" secureline Archives - LuxSci

Posts Tagged ‘secureline’

Has Your Email Been Read? Read Receipts and Web Bugs

Wednesday, July 1st, 2020

 

Customers often ask how they can know if a message has been read by a specific recipient.  Typically, this is done by requesting a “Read Receipt” when sending the message; however, read receipts are not reliable. Spammers use techniques such as HTML “web bug” tracking to see if you have read an email message and thus if your email address is valid and ripe for more spamming; this is also not reliable. LuxSci’s SecureLine Escrow service includes a 100% reliable Read Receipt function that can be used when it is essential to know if someone has read a message. It also allows for message retraction (removing further access to an email message).

This article goes over these various methods of determining if a message has been read, shows how each works, and discusses the pros and cons of each.

Read the rest of this post »

Opt-In Email Encryption is Too Risky for HIPAA Compliance

Tuesday, July 11th, 2017

A majority of companies and hospitals that offer email encryption for HIPAA compliance allow senders to “opt in” to encryption on a message-by-message basis.  E.g., if the sender “does nothing special” then the email will be sent in the normal/insecure manner of email in general.  If the sender explicitly checks a box or adds some special content to the body or subject of the message, then it will be encrypted and HIPAA compliant.

Opt-in encryption is desirable because it is “easy” … end users don’t want any extra work and don’t want encryption requirements to bog them down, especially if many of their messages do not contain PHI.  It is “good for usability” and thus easy to sell.

Cybersecurity opt-in email encryption

However, opt-in encryption is a very bad idea with the inception of the HIPAA Omnibus rule.  Opt-in encryption imposes a large amount of risk on an organization, which grows exponentially with the size of the organization.  Organizations are responsible for the mistakes and lapses of their employees; providing an encryption system where inattention can lead to a breach is something to be very wary of.

Read the rest of this post »

Are you Minimizing your Risk by using the Next Generation of Opt In Email Encryption?

Friday, September 11th, 2015

We have long held that leaving it to each sender/employee to properly enable encryption for each sensitive message (a.k.a “Opt In Encryption”) is too risky.  Why? Any mistake or oversight immediately equals a breach and liability.

Instead, LuxSci has always promoted use of “Opt Out Encryption,” in which the account default is to encrypt everything unless the sender specifically indicates that the message is not sensitive.  The risk with Opt Out Encryption is very much smaller than with Opt In.  (See Opt-In Email Encryption is too Risky for HIPAA Compliance).

The problem is: many companies use Opt In Encryption because it is convenient when sending messages without sensitive information — you just send these messages “as usual,”  without forethought.  These companies are trading large risks in return for conveniences.

LuxSci has solved the “Opt In vs. Opt Out” conundrum with its SecureLine Email Encryption Service.  You could say that SecureLine enables the “Next Generation” of Opt In Email Encryption — combining both usability and security.

Read the rest of this post »

Is your Accountant protecting your privacy and identity?

Wednesday, April 15th, 2015

Everyone always harps on the necessity of privacy when discussing health care, government, and banking communications.  It is surprising how little attention is paid to email security with regards to accounting and tax preparation.   There is a real danger of identity theft, unintended information disclosure, as well as invasion of privacy when using tax preparation services or organizations that do not use secure email.  Why is this?

Read the rest of this post »

7 Steps to Make your Web Site HIPAA-Secure

Friday, February 13th, 2015

Doctors and medical professionals are feeling increasing pressure to get their business online (e.g. use of electronic prescriptions, web appointments, and remote medicine are both trendy and critical for building and sustaining revenue streams in the tightening medical market).  This push includes making available protected health information to patients via a web site and collecting similar private information from patients or would-be patients.

However, where the health information of an identifiable individual is involved, the Health Insurance Portability and Accountability Act (HIPAA) is the official compliance document.  And with the Omnibus rule in place, all web sites, old and new, must be properly designed or their owners face potential financial liability into the millions of dollars.

So, what do these requirements mean and how can HIPAA be followed in the context of a website?

Read the rest of this post »

LUXSCI