" privacy Archives - LuxSci

Posts Tagged ‘privacy’

Does Sending Email Using BCC Make It HIPAA Compliant?

Tuesday, July 13th, 2021

People have asked us if sending an email to someone via BCC (Blind Carbon Copy) is HIPAA-compliant. Take for example, a doctor’s office sending a newsletter to its patients via BCC. When the patients receive a message sent via BCC, they cannot see who else received it. Some may think that because the recipients are hidden, then this email does not contain any individually identifiable information. They assume that this means that the messages do not contain any “electronic protected health information” (ePHI) that is subject to HIPAA regulations.

However, BCC is actually not good enough to protect ePHI.

email bcc hipaa

Read the rest of this post »

6 Essentials For Privacy and Security in Telehealth

Thursday, September 21st, 2017

HIPAA covers Telehealth but does this make it safe? Learn the measures that ensure patient safety and privacy while using a virtual doctor visit program. 

The rise of telehealth in healthcare has transformed patient-doctor interaction. Nonetheless, the privacy and security of protected health information (PHI) still remain a big question. These concerns make sense because a new technology, usually, comes with new challenges.

Luckily, every problem comes with a solution. Thus, making a few smart choices can work wonders to keep the patient data protected.

Read the rest of this post »

If my web site is very simple, do I have to worry about HIPAA compliance?

Friday, March 24th, 2017

We received this questions via Ask Erik from a Physicians’ Association:

“Our company website does not contain any patient information. As a healthcare group, do we need to worry about HIPAA compliance for our site? It contains forms, news and some company polices and procedures but no patient information whatsoever. Thank you.”

Thank you for your question! Here, we delve into how you can answer this for your site.

 

When does a web site need HIPAA compliance

Read the rest of this post »

Are you encouraging insecurity via your web site forms?

Friday, April 15th, 2016

Many web sites have “contact us” pages and include web forms for receiving requests from existing or potential customers. This includes “new patient intake” forms on the web sites of healthcare providers. However, if your aren’t using a secure form solution your web forms may suffer from several serious problems:

  • Spam – Getting unwanted form submissions from bots.
  • Privacy – Often, sensitive data is submitted insecurely through these forms.
  • Archival – You may need an archived record and backup of all submissions.
  • Notices – You may need to be alerted of form submissions, even if you are not online.

Proactive privacy vs. neglect of privacy

When your web forms transmit data insecurely, store or send data insecurely, or otherwise to do not treat the data submitted with the level protection that it deserves, you are putting the users of your forms at risk.

The typical argument is that “it is up to the user of the forms to decide if they want to submit sensitive information.” In fact, many insecure forms even have disclaimers requesting people to not submit sensitive information if they have concerns … and then the forms go on to ask lots of sensitive questions. Especially without a disclaimer, but even with one, the form is actively soliciting people to submit their information insecurely and requesting them to take risks with their private data. This is not good.

In areas such as healthcare, where these forms are often collecting sensitive health data (protected health information – PHI), the fact that an organization solicits the submission of PHI through insecure, non-HIPAA-compliant means is far from a “best practice.” Why does this happen?

  1. Securing forms is trivial and inexpensive. As the bar is so low to collecting data in a compliant way, it could be considered neglectful to not bother with security and privacy and continue to solicit data insecurely.
  2. People can insecurely send you their own, personal PHI any time … when it is done of their own accord. However, when you provide them with a recommended communication channel, and when that channel is not secure, you need to get informed consent from them before you accept the data through that channel. Informed consent means:
    1. Training them in the risks involved.
    2. Getting their explicit sign off indicating their acceptance of these risks.
    3. Capturing and saving those signed consent forms.

Getting signed consent must be properly done and it imposes a barrier in front of your forms. There is really no reason to go though all of the work to setup informed consent when it is much simpler to just secure the forms themselves.

You can block form spam, ensure content security and privacy, archive form submissions, and even get text message notices of new submissions to your phone using LuxSci SecureForm. And it takes only a couple of minutes to integrate a secure form into any existing web site at any web hosting provider.

How does SecureForm Integrate with a Web Site Form?

SecureForm is very easy to set up and integrate. You configure SecureForm account with what you want to happen to your form data. Then you change one line of your web form (where the form posts go) and copy and paste a line of JavaScript into that page. Setup takes about 5 minutes.

How Does SecureForm deal with Spam, Encryption, Archival, and Notices?

SecureForm blocks web robot spam by determining if a real person is connecting to your form and blocking submissions from anything that is not.  Your users do not have to enter any security codes or image (Captcha) codes — the system simply checks that they are using a modern web browser with cookies enabled and JavaScript working. Most web bots do not support one or both of these standard technologies; all modern browsers do.

SecureForm enables privacy and security by allowing you to ensure that the form data is encrypted from the end user all the way to your email inbox. It enables automatic use of secure email delivery, secure FTP uploads, secure online document storage, and more. You can use any or all of these data capture methods.

SecureForm enables archival by allowing you to save copies of all form posts in an online document storage area, by uploading copies to your own FTP site, and/or by saving copies in a database that you can access as needed.

SecureForm enables notices by allowing you to have text messages sent to up to 5 different mobile devices when each form post is submitted. This is in addition to the form data being emailed to where it needs to go. You and you staff can be informed in real time of new posts, no matter where you are.

LuxSci SecureForm is the swiss army knife of web and PDF form processing tools, integrating quickly with any existing web sites and providing form security even if your web site is not already secured with TLS.

Dangers of Private Domain Registrations and WHOIS Masking

Wednesday, January 22nd, 2014

Any time you register a domain name, you are required to provide valid contact information for the owner of the domain.  This information is published and made publically available in the “WHOIS” database.  Anyone can look there to see who owns the domain and to contact the domain owner if necessary.

Private Domain Registration, or WHOIS Masking, or contact privacy, is a service offered by some domain registrars where they will either (a) not publish the domain owner’s contact details, or will (b) publish “masked” details — i.e. details that point to anonymous names and addresses at the registrar.

Read the rest of this post »

LUXSCI