Covered entities face a unique set of business challenges when it comes to securing their email communications. HIPAA requires that organizations take extra steps to protect patient data when it is transmitted via email. Furthermore, the health care industry is increasingly threatened by cybercriminals, who use email to gain access to sensitive systems. LuxSci has provided HIPAA-compliant email since 2005. Our email services are secure and flexible enough to help organizations of all sizes manage highly sensitive communications.
LuxSci's SecureLineTM encryption engine can be configured to automatically encrypt every email. It works like this—messages are delivered to LuxSci via API, SMTP, or WebMail and SecureLine encrypts the emails before securely delivering them. SecureLine is extremely flexible and supports multiple types of encryption to meet a variety of security, usability, compliance, and deliverability needs.
LuxSci's Secure Email Hosting was built to satisfy all HIPAA rules and security requirements. In addition to email encryption, all HIPAA-compliant email hosting accounts include email access and sending from modern email programs (e.g., using IMAP, POP, SMTP, and optionally Exchange ActiveSync) and from our WebMail interface. LuxSci also highly recommends adding on our Email Archival and Premium Email Filtering services to protect your inbox.
LuxSci provides a range of security features including dedicated servers, two-factor authentication, password expiration, time-based access controls, login auditing, custom firewalls, customizable session timeouts, and more.
Unlike other emailing hosting solutions that use shared clouds, LuxSci is unique in that it can provides each client with their own dedicated server, cluster, or unique custom deployment. This has two advantages: higher security and more flexibility.
First, by isolating email servers from other customers, it adds another level of security. LuxSci has long supported the Zero Trust security model which advises keeping trust zones small to protect sensitive data. At LuxSci, this means we use micro-segmentation and dedicated network firewalls to isolate each customer's server configuration. By using a dedicated server cluster that is segmented from other customers, data is kept isolated and secure.
In addition, using a dedicated server cluster allows customers to create custom configurations that can be designed to meet deployment size need. Using a dedicated solution means never having to share server resources with other customers and allows for more control over email sending rates and IP reputation. Customers can also request high availability and disaster recovery options to keep systems online in the unlikely event of a data center failure. These high availability options include:
We include technical support with all accounts. LuxSci's support staff are located in the USA and are all US citizens. Standard support hours are 9am to 11pm Eastern Time, USA. During this time, our staff is standing by to answer your questions via email, support ticket, and phone. Emergency, mission-critical support is available 24/7/365. (See more about LuxSci Support.)
LuxSci email works with any email program on any computer or mobile device, including Outlook, Mac Mail, Thunderbird, and the default email programs in iOS and Android. LuxSci email and SecureLineTM email encryption work through secure IMAP, SMTP, POP connections.
There is never any need to download special programs, apps, or plugins. Additionally, LuxSci provides an option for using MobileSync for real-time synchronization of email, contacts and calendars with your mobile devices and recent versions of Outlook for Windows that support Exchange ActiveSync.
LuxSci includes 7x daily on-site and 4x weekly off-site backups of all of your email, web, and other data. You can request free restores as needed, although very frequent or very complex restore requests may incur a surcharge. (Read more about backups at LuxSci.)
Daily and weekly snapshots also protect your sensitive data against server failure, and we can always restore all your data. (Read more on LuxSci infrastructure and reliability). Dedicated server customers can request special/custom backup schedules.
LuxSci also offers Email Archival for saving copies of all inbound and outbound email. These copies cannot be edited or deleted by anyone and they do not expire.
A shared server email hosting account comes with 100 GB of disk space that you share among all your users (we do not limit space on a per-user basis although you can opt to impose such limits). If you exceed your limit or want to buy more space, we charge an overage fee.
Dedicated server customers can get up to 16 TB of space per drive mounted to each server. Servers can have up to 10 mounted drives. Dedicated is the way to go if you have large-scale storage needs.
LuxSci permits you to send and receive email messages that are up to 200 MB each (for customers with Email Archival, the limit is 50 MB/message).
Email hosting customers can send up to 300 email messages/day; customers can send each message to up to 1000 recipients. These messages are not for use with bulk emailing of any kind.
For email marketing and large-scale sending needs, we offer a separate High Volume Secure Sending service. We can add this additional service (and the associated cost) to your email hosting account.
There's no explicit limit on the number of messages that you can receive. However, the receipt of large quantities of messages all at once (many 100s or 1000s of messages at a time, for example) can cause your inbound email to suspend automatically to protect our servers from inbound email abuse and "mail bombs." If you need to receive large numbers of messages in a short time, LuxSci provides dedicated inbound email processing servers.
There are no limits on the number of users who can be in your account or the number of addresses you can have in your address book.
Each email folder can hold up to one million email messages. However, it's important to note that larger folders are slower to use than smaller folders (more than 100,000 messages would be extremely slow).
Our servers are located in the United States of America. Customers ordering dedicated server clusters can request that their servers be provisioned in specific non-USA geographic regions, such as the EU or Asia.
Yes. LuxSci SecureLineTM enables you to send compliant email to anyone with an email address. Your recipients do not need to use LuxSci themselves.
Yes. Recipients of your secure email messages can reply to you. See: Are Replies to My HIPAA-Compliant Secure Emails Also Secure?
To reduce the risk of accidentally sending unencrypted messages, LuxSci automatically encrypts every email for HIPAA customers. If some messages do not include ePHI, you can choose to opt-out of using encryption for them. LuxSci does not support opt-in encryption (where you manually specify which messages need encryption) for HIPAA-compliant accounts, because it's too risky for HIPAA compliance. We do support opt-in encryption if you do not need HIPAA compliance.
When you send an email message through WebMail, from either your mobile device or your email program, that message is transmitted securely to LuxSci's servers using TLS. Once the message arrives, LuxSci encrypts the message for each of your recipients and then delivers the encrypted message to the recipient's email servers. Based on your account preferences, who the recipients are, where their email host is, and settings in your account, the encryption used can take the form of: SMTP TLS, Secure Message Pick Up (Escrow), PGP, or S/MIME. The type of encryption used is dynamically determined at send time.
It depends on the encryption method used. Messages sent via TLS do not require anything special to open them since they are encrypted only during transmission. Messages sent using Escrow (Secure Portal Pick Up) do require the recipients to authenticate themselves in order to access their secure messages. You can authenticate users by either (a) by using a username/password for a free account to access any received message, or (b) by providing an answer to a custom question designated by the message sender. See: SecureLineTM Escrow and SMTP TLS.