" secureline Archives - LuxSci

Posts Tagged ‘secureline’

Are Replies to my HIPAA-Compliant Secure Emails also Secure?

Friday, June 18th, 2021

Sending HIPAA-compliant secure emails is easy- LuxSci’s services allow you to send secure emails to anyone with an active email address. One common question is whether the replies back to these messages will also be HIPAA compliant. This is especially a concern when customers choose to use TLS only a a secure means of email delivery.

In this article we will break down the various ways that messages are sent securely from LuxSci to recipients across the Internet, and how replies behave — and whether they are secure and compliant. At the end, we provide some recommendations for best practices for maximizing data security.

Read the rest of this post »

7 Steps to Make your Web Site HIPAA-Compliant

Tuesday, March 2nd, 2021

Telehealth is the new normal thanks to the Covid-19 pandemic. Many medical providers are finding that not only is telehealth a safer option during the pandemic, it can also help increase patient access to healthcare and improve outcomes. Along with video appointments, the virtual medicine push includes making protected health information available to patients via a web site and collecting similar private information from patients or would-be patients online.

However, where the health information of an identifiable individual is involved, the Health Insurance Portability and Accountability Act (HIPAA) is the official compliance document. The Omnibus rule requires all web sites, old and new, to be properly designed or their owners can face potential financial liability into the millions of dollars.

So, what do these requirements mean and how can HIPAA be followed in the context of a website?

Read the rest of this post »

HIPAA-compliant Email Host or SMTP Connector?

Tuesday, July 28th, 2020

choosing hipaa compliant email

You may have heard that you need to use HIPAA-compliant email to protect your organization’s ePHI, but many people aren’t sure where to go from there. Don’t worry if you fall into this camp, because this article will explain your options in depth.

The most straightforward solution is to simply sign up for a HIPAA-compliant email host. These are providers who specifically design their email services to be compliant with HIPAA regulations. A good example is LuxSci’s Secure Email.

If you currently use tools like Google Workspace or Microsoft Office 365 for your email, you might be looking for ways that you can adapt them for HIPAA compliance. The good news is that this is possible with an outbound encryption tool like our HIPAA-compliant SMTP connector.

Some organizations may pursue this option because they need certain features that these programs offer, while others may be hesitant to introduce new software and have to train their employees to use it.

Why Do You Need a HIPAA-compliant SMTP Connector for Google Workspace, Microsoft Office & Other Services?

These services aren’t designed to be HIPAA-compliant. Tools like Google Workspace, Microsoft Office 365, and Microsoft Exchange are designed for the mass market, so HIPAA compliance and security were not significant factors during their development.

This means that they are unsuitable for protecting ePHI straight out of the box. In the case of Google Workspace, it lacks a HIPAA-compliant email encryption solution. Microsoft does have one, but it is difficult to configure. A solution like LuxSci’s Secure SMTP Connector hooks up to your existing email service, bridging the gap to make your outbound email secure and HIPAA-compliant.

LuxSci Secure Connector

LuxSci Secure Connector

 

HIPAA-compliant SMTP connectors can also help you send emails if your internet service provider prevents or limits your outbound mail server from sending messages. On top of this, they can also add SMTP authentication to your outbound email system, as well as offer encryption and archival mechanisms. SMTP servers can also assist you in adapting your existing mail service in a variety of other ways.

Should You Use a HIPAA-compliant Email Host or an SMTP Connector?

Every organization will come to its own conclusion, based on the factors that matter most in its unique situation. If your main concern is making your company’s HIPAA compliance as easy as possible, then a HIPAA-compliant email host is probably your best option.

These are developed with the regulations in mind, and are designed to make compliance simple, with configuration options that suit a range of scenarios. With a HIPAA-compliant email host, you are less likely to misconfigure it and accidentally expose ePHI. 

LuxSci’s HIPAA-compliant email is designed to offer you a high level of performance and functionality, without having to constantly worry about regulatory headaches.

In contrast, some organizations aren’t in a position where they are ready to switch to a new email host. If they rely on certain software features in Google Workspace or Microsoft Office 365, it’s best for them to deploy LuxSci’s secure connector so that they can protect their outbound email sending.

Setting up and maintaining HIPAA compliance may be more complicated if they pursue this option, but it’s still a better choice than completely disregarding their regulatory obligations.

Has Your Email Been Read? Read Receipts and Web Bugs

Wednesday, July 1st, 2020

 

Customers often ask how they can know if a message has been read by a specific recipient.  Typically, this is done by requesting a “Read Receipt” when sending the message; however, read receipts are not reliable. Spammers use techniques such as HTML “web bug” tracking to see if you have read an email message and thus if your email address is valid and ripe for more spamming; this is also not reliable. LuxSci’s SecureLine Escrow service includes a 100% reliable Read Receipt function that can be used when it is essential to know if someone has read a message. It also allows for message retraction (removing further access to an email message).

This article goes over these various methods of determining if a message has been read, shows how each works, and discusses the pros and cons of each.

Read the rest of this post »

Opt-In Email Encryption is Too Risky for HIPAA Compliance

Tuesday, July 11th, 2017

A majority of companies and hospitals that offer email encryption for HIPAA compliance allow senders to “opt-in” to encryption on a message-by-message basis. If the sender “does nothing special” then the email will be sent in the normal/insecure manner of email. If the sender explicitly checks a box or adds some special content to the body or subject of the message, then it will be encrypted and HIPAA compliant.

Opt-in encryption is desirable because it is “easy.” End users don’t want any extra work and don’t want encryption requirements to slow them down, especially if many of their messages do not contain PHI. It is “good for usability” and thus easy to sell.

Cybersecurity opt-in email encryption

However, opt-in encryption is a very bad idea with the inception of the HIPAA Omnibus rule. Opt-in encryption imposes a large amount of risk on an organization, which grows exponentially with the size of the organization. Organizations are responsible for the mistakes and lapses of their employees. Accidentally sending unencrypted emails with PHI is an automatic breach with serious penalties.

Read the rest of this post »

LUXSCI