" secure email Archives - Page 4 of 6 - LuxSci

Posts Tagged ‘secure email’

17 Questions To Ask Before Sending A HIPAA-Compliant Marketing Email

Tuesday, April 20th, 2021

You’ve just been told that your email marketing program is putting your company at risk of violating HIPAA. What now? If you want to continuing using email to communicate with patients, you must implement HIPAA-compliant email marketing.

Start by breaking down that goal into two components: becoming HIPAA-compliant and achieving your marketing objectives. Setting up HIPAA-compliant systems and procedures will ensure your patient data is protected. However, you don’t have to let your marketing objectives suffer for the sake of security. Implementing a HIPAA-compliant marketing program can actually help you achieve better marketing results.

Ask yourself these 17 questions to ensure your email marketing plan aligns with your business goals and HIPAA.

Read the rest of this post »

Time-Based Access Control

Tuesday, March 16th, 2021

A new security feature is available for LuxSci WebMail customers. Account administrators now have the option to implement time-based access controls for their users. Administrators can restrict what times of day and what days of the week individual users are permitted to use the LuxSci web interface (for WebMail, administration, or other tasks) to increase security on the platform.

This prevents unauthorized off-hours access by employees and also by potential attackers. In a compliance context, LuxSci customers are able to apply time-of-day access controls on a user-level to further limit the attack surface and keep essential information protected.

How to Enable Time-Based Access

You must be an account administrator to enable time-based access. To edit this setting, go to the user’s account and click on “Settings.” Under “Security,” go to the “General” page and do the following steps:

  • Enable the overall setting “Enable time-based access restrictions to this web interface.”
  • Select the time zone to use for these times.
  • For each day the user will be allowed to login to the Web Interface, enter one or two time ranges in the 24-hour time format “HH:MM-HH:MM.”
    • For example, if the user can use the system between 9am and 5pm, you would enter “09:00-17:00.” Use two time ranges if there are two distinct periods of time during the day that are acceptable.

time based access settings

Additional Security Features

In addition to this feature, we also recommend that LuxSci customers take advantage of our other security controls such as:

What Are Your Goals for Sending HIPAA-Compliant Emails?

Wednesday, October 7th, 2020

…and how Do They Influence Which Provider You Choose?

So, you’ve heard that you need to send HIPAA-compliant emails. Maybe your company is only just starting to send ePHI in its messages. Perhaps it just wants to be extra careful, and limit the potential repercussions if ePHI is accidentally sent in an email. It could have even been skirting HIPAA regulations all along, and has suddenly realized the error of its ways.

Whatever led you up to this point, you are doing the right thing by looking for a HIPAA-compliant email provider. But the regulations and the services that have been developed to abide by them can be complex, so it’s important to do your research and carefully think through your decision.

hipaa compliant email sending

Secure email sending

On top of making sure that a potential service meets your compliance and security needs, you also need to consider the goals of your HIPAA-compliant email sending. Obviously, we can’t tell you what your goals are, but we can give you some suggestions that will help you refine them.

Are You Intending to Send ePHI, or Do You Just Want a HIPAA-Compliant Service to Be Careful?

Some organizations may want to directly email ePHI to their patients, so they need to focus on how they can do this effectively, while keeping both their patients and their businesses safe. For example, a doctor’s clinic may want to offer to send out test results via email.

Due to the high risk of exposing this information, it will probably want to opt-out encryption, rather than opt-in. Measures like this can significantly reduce the chances of accidentally sending out unprotected ePHI.

In contrast, other companies may only want to send ePHI on rare occasions, so they may find opt-in encryption more convenient. The point is that every organization has its own set of requirements, and they need to find a suitable email service for their individual circumstances.

Some will want a service that is tightly locked down to limit their risks, while others May have a high risk tolerance.

Do You Plan on Using It as Your Everyday Email Service, or for High Volume Messaging?

If you just want a HIPAA-compliant email service for everyday use, something like LuxSci’s Secure Email is a great option. Alternatively, if your main goal is to send out emails in bulk, you will need something like our Secure High Volume Sending.

Do You Want to Send Transactional Messages, Marketing Emails, or Both?

As obvious as it seems, marketing emails are messages that are mainly sent out for marketing purposes. These include newsletters and product updates. On the other hand, transactional emails are those that are essential for customer interactions with the company. Many different things qualify as transactional emails, from onboarding messages, to password resets, to receipts, and much more.

