Monday, May 5, 2014

Introducing HIPAA Compliant Patient Communication

Now dental practices can send protected health information directly to their patient's current email address through Secure-Mail™

Secure-Mail now becomes a powerful practice-builder along with continuing to be a proven communication tool for the secure exchange of protected health information between dentists, patients, specialists and dental labs. Allowing dental teams to securely send their patients:
  • Payment information
  • Treatment follow-up information
  • Patient referrals and treatment records
  • Tax and insurance receipts
  • Prescriptions and medical information
  • Protected Health Information (PHI) in appointment reminders
  • Appointment follow-up information
  • Images, X-rays and more
Read the full Press Release on Secure Patient Communication Here.
We have also developed a number of materials to assists your practice as you inform your patients about your team’s commitment to the privacy and accuracy of their patient's sensitive information with a full range of ready to use HIPAA Patient Privacy Materials.

Friday, May 2, 2014

Secure-Mail™ Unaffected by Heartbleed

You’ve probably heard about the Heartbleed Bug that has caused a great stir in the news lately. Many organizations – including large and well-known email providers – have admitted that they were affected and have been forced to take rapid action to protect themselves and their users. A cybersecurity columnist for Forbes described Heartbleed as arguably “the worst vulnerability found since commercial traffic began to flow on the Internet”.

Brightsquid is extremely pleased to share that Secure-Mail was unaffected by the Heartbleed Bug as we are not using an affected version of OpenSSL, a cryptography library commonly used for secure communication on the Internet. Further, the OpenSSL library has already been patched, so future versions will not be vulnerable either.

Heartbleed is caused by an issue in the OpenSSL library called a buffer over-read, where a computer responds to a request with more information that it should provide. It exploits a mechanism called a heartbeat extension, which is used to confirm that a remote computer is still available. The computer requesting the heartbeat sends a text string (such as “potato”, “bird” or “hat”) and the length of that string to a remote computer and asks for it to be repeated back. In the case of Heartbleed, the remote computer doesn’t check to see whether the length provided and the actual length of the string match. A malicious user can request a much longer response than the string’s true length, causing the remote computer to return the requested string as well as other information after the string in the computer’s memory. This could include sensitive information such as passwords, credit card numbers, and banking information. This is illustrated very clearly in the following web comic:

At Brightsquid, we understand the importance of maintaining data security for Protected Health Information (PHI) within your practice and the regulatory implications. Secure-Mail remains the best way to safely share protected health information with patients, dentists, specialists and labs.

For more information about what Secure-Mail has to offer and how it delivers regulatory compliance for your practice, please visit: