Posts Tagged ‘pgp’
Tuesday, February 22nd, 2022
In this article, we discuss what types of email encryption are sufficient to comply with government regulations. TLS encryption is a good option for many organizations dealing with sensitive data and legal requirements. However, TLS does not protect data at rest. Each organization must undertake their own risk assessment to determine which encryption methods are suitable to fulfill legal requirements.
Read the rest of this post »
Tags: California Senate Bill 1386, email encryption, encryption at rest, ePHI, Federal Rules for Civil Procedure, finra, frcp, glba, Gramm-Leach-Bliley Act, hipaa, nasd 3010, nist, pci dss, pgp, s/mime, Sarbanes-Oxley Act, sb 1386, sec 17a-4, smtp, tls
Posted in LuxSci Library: HIPAA, LuxSci Library: Security and Privacy
No comments »
Tuesday, October 26th, 2021
Creating a website with “secure” components requires more than slapping together some web pages and adding an SSL Certificate. All a certificate does is create a thin veneer of security. It does not go very far to protect whatever sensitive data necessitated security in the first place. Naive attempts at security can ultimately make the data less secure and more likely to be compromised by creating an appetizing target for the unscrupulous.
So, what do you do beyond paying big bucks to hire a developer with significant security expertise? Start with this article. Its purpose is to shed light on many of the most significant factors in creating secure websites and forms and what you can do to address them. At a minimum, reading this article will help you intelligently discuss your website security with the developers you ultimately hire.
Read the rest of this post »
Tags: cross site scripting, eavesdropping, https, man-in-the-middle, pgp, phishing, s/mime, secureform, ssl, ssl certificate, trust, web site security
Posted in AAA Featured Articles, LuxSci Library: Security and Privacy, LuxSci Library: Web Design and Programming, Popular Posts, Secure Form
No comments »
Tuesday, March 23rd, 2021
It is not easy to create a HIPAA-compliant web site and webmasters often ask us for clarification on best practices when it comes to HIPAA compliance.
We have previously discussed what makes a web page secure and also what makes a web site HIPAA-compliant, but it seems that an explainer on what you should and should not do with web sites in shared and dedicated environments would be useful to many.
Read the rest of this post »
Tags: dedicated server, ePHI, hipaa, hipaa compliance, pgp, s/mime, shared server, unauthorized access, web site
Posted in Business Solutions, Dedicated & Cloud Servers, LuxSci Library: HIPAA, LuxSci Library: Security and Privacy
No comments »
Tuesday, March 2nd, 2021
Telehealth is the new standard thanks to the Covid-19 pandemic. Many medical providers are finding that telehealth is a safer option during the pandemic, and it can also help increase patient access to healthcare and improve outcomes. Along with video appointments, the virtual medicine push includes making protected health information available to patients via a website and collecting similar private information from patients or would-be patients online.
However, where the health information of an identifiable individual is involved, the Health Insurance Portability and Accountability Act (HIPAA) is the official compliance document. The Omnibus rule requires all websites, old and new, to be appropriately designed, or their owners can face potential financial liability into the millions of dollars.
So, what do these requirements mean, and how can HIPAA be followed in the context of a website?
Read the rest of this post »
Tags: backup, disposal, electronic prescription, encrypted, escrow, form, Health Insurance Portability and Accountability Act, hipaa, hipaa-secure, patient, pgp, privacy agreement, protected health information, s/mime, secure ftp, secureline, ssl, web form, web site
Posted in Business Solutions, LuxSci Library: HIPAA, Popular Posts, Secure Form
2 Comments »
Tuesday, December 1st, 2020
SSL and TLS play critical roles in securing data transmission over the internet, and AES-256 is integral in their most secure configurations. The original standard was known as Secure Sockets Layer (SSL). Although it was replaced by Transport Layer Security (TLS), many in the industry still refer to TLS by its predecessor’s acronym. While TLS can be relied on for securing information at a high level—such as US Government TOP SECRET data—improper or outdated implementations of the standard may not provide much security.
Variations in which cipher is used in TLS impact how secure TLS ultimately is. Some ciphers are fast but insecure, while others are slower, require a greater amount of computational resources, and can provide a higher degree of security. Weaker ciphers—such as the early export-grade ciphers—still exist, but they should no longer be used.
The Advanced Encryption Standard (AES) is an encryption specification that succeeded the Data Encryption Standard (DES). AES was standardized in 2001 after a five-year review and is currently one of the most popular algorithms used in symmetric-key cryptography. It is often seen as the gold standard symmetric-key encryption technique, with many security-conscious organizations requiring employees to use AES-256 for all communications. It is also used prominently in TLS.
Read the rest of this post »
Tags: 128-bit rc4, 256-bit AES, aes, apache, beast, chrome, cipher, encryption technique, fips, firefox, gpg, internet explorer, iphone, mail.app, opera, outlook, pgp, rc4, safari, secret, side channel attack, ssl, symmetric encryption, the beast, thunderbird, tls
Posted in LuxSci Library: Security and Privacy, Popular Posts
16 Comments »