Savvy companies don’t just see transactional emails as a bland part of conducting business. Instead, they use them as opportunities to add in a little marketing for their products, services, or simply overall brand awareness.

Before you make your decision on an email platform, you should consider how you want to use the service, and which solutions cater best to those needs.

Do You Have an In-House Graphic Designer, or Do You Need Intuitive & Professional-Looking Templates?

If your company has its own graphic designer, or the budget to outsource it, then it may not need beautiful email templates. Not every organization has those resources on hand, and many just want something that looks good without having to put in a lot of effort. Your company’s current setup and goals will influence whether you look for a HIPAA-compliant email provider that offers these ready-made templates.

Do You Need Analytics that Help You Measure the Effectiveness of Your Campaigns?

If your goal is to have the most effective campaign possible, then you need to measure everything. Of course, this is only possible with a marketing service that has a comprehensive analytics platform. LuxSci’s Secure Marketing solution offers A/B testing, which allows you to compare two different approaches to see which is best.

It also features a range of reports that tell you who opened emails, what they clicked on, the bounce rate, whether messages were marked as spam, and much more. If you need this type of in-depth knowledge in your email campaigns, it will be an important factor in which email service you ultimately end up choosing.

LuxSci’s HIPAA-compliant email services aim to combine the functional features you need for high performance, alongside the security mechanisms required to stay within the regulations. Together, these provide adaptable services for those in the healthcare sector and for other businesses that deal with ePHI.

Email, Calls, Messaging Apps & More: How Can You Secure It All?

Tuesday, February 26th, 2019

In a forgotten time, if an organization wanted to secure their communications, all that they had to worry about was their conversations, postage and landlines. If a business was on the cutting edge of technology, it might use a fax machine as well.

In 2019, things are a lot more complicated. To start with we, now have email, mobile calls, and text messages. Then there are the countless messaging apps like WhatsApp, Facebook Messenger, Telegram, Signal, and Viber.

On top of this, there are online calls like Google Voice, Skype, and others. We can’t forget video calling either, or the fact that many of these services offer several different communication channels.

Landlines and postage haven’t gone away either, so they still have to be secured as well. Some businesses even persist in using fax machines.

The point is that in the modern world, we have a lot more to worry about. With so many different channels, how can an organization possibly secure them all?

While the task may seem like an unending battle against emerging and deprecating technology, the goal of securing all of your business’s communications is not unattainable. All it takes is planning, policy, and enforcement.

 

Analyzing the needs of your organization

Sure, all of these new communication methods have definitely complicated security, but you also have to look at the other side as well. They allow us to do things that we have never been able to do before – we can get results in seconds that may have taken months in earlier days.

There are tremendous advantages to many of these technologies, so there is no point in being a Luddite and staying away from technological developments. As long as potential security risks are addressed, these solutions can be more than worthwhile.

Your organization should be leveraging these technologies to simplify its work processes as much as it can. But it needs to be doing with a security-first mindset.

 

Take stock of your organization’s current communication methods

The first step is to look at the channels that are currently being used. Email is a given, most businesses probably use cell phones and landlines as well. Does your business use messaging apps on top of this? How about VOIP or video call services? Is there a workplace Slack, Facebook or Telegram group?

 

What does your organization really need?

Once you have accounted for each of the channels that are being used, and what they are being used for, you can consider whether or not they are necessary. Does your business really need to use landlines, cell phones and VoIP, or can these be consolidated? Are texting apps important for getting work done quickly, or can you restrict messaging to email in order to simplify your systems?

If you can reduce the number of different communication channels that are used in your workplace without impacting productivity, it will make it much easier to administer them securely.

Does it need to be secured?

Let’s be honest, a lot of information doesn’t need to be secured. While SMS may be insecure, it probably doesn’t matter if all you are using it for is to send certain offers and promotions to your customers (although there may be certain healthcare situations where even something this simple can violate HIPAA).

If you can ensure that a given communication channel won’t be used to transmit sensitive or valuable information, then you may not need to find a secure alternative. Take the human factor into account when you consider this because these mistakes and laziness can end up being incredibly costly for businesses.

