" phi Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more
LUXSCI

Posts Tagged ‘phi’

What is HIPAA-compliant Email Marketing?

Monday, January 13th, 2020

Why does your organization need HIPAA-compliant email marketing? It’s simple. Businesses in the healthcare field (and those that process their data) have many of the same needs as other companies. They need to be able to get their messages out, so that they can help more people and drum up more business.

Whether it’s HIPAA-compliant bulk email or emails that are specific to the individual, the messages need to be sent in a way that abides by the regulations, both to protect the privacy of patients, and to avoid legal penalties.

When Should You Send HIPAA-compliant Email Marketing?

HIPAA-compliant email marketing is critical whenever your organization could potentially be sending electronic protected health information (ePHI). This is information that is both individually identifiable and relates to someone’s healthcare.

Individually identifiable means information that can be connected with the person. This includes identifiers like their name, address, birth date, email address, social security number and much more. Not only does the definition of ePHI cover people’s past, present and future health condition, but it also includes treatment provisions and billing details.

While anonymous health details or individual identifiers sent by themselves are not covered by the law, when the two are brought together you need to be careful and abide by HIPAA regulations. You will need a HIPAA-compliant email marketing service whenever you send ePHI, and it’s best to err on the safe side even if you think an email may not contain ePHI.

A good example of a borderline case would be a newsletter sent around to all of a clinic’s cancer patients. While the email may contain helpful information, it could also end up breaching the patients’ privacy and HIPAA regulations.

This is because the emails are sent to an address, which is a personal identifier. If the message was only sent out to cancer patients rather than to many different people, then the email could be considered ePHI, since being a recipient of the message would effectively declare that the recipient was a cancer patient.

While this may sound like a stretch, it’s also important to consider that normal email isn’t secure. If a politician or a CEO’s email was intercepted and this information released, it could cause damage to their careers and take some agency away from their lives.

This is just one example of why it’s crucial to err on the safe side and use HIPAA-compliant email marketing for any promotional materials whenever there is even the slightest possibility of sending ePHI.

On the other hand, if you have a HIPAA-compliant email marketing solution that allows for the sending of ePHI in email messages, then you can leverage ePHI to send much more effective messages.  You have a much larger return on your effort. 

HIPAA-compliant Bulk Email Solution

Finding an appropriate service for HIPAA-compliant bulk email marketing can be challenging. Most of the common vendors aren’t HIPAA compliant at all. Others claim compliance, but still require you to not send anything sensitive via email (because they do not actually secure the email messages).  Finding one that can suit your business needs and can also protect the actual email messages is difficult.

Thankfully, LuxSci’s High Volume Secure Email has been designed to cater to both needs. Security and compliance are considered at every step of the way, while still delivering a top-quality product that fits right into your organization’s workflows.

High Volume Transactional Email: Balancing Utility and Marketing

Friday, May 18th, 2018

Your eCommerce customer, Paul, has ordered a special mattress for his bed. He’s put the item into the cart, and paid for it. Now you send a confirmation of purchase email.  But, instead of just a note stating that “we’ve received your payment, and your item has been posted for shipment…” or whatever boilerplate many companies send, you include that message and add photos of three sheets-and-pillowcases products that fit the mattress you just sold him. Paul has his own sheets, but has been thinking about replacing them – now your confirmation email makes him decide to buy them.

All eCommerce companies have to send transactional email, a type of email sent to facilitate an agreed-upon transaction between the sender and the recipient. Common transactional email use cases include doctor appointment reminders, account creation emails, password resets, purchase receipts, account notifications, medical lab results, and social media updates like friend and follower notifications.

What makes transactional email different from ordinary marketing email is that they are sent as part of doing actual business with people – not just chatting with, marketing to, or selling to a customer. In this respect, they are also different from so-called “triggered” emails which may be generated by a number of customer actions – not just transactions.

Transactional email are effective for marketing

Transactional emails are opened eight times more than traditional marketing messages, according to a study by EPSILON.  So it only makes sense to adapt your transactional email for marketing, to take advantage of this unparalleled opportunity to reach your customer with a personalized offer.

Read the rest of this post »

The HIPAA Breach Notification Rule: What it Really Means to Providers and Insurers

Friday, September 15th, 2017

For many providers and insurers, the Breach Notification Rule is still a puzzle waiting for a solution. Partly, this is due to the fact that the rule is complex in itself, and requires attention to every detail. As a matter of fact, we cannot expect to be at our best when someone has stolen our sensitive information.

Do you understand the HIPAA breach notification rule?

To address this problem in the wake of rising health data breaches, we have compiled an easy-to-understand guide to the Breach Notification Rule. Let’s begin the journey with a quick overview of the Breach Notification Rule and its purpose.

Read the rest of this post »

A Complete Guide To HIPAA Law: How It Keeps Your Privacy Protected

Wednesday, September 13th, 2017

HIPAA law was made to protect your health data. But increasing data breaches often raise questions. Learn what HIPAA regulations mean to your privacy.

HIPAA stands for Health Insurance Portability and Accountability Act. Back in 1996, the ever-charming president Bill Clinton signed the papers to enact HIPAA law. The law aims to protect patient’s right to privacy through a secured electronic transmission and storage of health data.

It won’t be an exaggeration if we say the HIPAA regulations came into existence at the right time. In fact, this was the same time patient information began to take a leap from papers to computers.

HIPAA Law protects patient privacy

Before we dig deeper to reveal the current status of HIPAA law, it is of paramount importance that we first learn what it means. After reading this article, you will have insight of HIPAA law, related rules, and what you can do to keep your data safe.

Read the rest of this post »

Is FAXing really HIPAA Compliant?

Tuesday, September 12th, 2017

Many organizations, especially in the healthcare industry, have an urgent need to send important and sensitive information, like protected health information (what constitutes PHI?), to organizations via FAX (facsimile).

Why?  Because this is how it has always been done, and everyone is “set up” to be able to handle FAXes quickly and efficiently.

Go back in time 10-15 years.  Every doctor’s office and small business had one or more FAX machines for sending documents and pictures back and forth.  It was essential technology that became ingrained into business processes through constant, repetitive use.  Everyone knows how to use a FAX machine, even the most technologically challenged staff member.

IS a FAX really HIPAA compliant?

Fast forward to now:

  1. Fax Machines have changed.  They are now all-in-one devices that scan, print, copy, send files to your computer, and more.  The “FAX” ability is now just a minor extra feature.
  2. HIPAA has arrived and evolved.  It used to be that sending patient (ePHI) data via FAX was the norm.  Now, it is perilous to send such private data over regular FAX lines, as it is easy for that process to break down and violate HIPAA.  E.g. see this $2.5 million dollar law suite resulting from 1 fax message.
  3. Everyone has a computer or tablet. Most doctors and staff members have access to email, a HIPAA-secured computer or tablet, and familiarity with how to use them … and have been trained on best practices via the required HIPAA security training that everyone has to have now-a-days.
  4. Paperless offices. Workplaces have or are evolving to become paperless — everything is stored electronically.  Regular FAXes are often disdained in favor or email; when regular FAXes do arrive, they are often scanned to electronic files and then destroyed.
  5. Low resolution. Faxes are low-resolution.  They are slow and they do not contain a great amount of detail.  They are not great for sending anything graphical.

Read the rest of this post »

LUXSCI