There are many ways to protect ePHI in email. HIPAA is technology-neutral and doesn’t make specific recommendations for how to protect email communications. This article explains the difference between a HIPAA-compliant email host and an email encryption gateway. These are just two of the options for securing email accounts.
Read the rest of this post »
If you are having problems with message delivery, one of the first troubleshooting steps is to view the email headers. You can do this by viewing the message source. We will explain the basics, then teach you how to view headers in email for the most popular clients. These include Gmail, Apple Mail, Yahoo! Mail, Thunderbird, and Outlook.
Read the rest of this post »
SSL and TLS play critical roles in securing data transmission over the internet, and AES-256 is integral in their most secure configurations. The original standard was known as Secure Sockets Layer (SSL). Although it was replaced by Transport Layer Security (TLS), many in the industry still refer to TLS by its predecessor’s acronym. While TLS can be relied on for securing information at a high level—such as US Government TOP SECRET data—improper or outdated implementations of the standard may not provide much security.
Variations in which cipher is used in TLS impact how secure TLS ultimately is. Some ciphers are fast but insecure, while others are slower, require a greater amount of computational resources, and can provide a higher degree of security. Weaker ciphers—such as the early export-grade ciphers—still exist, but they should no longer be used.
The Advanced Encryption Standard (AES) is an encryption specification that succeeded the Data Encryption Standard (DES). AES was standardized in 2001 after a five-year review and is currently one of the most popular algorithms used in symmetric-key cryptography. It is often seen as the gold standard symmetric-key encryption technique, with many security-conscious organizations requiring employees to use AES-256 for all communications. It is also used prominently in TLS.
Read the rest of this post »
While use of mobile devices and tablets in medical situations is pervasive; HIPAA compliant synchronization and storage of such information is often seriously lacking. Everyone knows email can contain ePHI, but calendar appointments, address books, and task lists can and do contain just as much ePHI and their secure use must be strictly enforced.
LuxSci’s WebAide collaboration tools, combined with MobileSync for real-time synchronization with mobile phone and tablets (and Outlook 2013), provide a simple and effective HIPAA compliant solution for synchronized mobile accessible calendars, contacts and reminders or tasks (oh ya, and email).
Read the rest of this post »
A few weeks ago, we introduced the option for users in security-enabled accounts (such as users subject to HIPAA compliance requirements) to determine for themselves which messages need to be encrypted and which do not. See: HIPAA Compliant Email – You Decide Which Messages Need Encryption
The “SecureLine Opt Out” feature was then only available to users of our web-based email interface. Now, the “SecureLine Opt Out” feature is also available to:
