Am I at HIPAA-risk if a patient replies to my secure email message?
Tuesday, January 31st, 2017Here is a question from “Ask Erik:”
Dear Dr. Kangas, When I write an email to a patient from my LuxSci account, it is encrypted and therefore HIPPA compliant. When they write me back from their regular email address (it’s often hard to get them to sign up at LuxSci), they are putting [PHI /Medical Information] out without security, but that is not my HIPPA violation as I understand it because patients are not required to keep their PHI secure. Yet often a patient replying to my email simply hits ‘reply’ and my email is attached to their reply, putting my original email in an insecure from on the Internet. Does that become therefore a HIPPA violation of mine, especially if I continue to allow this without telling the patient to stop doing this?
Read the rest of this post »
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are foundations of security on the Internet. However, between colloquial usage and the relationship between these security protocols, there is a lot of confusion regarding how they are related, how they are different, and what to use in what situation.
This classic DLP system is available through many email providers and has been available at LuxSci for many years as well. However, it does have a glaring limitation — no matter how complete and complex your DLP pattern list is, it is almost certain that some messages containing sensitive information will not quite match (or the information will be embedded in attachments that can’t be searched properly). If they do not match, then they will escape in a way that may be considered a breach. 
