. You hesitate, concerned not only about the appropriateness of text messaging, but the legal ramifications. These are legitimate concerns.

HIPAA unambiguously states that sending health information in a text message is a straight up violation, unless it is to a patient and a proper consent form has been signed (as discussed below). This provision applies to messages as simple as appointment reminders. If you engage in such a practice and do not document context, consideration, and patient consent, you will be in willful neglect and quite possibly assessed up to $50,000 for each text message.

Why is text messaging such a hot-button issue to HIPAA enforcers? Under what conditions can health information be sent by way of regular text messages? The good news is that you can secure text messages rather simply and not jeopardize your patients’ privacy or your healthcare practice. Please read on.

Read the rest of this post »

Tags: common carrier, consent, hipaa, hipaa-compliant text, imessage, secure text, securechat, securetext, text messaging
Posted in LuxSci Library: HIPAA, Popular Posts
No comments »

Next Generation Data Loss Prevention (DLP) with LuxSci Secure Email

Tuesday, September 29th, 2015

Data Loss Prevention (DLP) describes a plan for companies to control the sending of sensitive data.  E.g. this can include controls to stop the flow of sensitive data or to ensure that sensitive data is always well-encrypted (for compliance) when sent.

In the context of email, DLP is usually achieved through the following formula:

  1. Construct a list of words, phrases, or patterns that, if they are present in an email, signify an email message that may contain sensitive information.
  2. Have all outbound email scanned for these words, phrases, or patterns
  3. For messages that match, take action:
    1. Block: Refuse to send the message, or
    2. Encrypt: Ensure that the message is encrypted
    3. Audit: (and maybe send a copy of the message to an “auditor”)

This classic DLP system is available through many email providers and has been available at LuxSci for many years as well. However, it does have a glaring limitation — no matter how complete and complex your DLP pattern list is, it is almost certain that some messages containing sensitive information will not quite match (or the information will be embedded in attachments that can’t be searched properly).  If they do not match, then they will escape in a way that may be considered a breach.

Read the rest of this post »

Tags: data loss prevention, dlp, encrypt, escrow, hipaa, pgp, s/mime, tls
Posted in LuxSci Library: HIPAA, LuxSci Library: Security and Privacy
No comments »

Are you Minimizing your Risk by using the Next Generation of Opt In Email Encryption?

Friday, September 11th, 2015

We have long held that leaving it to each sender/employee to properly enable encryption for each sensitive message (a.k.a “Opt In Encryption”) is too risky.  Why? Any mistake or oversight immediately equals a breach and liability.

Instead, LuxSci has always promoted use of “Opt Out Encryption,” in which the account default is to encrypt everything unless the sender specifically indicates that the message is not sensitive.  The risk with Opt Out Encryption is very much smaller than with Opt In.  (See Opt-In Email Encryption is too Risky for HIPAA Compliance).

The problem is: many companies use Opt In Encryption because it is convenient when sending messages without sensitive information — you just send these messages “as usual,”  without forethought.  These companies are trading large risks in return for conveniences.

LuxSci has solved the “Opt In vs. Opt Out” conundrum with its SecureLine Email Encryption Service.  You could say that SecureLine enables the “Next Generation” of Opt In Email Encryption — combining both usability and security.

Read the rest of this post »

Tags: breach, compliance, email encryption, glba, hipaa, opt in, opt out, pgp, s/mime, secureline, tls, TLS-Only
Posted in LuxSci Library: HIPAA, LuxSci Library: Security and Privacy
No comments »

7 Ways You Could be Unknowingly Violating HIPAA

Friday, August 14th, 2015

Non-compliance with HIPAA can easily lead to unintended breaches where data is exposed to unauthorized parties. This can be very expensive! Violating HIPAA can cost anywhere from $100 to $50,000 per violation (or per data record).

You don’t want to be caught in a situation where inaction, neglect, or lack of knowledge can result in violating HIPAA. Many small and large organizations are often unknowingly using systems in a way that is either already in breach or which results in frequent sporadic breaches.

Check your organization!

If any of the following scenarios apply to you, it is worth bringing them up the person responsible for compliance (your HIPAA Security Officer) to include in your mandatory yearly Risk Analysis.  Is the risk of breach worth continuing with “business as usual?”

Talk To LuxSci’s HIPAA-compliance Experts

 

Read the rest of this post »

Tags: asymmetric key encryption, encryption, ePHI, hipaa, hipaa compliance, web forms
Posted in LuxSci Library: HIPAA
No comments »

« Older Entries
Newer Entries »