TL; DR: LuxSci delivers a rich email and web hosting service that focuses on security and takes compliance seriously. It is flexible enough to meet the everyday privacy needs of stakeholders without getting in the way of routine business operations. LuxSci goes beyond infrastructure provisioning to offer Compliance-as-a-Service for email and web communication that meets HIPAA and HITECH Act requirements. The company is also planning for the industry’s future, including a turn toward managed secure-communications platforms that integrate with existing enterprise applications.
Modern healthcare providers build their operating systems with regulatory compliance in mind. But even businesses that partner with healthcare organizations need to be compliant if they deal with any protected health information (PHI).
The U.S. Department of Health and Human Services broadly defines protected health information as “any individually identifiable health information” associated with a person’s physical or mental health, the provision of healthcare services, and payment information.
That information is often part of online communications and web forms, and one company understood the ramifications for small businesses early on.
LuxSci began hosting database-driven websites in 1999 and quickly realized that security and compliance needed to be at the forefront of its solutions.
“By 2002, we started focusing on security, and by 2005, we had our own trademarked SecureLine™ encryption technology,” said Erik Kangas, CEO of LuxSci. “It focuses on extremely configurable, highly secure encryption for email, enabling organizations to add security to their workflows. and making things safe.”
The Health Information Portability and Accessibility Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act are federal laws that govern the privacy of patient information. They’re relatively strict, with heavy compliance burdens and stiff penalties for privacy violations — including potential incarceration — regardless of the circumstances of the breach.
“With industry shifts around HIPAA and the corresponding accountability of healthcare business associates, we started focusing on HIPAA compliance,” Erik said. “We already had the security in place to make that an easy transition. Since then, we’ve been developing complementary security technologies, including secure forms and augmenting Google and Microsoft Office suites to make them more secure.”
Today, LuxSci delivers secure solutions and web hosting for businesses that require compliant technology. The company’s products are HITRUST certified and designed to pass any mandatory audits. In addition, LuxSci delivers secure marketing and high-volume email delivery tools in addition to security extensions for Google Workspace and Microsoft 365.
Compliance as a Service for Apps, Forms, and Email
HIPAA was signed into law in 1996 to regulate the use, disclosure, and protection of personally identifiable health information. In 2009, HIPAA was strengthened by the HITECH Act, which primarily focuses on incentivizing the move to electronic health records.
Together, HIPAA and HITECH consist of three essential regulations. The Privacy Rule deals with the ownership and safeguarding of protected health information, including restrictions on use and disclosure. The Security Rule sets technical standards for electronic PHI. The Breach Notification Rule requires covered entities — including individuals and businesses subject to these regulations — to notify affected people when their PHI is shared in a non-compliant way.
Those partners must still adhere to HIPAA and HITECH regulations even if their primary line of business isn’t healthcare. And they must sign a Business Associate Agreement if they use or access PHI.
A business doesn’t need to actively work with a healthcare-covered entity to be subject to HIPAA enforcement. Something as simple as a small business payroll clerk emailing about an employee’s health insurance claim with an insurance company may be in its scope.
Compliance with the Security Rule and related regulations requires deep knowledge of how standards work and the best practices for mitigating risk. That’s why LuxSci delivers robust compliance solutions for communications.
“We’re not going to give you ordinary servers like you could get at other places,” Erik said. “We provide a management layer on top of that to give you a Compliance-as-a-Service framework.”
LuxSci manages its own hosting infrastructure and runs its own audited apps minimize the infrastructure security risk. And the security of the LuxSci solution works just as well for any data in any industry, not just healthcare information.
Security-First Mindset Reduces Risk of Human Error
LuxSci delivers security by default, but with a high degree of customization to maximize the customer benefit. That flexibility is tied to specific applications and needs. It is optimized to avoid unnecessary friction and reduce the risk of mistakes by individual system users.
“For the level of security we provide, we’re more flexible than anyone else. We minimize the risk of human error,” Erik said. “For example, people who do email security often have to click a box to mark a message as secure. However, we flip that around and secure everything by default until a user says otherwise. Minimize human error, maximize security, but have the flexibility to do the right thing in the moment.”
Information experts understand that security can yield diminishing returns at either end of the spectrum. An insecure system increases avoidable risk, while a system that’s too secure generates friction that leads to unsanctioned workarounds. LuxSci believes that high security works if it is implemented well. That is why the company designs its products to streamline workflows while maintaining high security standards.
“The underlying theme is communication,” he said. “We offer web hosting, web forms, communications, email marketing, high volume email, and secure texting. We look at that high security, high flexibility communication and make it work without getting in people’s way.”
LuxSci leverages customer requests and feedback as an integral part of its development process to keep the security-to-friction ratio manageable. Its team is particularly interested in customer pain points, and it believes that making compliance easy limits the risk of workarounds that violate regulations and put information at risk.
LuxSci: Delivering Secure Communications in Regulated Environments
Although healthcare organizations are familiar with HIPAA and HITECH, businesses that work with protected health information must meet the same high standards. The compliance rules are complex, just as they are with other industries, including legal services and finance. LuxSci understands that even routine SMB correspondence can expose a company in an unrelated industry to sanctions if personal information is shared.
The company layers isolated servers and secure network connections with secure-by-default configurations optimized for everyday users.
Erik said that a fast-growing segment of LuxSci’s customer base includes organizations leveraging LuxSci’s platform to manage their communications security for them.
“A lot of companies need communication security, and they don’t have the expertise to do it themselves,” he said. “We’re seeing a lot of interest in integrating applications with secure email and text and LuxSci functions as a conduit for their communication security. For example, we’ve had many telehealth providers and testing labs plugging into us to get COVID-19 results and vaccine appointments to people in real time.”
LuxSci delivers secure email tools, secure websites, and secure web forms using embedded technologies that have been audited for HIPAA and HITECH compliance. Major healthcare companies, including Delta Dental, AthenaHealth, LucernaHealth, and Gannett, use LuxSci. The company’s Compliance-as-a-Service model works for businesses of any size and in any industry. After all, security is not limited to healthcare.
“The regulatory environment is tightening, and it’s not going to stop,” Erik said.
LuxSci is prepared to help businesses that are ready to begin protecting confidential information and ensure communication security.