Home » Solutions » Email Security for HIPAA Compliance
Security for HIPAA
Overview
Any organization that wishes to transmit health information about an
identifiable individual over email must utilize an email system that
enables them to comply with HIPAA - The Health Insurance Portability and
Accountability Act of 1996.
The most important requirement of such a secure email system is that
the email messages be encrypted and protected during the entire time they
are transmitted across the Internet. I.e. from your employees or web site,
to your email servers, to your recipients' email servers, and to your
recipients' computers.
Most email and web providers do not offer any means for you to ensure
that your messages are HIPAA-compliant. Those providers that might allow
your employees to send emails amongst each other in a secure way offer
little that can ensure your employees or web sites can send and receive
messages to and from patients with arbitrary email addresses in the same
manner.
However, LuxSci's SecureLine service
enables you to easily do both without any special software and allows you
to meet the other HIPAA requirements related
to email as well. LuxSci even provides simple means to securely receive
information from your web site into your email.
LuxSci's standard secure email services combined with its SecureLine end-to-end email encryption
service satisfies all of the HIPAA rules related to
email services. These include:
Message Transmission Security & Encryption
By enabling one preference, administrators can ensure that
all users always send and receive email securely. Additionally, LuxSci's
infrastructure ensures that all emails sent between users of LuxSci are
always encrypted while being transmitted over the Internet, making secure
internal email communications automatic. Additionally, SecureLine allows
your users to send secured messages to anyone with any email address.
Those recipients can easily reply back securely or use our SecureSend
portal to register for free and initiate secure messages to your
SecureLine users.
Message Integrity Controls
LuxSci's uses of encryption for the transmission of
messages ensure that the messages cannot be modified while in transit.
Their integrity can be assured. Additionally, LuxSci's SecureLine permits
the addition of digital signatures to encrypted messages to further ensure
and prove the message integrity and identity of the sender.
Unique User Identification & Authentication
LuxSci requires use of user names and passwords for access
to all services. This allows the system to recognize all users accessing
it and to control access based on their identity.
Emergency Access to Email
LuxSci provides a facilities for [securely] capturing/archiving copies of
all inbound and/or outbound messages for backup and auditing purposes.
This enables administrators to have secure access to copies of all message
content for emergency or other reasons.
Automatic System Logoff
All of LuxSci's web-based interfaces automatically log
users off after a period of inactivity. Administrators can customize this
period to be as little as 5 minutes or as long as 8 hours.
Access Audit Controls
LuxSci's administrative interface permits users and
administrators to view audit reports of their access to services such as
WebMail, Email Sending, POP, IMAP, and more. These reports enable
verification of when and from where users are connecting.
Data Backups & Disposal
LuxSci automatically makes backup copies of all data on
our servers. Daily backup copies are kept on-site for 2 days and Weekly
backup copies are kept off-site for 4 weeks. After 4 weeks, all backup
copies are destroyed. Accounts can ask for data to be restored from
backup for free once/month. LuxSci's Premium
Email Archival provides permanent, immutable email storage on servers
in three geographic locations, updated in real-time, with weekly backups
made to optical media. See our complete backup and restore statement.
Secure Web Site Forms
LuxSci can secure your web site forms so that submitted
information is encrypted and transmitted to your email in a secure and
compliant way.
Select this package for maximal email security. Use of SecureLine and
our other secure services enable you to be HIPAA compliant and meet other
security and regulatory requirements.
Secure Web plus Secure Email
Select this package for both a secure web site and
secure email. LuxSci can configure your secure web form to
send your visitor's data to your email securely at no additional
charge (for one form).
Email at your domain
SecureLine end-to-end email encryption for all users
"Thank you for helping me get my site up and running on such short notice. You are a ROCK STAR! LuxSci is the best decision i could have made. I am VERY satisfied!"
