HIPAA Compliance Certification Seal
The organization listed above has LuxSci's HIPAA-certification Seal:*
- LuxSci is a HIPAA Business
Associate of this organization with a signed contract.
- LuxSci itself proactively follows the HIPAA Security and Privacy
Rules with respect to any ePHI stored on or transmitted through LuxSci by
- This organization uses LuxSci's HIPAA- and HITECH-compliant
communication services to meet strict security requirements for the
safeguarding of electronic protected health information (ePHI).
Learn about LuxSci's HIPAA-compliant
HIPAA-certified LuxSci Customers*
The LuxSci services used by this company have certain minimum security
requirements enforced (see this document
for all LuxSci-specific HIPAA security restrictions). There are many
other security options and services from which LuxSci customers can
- Are forced to use very strong passwords to access LuxSci services and web interfaces
- Are forced to connect to LuxSci services and web interfaces only over encrypted channels
- Have a very short web interface session timeout
- Have their access to systems audited and logged
- All outbound email messages containing PHI must be sent using LuxSci's flexible SecureLine email encryption.
This secures all ePHI sent via email.
- Backups are kept of all email data on our servers
- Message sending histories are kept for 10 years
- All form posts made using SecureForm are secured using TLS to protect the data during transport to LuxSci
- All emailed form data emailed is, at a minimum, secured using LuxSci's flexible SecureLine encryption.
- All other data transport channels are locked down to be secured.
- All form data storage options can be encrypted at rest
- Audit trails, logs, and backups are kept
|Web Hosting Infrastructure
- LuxSci ensures the server environment and data center are suitable for HIPAA compliance
- Web site(s) and databases are hosted on dedicated server(s)
- Server software is being kept up to date (patched) by LuxSci
- Server performs virus scanning, intrusion detection, and automated log analysis
- Server is protected by one or more firewalls
- The customer is responsible for the compliance and security of the web site application software itself
Interested in HIPAA-compliant Communications for Your Organization?
Set up a Consultation with LuxSci
*LuxSci does not certify that this organization
is HIPAA compliant overall, only that (a) LuxSci is a recognized HIPAA
Business Associate of this organization, and (b) this organization's use of
LuxSci's services has been configured and locked down to comply with
LuxSci's HIPAA-security Requirements. Full HIPAA compliance is a process
that is largely in the hands of each company and requires many things such
as documentation, training, risk analyses, etc. While it is impossible
for a third-party to make a company fully "HIPAA Compliant," you can use
third-party services that follow the guidelines of HIPAA as part of your
overall HIPAA-compliance strategy.
LuxSci does not certify HIPAA compliance of
services whose usage is largely in the organization's purview, such as web
site software or email forwarding. In particular, the security of web
pages hosted on the customer's own web site are not covered by the
SecureForm service or web infrastructure services. SecureForm would in
this case secure everything from the data posting to LuxSci onwards.
LuxSci provides strong recommendations and an infrastructure allowing for
the organization to use these services in a HIPAA-compliant manner.