- Business Associate Agreement-BAA has to be signed by the service provider and covered entity.
- Access Control-This includes Unique User Identification, Emergency Access Control, Automatic Log off, and Encryption and Decryption.
- Audit Controls-to track user access and file access.
- Person or Entity Authentication
- Transmission Security-including Integrity Controls and Encryption.
- Device and Media Controls-including data backup, data storage, and data disposal.
How BizMailsecure is Secure?
BizMailsecure is Secure by virtue of the following features:
- Secure Business Associate Agreement is signed with clients.
- SSL connection is strictly enforced for all services, both at sender’s and recipient's end. This cannot be modified even by the Account Administrators.
- Encryption is strictly enforced for all outbound messages.
- Messages can be viewed or downloaded only by establishing SSL connection.
- Recipients can reply securely without having a secure email account.
- Facility to validate new recipient. New recipient needs to enter a 6-digit code to access email received. This randomly generated, recipient-specific code can be provided only by the sender.
- Minimum password length and complexity is enforced.
- Automatic Webmail session time out is enforced.
- Encrypted emails sent can be force expired at any time.
- Encrypted emails sent will automatically get deleted after a fixed time.
- Automatic session time out is enforced for message viewing page of SecureDraft.
- Legal archiving: All emails are archived remotely for a specified length of time, up to 7 years, These emails can not be edited or deleted.
- Emergency Access Procedure:Email communications can be accessed from any location via the Internet. There are also mechanisms for authorized administrative to access account data.
- Audit Controls: Audit reports of all logins to WebMail, POP, IMAP, and SMTP services are available to administrators. Reports include the date, time, and the IP address from which logins were made.
Dedicated servers - Secure email compliance?
Though BizMailsecure is hosted in dedicated servers, there is no explicit requirement. Secure law is 'technology neutral' in that it makes no specific requirements for the implementation of technical security, e.g. the level of encryption (128 bits or 256 bits), the encryption type (RSA, AES, etc.), the level of auditing, etc. The security restrictions BizMailsecure enforces ensure that all the hosted accounts meet the Technical Safeguards of the Secure Security Rule.
