Important: HIPAApropriateness reviews, including their summaries, are for informational purposes only. They are neither consultation nor legal advice. Be aware that while we do our best to be thorough and complete, information may be missing or possibly even inaccurate. Products also change quickly, and the review may become out of date. By continuing to read, you agree to use the information in HIPAApropriateness reviews and their summaries at your own risk.

Vital Stats

HIPAA compliance with this product appears possible?: Yes.
Recommend for your HIPAA risk management needs?: Yes. Be sure to read the notes for some important usage notes.
# of Caveats: 0 view caveats→
# of Usage Notes: 3 view notes→

Relevant Product Characteristics

  • This product is designed specifically with the healthcare industry in mind.
  • The leadership or management behind this product includes at least one health care professional (but no mental/behavioral health professionals that we could find.)

What Is This Product?

A tablet computer with a fillable form on it. One hand holds the tablet, the other one signs the form with an index finger.LuxSci SecureForm is a secure form submission and e-signature tool that also offers a BAA for your HIPAA-compliance needs. A clinician might use this tool for a client’s initial contact request from the clinician’s website, or intake paperwork, administering assessments, etc.

Our Impressions

Very positive. Our technical and compliance-related questions were addressed quickly and thoroughly. We also experienced the company as being highly responsive to our questions and feedback. Their blog gives us the impression that they are constantly thinking about security, especially with an eye towards HIPAA.

We also recognized the benefits of LuxSci’s notification system for access attempts. By default it alerts on any failed login attempts, but one can also enable alerts for successful login attempts. It also provides an interface to view failed and successful attempts. This goes a long way in helping you achieve HIPAA-compliant use of their tools.

Caveats

Caveats are criticsms of the company or product that we feel are relevant to your risk management or other important considerations.

None

Notes

Notes cover points where the product can’t ensure compliance or ethical action for you. These help you know what your part of the compliance puzzle looks like when using this product. A high note count usually correlates with a feature-rich product, and not necessarily with a product that has problems.

1) If you are sending SecureForm results to a non-LuxSci SecureLine account, be sure you have a BAA with that e-mail provider and that it engages in safer email

LuxSci SecureForm allows you to send the results of a form to a non-LuxSci SecureLine account, such as any other e-mail account. In order to ensure your HIPAA-compliance, follow these two steps below:

  1. Confirm that the receiving account can do safer email. There is a button to do this when you add each recipient. See our article about safer email here.
  2. Make sure you have a BAA with the e-mail provider that will be receiving the form data.

NOTE: If you don’t have a BAA with your e-mail provider, you could still send the form data using the SecureLine Escrow option, where you would receive an e-mail telling you that you’ve received a message. You would then log in and read the message.

2) Request or select the “HIPAA-compliance” option when creating your account, then sign BAA/ARA

Be sure to select the “HIPAA-compliance” option when you are requesting or selecting your account with LuxSci. This automatically generates a ticket pertaining to HIPAA-compliance when your account is provisioned. LuxSci’s HIPAA Security & Privacy Officer will review your account security settings and apply a lockdown which enforces the security settings described in LuxSci’s HIPAA documents. If you do not select the “HIPAA-compliance” option, there will be account setting options which are not HIPAA compliant.

LuxSci has a required “Account Restriction Agreement,” in addition to their BAA, for HIPAA customers. Review the details of required account setting configurations, recommendations and customer responsibilities in the ARA.

You must sign LuxSci’s BAA and ARA within 2 weeks of opening your account, preferably online at https://luxsci.com/baa. Once the lockdown is complete and the BAA and ARA documents are signed and returned to LuxSci, the account is then designated as HIPAA-compliant by LuxSci. We recommend you sign and return the BAA and ARA immediately upon opening the account. Furthermore, we advise that you obtain confirmation from LuxSci that the lockdown has been completed and the account designed as HIPAA-compliant prior to utilizing your account.

3) Be sure to change your initial password immediately

LuxSci sends your initial password over e-mail to a non-LuxSci account. Be sure to change this upon your first login, as there’s a possibility that first e-mail could be intercepted in transit (a low, low, possibility, and this would be true of most e-mail from most vendors).

We approve of LuxSci’s strong password requirements – a surprising rarity!