 

Look for Secure & Compliant Alternatives

There are a number of different solutions that allow you to message, call or video-call in a secure and compliant manner:

  • Calls – Neither landlines or cell phones offer a safe way to voice call. Any calls that require security should be done over encrypted VoIP connections.
  • SMS – SMS is an insecure protocol, so secure email or messaging apps should be used whenever you are sending sensitive or valuable information. Despite this, a service like SecureText can be used to send SMS messages that alert recipients that there is a secure message waiting for them.
  • Email – Standard email is inherently insecure, but services that use portal pickup, PGP or S/MIME can be safe. Secure Email is a HIPAA-compliant option that offers a wide range of security configurations.
  • Messaging apps – SecureChat is HIPAA-compliant and secure. While options like Signal and WhatsApp also offer encryption, they do not offer HIPAA compliance.
  • VoIP – Signal and WhatsApp both encrypt their voice calls from end to end, but they do not offer HIPAA-compliance.
  • Video calls – Secure Video allows its users to deliver telemedicine or run conference calls with up to 100 people, all in a secure and HIPAA-compliant manner.

 

Establish a Policy

Once you have determined your business’s communication needs, analyzed the risks and come up with secure alternatives, it’s time to establish a workplace-wide policy that ensures these secure communication channels are used every time that sensitive and valuable information is transmitted.

 

Design the Policy to Handle Worst-case Scenarios

It’s best to be overly cautious in the policy and account for mistakes – remember, simple errors often cause of massively expensive HIPAA penalties.

Sure, a workplace Facebook group can be a great way to facilitate communications. You could even have a strict policy that sensitive and valuable information should not be exchanged in the group. It might even be effective for a long time.

But what happens when Robert from accounting just woke up from his 2pm nap, and in a brief, bleary-eyed moment he forgets about the rules and posts something he shouldn’t? Even if it was a simple accident and Robert from accounting didn’t mean to do it, his actions could still lead to a HIPAA violation or the information getting stolen by a hacker or publically exposed.

This is why it’s best to be overly cautious. Sure, you could have a workplace Facebook group, but why run the risk when you can use secure alternatives instead?

 

Training & Awareness

Once a policy has been established, you need to make your employees aware of it so that the new regulations are followed. Compliance can often be improved by explaining the reasons why the policy is in place and discussing the risks during training sessions.

 

Monitor & Enforce the Policy

Once your new policy has been set up, you will need to monitor whether or not it is being followed. In the transition period, you may notice violations, but if you address these carefully at the start and strictly maintain the policy, you will soon break the old employee habits.

 

Over time, there may need to be some reinforcement, otherwise the old habits can end up slipping back. This can be achieved through periodic training, continuing to provide awareness about the policy and the reasons behind it, as well as taking extra time to address those employees who have violated the policy.

 

Adjust the Policy as Necessary

Over time, new solutions will become available, while your current services may also become less secure. If you want your business to maximize its security and productivity, there is no reason for the policy to be set in stone. Instead, it should be adaptable, taking advantage of services that may improve performance, while leaving behind those that may pose a threat.  Policies should be reviewed and updated at least yearly.

 

Workplace-wide Secure Communications

Protecting all of your critical communication channels may sound like a challenging process, but luckily there is already a wide range of security-focused applications that are easy to implement.

At LuxSci, we offer a variety of secure and HIPAA-compliant alternatives in-house:

Arranging to take care of all of your secure communication services through one provider will result in systems that are more interoperable, save on overhead, simplify implementation and make management far less of a headache.

With the right approach and an expert technology partner, securing all of your organization’s communications is an easy way to drastically reduce the risks that it faces.

Will Email Ever Be Truly Secure?

Tuesday, November 6th, 2018

Email gateways are a leading cause of security breaches. The optimistic view is that effective email security practices, firewalls, mobile device security, wireless security, endpoint security, web security, behavioral best practices, data loss prevention and network access control – among other solutions – can ensure foolproof security. The realistic view is that email – or anything for that matter – cannot be truly secure.

To err is human. Technology advancement is a boon and a bane: cyber attacks are more sophisticated than before. You can trust no one security solution, place your full trust on end-to-end encryption (currently the most secure way to communicate securely and privately online) or predict when someone will break into your device and access your email.

The road to HIPAA compliance is paved with many risks, possibilities and outcomes. Well-researched and thoughtful implementations are essential but there are many decisions to make and loose ends to tie up. Your ePHI protection, privacy and confidentiality practices may be excellent, but your employees may still mistakenly dispose of a fax machine or hard drive that contains retrievable PHI. Or some of your staff may fail to observe the policy of what needs to be encrypted and what does not.

 

And if you thought that email encryption, cryptographic protocols and even your computer system and CPU were protecting your data at all times, think again…

Read the rest of this post »