LuxSci

Compliance Certification

David O Black PhD LLC

This organization has HIPAA-compliant services with LuxSci which include:

Secure Email Hosting for domain(s):

    caatonline.com

Secure Form:

    Secure Web and PDF form processing

HIPAA Compliance Certification Seal

The organization listed above has LuxSci's HIPAA-certification Seal:*

  • LuxSci is a HIPAA Business Associate of this organization with a signed contract.
  • LuxSci itself proactively follows the HIPAA Security and Privacy Rules with respect to any ePHI stored on or transmitted through LuxSci by this organization.
  • This organization uses LuxSci's HIPAA- and HITECH-compliant communication services to meet strict security requirements for the safeguarding of electronic protected health information (ePHI).

Learn about LuxSci's HIPAA-compliant Solutions

HIPAA-certified LuxSci Customers*

The LuxSci services used by this company have certain minimum security requirements enforced for all LuxSci HIPAA customers. There are many other security options and services from which LuxSci customers can select.

Users
  • Are forced to use very strong passwords to access LuxSci services and web interfaces
  • Are forced to connect to LuxSci services and web interfaces only over encrypted channels
  • Have a short web interface session timeouts
  • Have their access to systems audited and logged
Secure Marketing
  • All contacts, contact lists, campaigns, demographics, custom fields, and other information stored in the LuxSci Secure Marketing service are protected by LuxSci.
  • All email messages sent by the Secure Marketing serice are encrypted using LuxSci's flexible SecureLine email encryption
Secure Email

This applies to email hosting, secure connector, and high volume email sending.

  • All outbound email messages containing PHI must be sent using LuxSci's flexible SecureLine email encryption. This secures all ePHI sent via email.
  • Backups are kept of all email data on our servers
  • Message sending histories are kept for 10 years
Secure Form
  • All form posts made using Secure Form are secured using TLS to protect the data during transport to LuxSci
  • All emailed form data emailed is, at a minimum, secured using LuxSci's flexible SecureLine encryption.
  • All other data transport channels are locked down to be secured.
  • All form data storage options can be encrypted at rest
  • Audit trails, logs, and backups are kept
Secure Web Hosting
  • LuxSci ensures the server environment and data center are suitable for HIPAA compliance
  • Web site(s) and databases are hosted on dedicated server(s)
  • Server software is being kept up to date (patched) by LuxSci
  • Server performs virus scanning, intrusion detection, and automated log analysis
  • Server is protected by one or more firewalls
  • The customer is responsible for the compliance and security of the web site application software itself

Interested in HIPAA-compliant Communications for Your Organization?

Set up a Consultation with LuxSci


*LuxSci does not certify that this organization is HIPAA compliant overall, only that (a) LuxSci is a recognized HIPAA Business Associate of this organization, and (b) this organization's use of LuxSci's services has been configured and locked down to comply with LuxSci's HIPAA-security Requirements. Full HIPAA compliance is a process that is largely in the hands of each company and requires many things such as documentation, training, risk analyses, etc. While it is impossible for a third-party to make a company fully "HIPAA Compliant," you can use third-party services that follow the guidelines of HIPAA as part of your overall HIPAA-compliance strategy.

LuxSci does not certify HIPAA compliance of services whose usage is largely in the organization's purview, such as web site software or email forwarding. In particular, the security of web pages hosted on the customer's own web site are not covered by the Secure Form service or Web Hosting services. Secure Form would in this case secure everything from the data posting to LuxSci onwards. LuxSci provides strong recommendations and an infrastructure allowing for the organization to use these services in a HIPAA-compliant manner.