" secure Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘secure’

SMTP TLS: All About Secure Email Delivery over TLS

Monday, October 2nd, 2017

TLS stands for “Transport Layer Security” and is the successor of “SSL” (Secure Socket Layer). TLS is one of the standard ways that computers on the Internet transmit information over an encrypted channel. In general, when one computer connects to another computer and uses TLS, the following happens:

  1. Computer A connects to Computer B (no security)
  2. Computer B says “Hello” (no security)
  3. Computer A says “Lets talk securely over TLS” (no security)
  4. Computer A and B agree on how to do this (secure)
  5. The rest of the conversation is encrypted (secure)

In particular:

  • The meat of the conversation is encrypted
  • Computer A can verify the identity of Computer B (by examining its SSL certificate, which is required for this dialog)
  • The conversation cannot be eavesdropped upon (without Computer A knowing)
  • The conversation cannot be modified by a third party
  • Other information cannot be injected into the conversation by third parties.

Basic email security starts with SMTP TLS

TLS (and SSL) is used for many different reasons on the Internet and helps make the Internet a more secure place, when used. One of the popular uses of TLS is with SMTP for transmitting email messages between servers in a secure manner.  See also:

Read the rest of this post »

Is FAXing really HIPAA Compliant?

Tuesday, September 12th, 2017

Many organizations, especially in the healthcare industry, have an urgent need to send important and sensitive information, like protected health information (what constitutes PHI?), to organizations via FAX (facsimile).

Why?  Because this is how it has always been done, and everyone is “set up” to be able to handle FAXes quickly and efficiently.

Go back in time 10-15 years.  Every doctor’s office and small business had one or more FAX machines for sending documents and pictures back and forth.  It was essential technology that became ingrained into business processes through constant, repetitive use.  Everyone knows how to use a FAX machine, even the most technologically challenged staff member.

IS a FAX really HIPAA compliant?

Fast forward to now:

  1. Fax Machines have changed.  They are now all-in-one devices that scan, print, copy, send files to your computer, and more.  The “FAX” ability is now just a minor extra feature.
  2. HIPAA has arrived and evolved.  It used to be that sending patient (ePHI) data via FAX was the norm.  Now, it is perilous to send such private data over regular FAX lines, as it is easy for that process to break down and violate HIPAA.  E.g. see this $2.5 million dollar law suite resulting from 1 fax message.
  3. Everyone has a computer or tablet. Most doctors and staff members have access to email, a HIPAA-secured computer or tablet, and familiarity with how to use them … and have been trained on best practices via the required HIPAA security training that everyone has to have now-a-days.
  4. Paperless offices. Workplaces have or are evolving to become paperless — everything is stored electronically.  Regular FAXes are often disdained in favor or email; when regular FAXes do arrive, they are often scanned to electronic files and then destroyed.
  5. Low resolution. Faxes are low-resolution.  They are slow and they do not contain a great amount of detail.  They are not great for sending anything graphical.

Read the rest of this post »

Is email message transport over MAPI or HTTPS secure?

Tuesday, September 5th, 2017

Our latest “Ask Erik” question involves understanding what email headers save about secure message transport … especially when they list MAPI or HTTPS instead of TLS.

Read the rest of this post »

HIPAA-compliant Dropbox: Secure File Sharing at LuxSci

Wednesday, July 13th, 2016

Want to set up a public dropbox for sharing sensitive files but still remain HIPAA-compliant?  This is now a snap for anyone with a HIPAA-compliant LuxSci account.

LuxSci has long provided online cloud-based secure file storage and sharing via its Documents WebAide service, which is included with all accounts as part of our suite of collaboration tools (calendars, tasks, address books, files, notes, links, password libraries, and user groups).  Now, in addition to being able to share files internally with other users, groups, and accounts, LuxSci customers can securely share files with anyone on the Internet.

How to Share

There are many ways to access the dialog box used for sharing WebAides with others.  Here is one:

Read the rest of this post »

Receive & Collaborate on Secure Form posts via Secure Chat

Tuesday, July 7th, 2015

LuxSci is proud to announce the integration of SecureForm and SecureChat.   SecureForm allows you to securely capture and process post from your web site and PDF forms.  SecureChat provides secure real-time communication and collaboration between people on mobile and desktop devices.  E.g. a secure replacement for texting that incorporates collaboration, archival, and compliance.

Now, SecureForm users can have their form post data sent securely to anyone’s SecureChat account (in addition to having the option of sending data to MySQL databases, secure email, secure FTP, and secure online file storage):

Read the rest of this post »

Does my online form have to be HIPAA Compliant if it doesn’t ask for medical information?

