LuxSci: HIPAA-Compliant Communication Solutions
Secure HIPAA-Compliant Communication Solutions from LuxSci
Lux Scientiae – or LuxSci for short – is an industry-leading provider of reliable, HIPAA-compliant communication solutions. Founded in 1999 and based in Massachusetts, the company has grown from designing high-quality, detail-orientated, web-based infrastructures to a global organization delivering elegant and scalable email, web hosting, and text messaging solutions.
In the US, the company´s focus is primarily directed towards the healthcare industry – where the requirements of HIPAA demand robust data security, yet where the requirements of users are efficiency and ease-of-use. Consequently, LuxSci communication solutions for the healthcare industry are built to be HIPAA-compliant, yet productive and intuitive to use.
HIPAA-Compliant Email Hosting
Other than verbal communication, email is the most commonly used communication channel in healthcare. However, when emails containing ePHI are sent beyond a firewall-protected internal email server, they are subject to HIPAA regulations relating to access controls, audit controls, integrity controls, ID authentication, and transmission security.
LuxSci secure email satisfies all HIPAA regulations and security requirements in order to ensure the integrity and security of ePHI. In addition, LuxSci secure email can be provided with customizable email filtering, virus scanning, and protection against malicious emails and phishing attacks. The solution also enables emails to be synchronized with calendars, contacts, tasks, etc.
- Highly-configurable email encryption
- Access controls and login audit trails
- Automatic system logoff capabilities
- Remote device wipe
- Redundant backups and email archival
HIPAA Compliant Hosting
Any healthcare organization with a web site should ensure the web site is being hosted in compliance with HIPAA. When web hosting services are outsourced, this means the company providing the hosting services has to comply with the same technical, physical, and administrative safeguards of the HIPAA Security Rule as apply to – for example – an EMR.
LuxSci´s dedicated HIPAA-compliant web hosting services provide a “protected island on the web” in which servers are secured and monitored, patch management is taken care of, and backups are automatic. Healthcare organizations can take advantage of off-the-shelf web hosting solutions, or customize solutions for volume, availability, security, and business continuity.
- Facility and network intrusion detection systems
- Protection against Dedicated Denial of Service (DDoS) attacks
- Redundant, load-balanced web/application servers
- System isolation and capacity scaling
- Encrypted SAN storage arrays
HIPAA Compliant Forms
How healthcare organizations collect, process, and store data via a web site is also subject to HIPAA regulations. Many types of web form are not HIPAA-compliant because they either submit data via unencrypted channels or store it in unencrypted databases. Even when these conditions are met, it is still important data is secured against unauthorized access and that all access is logged.
LuxSci´s SecureForm service is a full-featured form solution designed for HIPAA compliance and business-critical data collection. The service can be used to secure existing web forms or to create engaging PDFs and web forms, and it gives organizations a choice of how data is collected, the format in which it is received, and where it is saved.
- Minimal programming knowledge required
- Detailed reports of successful and failed submissions
- Full audit trail of data views, amendments, and deletions
- Anti-virus scanning of all uploaded forms
- Limit, deny, or allow form posts by IP address
HIPAA Compliant Text Messaging
Text messaging is generally not permissible under HIPAA because – among other reasons – the risk exists ePHI can be disclosed without authorization if a mobile device is lost, stolen, or left unattended. Exceptions exist when safeguards are built into text messaging apps, but there are scenarios in which app-based systems are not suitable for all healthcare communications.
HIPAA compliant text messaging from LuxSci overcomes this issue by enabling healthcare organizations to send an SMS message from an email account to the recipient´s mobile device. The SMS message contains a link to a secure web page on which ePHI is located; but, in order to the ePHI, the recipient must provide a password or PIN number.
- Data never transmitted directly in raw text messages
- Data not stored on recipient´s mobile device
- ePHI can be retracted and wiped at any time
- Password-based recipient authentication
- Audit trail of recipient logins and message access
HIPAA Compliant Email Marketing
Email marketing in compliance with HIPAA can be very complicated. According to the HIPAA Privacy Rule, not only do Covered Entities have to obtain authorization from patients to use PHI in marketing emails, Covered Entities also have to obtain permission from recipients to send them marketing emails. There are also rules governing the content of HIPAA compliant marketing emails.
These requirements, and the requirements of the HIPAA Security Rule with regards to the security of ePHI in transit, make it very difficult for HIPAA Covered Entities to run compliant email marketing campaigns. However, LuxSci´s Secure Marketing service offers a HIPAA-compliant solution, through which Covered Entities can design, send, track, and achieve a solid ROI from email marketing.
- Compliantly leverage ePHI in email marketing for a higher return on investment.
- All data and email sending is isolated from other customers to protect IP reputation.
- Full reporting suite includes opens, clicks, bounces, and unsubscribes.
- Retrieve campaign performance statistics for review and analysis.
- Powerful API enables automated management of subscribers, lists, campaigns, and more.
HIPAA Compliant High Volume Sending
Bulk email marketing – or any other type of high volume mail-out – can be even more complicated due to email service providers (i.e. Gmail) implementing safeguards to protect customers from spam. Therefore, not only does the content of a high volume mail-out have to be in compliance with HIPAA, emails also have to comply with email service providers´ best practices.
To ensure HIPAA compliant bulk email marketing campaigns comply with email service providers´ best practices, Covered Entities can take advantage of LuxSci´s High Volume service. LuxSci´s High Volume service allows Covered Entities to send an unlimited number of emails via dedicated servers using existing email software or the LuxSci Mailer email marketing and campaign management solution.
- IP address reputation only reflects customer sending history.
- Compliance with ESP safeguards maximize likelihood of delivery.
- Multi-feature, enterprise-scale reporting suite.
- Service Level Agreement includes 100% network and infrastructure guarantee.
- Full-disc encryption, multiple firewall layers, and HIPAA compliance included.
HIPAA Compliant SMTP Connections
The purpose of HIPAA compliant SMTP connectors is to ensure the technical compliance of outbound emails with the HIPAA Security Rule. The reason why HIPAA compliant SMTP connectors are necessary is because some email service providers don´t provide the full range of technical safeguards to protect ePHI in transit and at rest, potentially exposing ePHI to unauthorized disclosure.
LuxSci´s HIPAA-compliant SMTP connectors not only fill any compliance gaps in email services such as G Suite, Microsoft 365, and Exchange, but can also be used as an alternative to mail servers with limits on outbound email sending, mail servers with poor IP reputations, or mail servers that do not support SMTP Authentication.
- Easy to set up. No per-user configuration or changes required.
- Send up to 300 emails per day per user, to up to 1,000 recipients per email.
- Full reporting suite includes open, click, and bounce tracking.
- Email content monitoring to ensure HIPAA compliance.
- Dedicated infrastructure for fifty users or more.