Monday, September 29th, 2014

HIPAA FormsFor folks in the medical field, there is often a lot of uncertainty regarding which kinds of web forms need HIPAA compliance and which ones do not.  We often have customers asking if this or that form really needs to be secure or not.

The short answer is that you should probably just make ALL of your forms secure, like like it is best to make all pages of your web site secure, no matter what is on the page.  This instills more trust in your web visitors and as a result results in more business.  It doesn’t take much work to secure your forms, so you might as well just do it for all of them in a clear and consistent way.  Your user’s data will be protected, and they will know that you are looking to make the best choices for them, even in cases where it might not strictly be necessary.  This is a good thing.

Back to the original question….

If you are a medical office, do some forms not need to be secure and HIPAA compliant, depending on what is collected?

Note: the following is suggested advice from LuxSci based on our understanding of HIPAA; however, this should not be taken as legal advice.  We advise you to consult your lawyer for accurate legal advice pertaining to your particular situation.

HIPAA requires that all electronic Protected Health Information (ePHI) be secured to protect the privacy of the individuals identified in the ePHI.  So, as long as either (a) HIPAA does not apply to you, or (b) your form does not collect ePHI, then you do not have to secure the web form.

Let’s look at each of the two criteria so that you can tell if either one may apply to you or your form.

Read the rest of this post »

10 Steps to make your email more secure

Monday, August 11th, 2014

Your email is the doorway into your life.  For most people, it interfaces with almost everything that you do.  Even the passwords to the myriad of web sites that you use for everything from meet ups to banking can often be reset via access to your email.  The integrity, privacy, and security of email is high on the minds of everyone these days, even folks who historically had little or no insight into how anything works, technically, and didn’t really want to know.  Everyone is wary.

There is good reason for this as data breaches and password theft is happening every day, is in pop culture (last comic standing), in the news left and right … such as the purported case of 1.2 billion passwords being stolen recently.

What steps can you take to bolster the security of your email?

Read the rest of this post »

Free Web Form Building and Secure Hosting

Friday, March 28th, 2014

Form BuilderLuxSci SecureForm now includes “Form Builder,” a visual web form builder with fast, redundant, secure hosting.

  • Don’t have the tools to create your own web forms?
  • Don’t have a secure place to host your web forms?
  • Want form field validation and/or Ink Signatures, but don’t have the time or expertise to set that up yourself?
  • Do your forms need to be HIPAA compliant and/or secure?

LuxSci SecureForm Builder may perfect for you.

Read the rest of this post »

SecureForm: Give your customers access to their form submissions

Wednesday, March 19th, 2014

Many times when a customer fills out a form on your website, they want a copy for their own records. Providing this copy of the submitted data often takes manual effort on your behalf to search your Inbox, WebAides Documents, or database, extract the appropriate file, and email the file as an attachment back to the individual who filled it out.

Of course, this presumes that the submittee entered their email address accurately, and that you send the form back to their correct address. When sending a copy via this method, sensitive information such as medical data that needs to be HIPAA compliant could possibly be sent to the wrong person or insecurely, resulting in a possible breach and violation!

With LuxSci SecureForm it is easy to securely provide the person submitting the form a copy, automatically and immediately after they submit your form.

Read the rest of this post »

Case Study: LuxSci SecureForm and Ink Signatures Eliminate Downloading, Printing, Signing, and Faxing of Contracts

Friday, January 31st, 2014

For legal reasons, LuxSci’s HIPAA customers are required to physically sign a “Business Associate Agreement” and return it to us.  While this is a simple and commonplace request, it creates a lot of busy work on the part of the customer and LuxSci!

The customer might have to

  1. Download the file
  2. Print out the 19 pages
  3. Sign the agreement
  4. Fax back all pages, or scan it and return electronically

Then, LuxSci might have to

  1. Locate the document
  2. Sort out faxes that are in the wrong order, upside down, blank, or missing pages
  3. Figure out who sent the document
  4. Verify that pages are not missing or changed
  5. Counter-sign the document and attach them to the customer account
  6. Contact customers who have not sent in their documents properly or at all which is crucial to the HIPAA certification process

Multiplied by lots of customers, this creates a lot of unproductive busy work for everyone — and this time costs money.

To simplify this process, LuxSci use its own SecureForm and Ink Signatures technologies to make submission of signed contracts a snap for customers, as well as to eliminate most of the busy work LuxSci itself has to do to manage the process.

In this post, we describe how both technologies work.

Read the rest of this post »