Monday, 26 February 2018

How to Undo A Sent Email in Microsoft Office 365 (With Pictures)

We’ve all accidentally sent an email too early, without a specific attachment, or to the wrong address.

Regardless of how it happened, an accidental email can make you seem too eager, too rushed, or worse: make you violate HIPAA. Sending protected health information (PHI) accidentally or to the wrong recipient (don’t always trust auto-fill!) is one of the most common causes for data breaches.

Luckily, there is a free and easy way to undo a sent email. Anyone can set it up, and we’re going to show you how.

We’ve looked at how to undo sent emails in other email providers:

This post will cover how to undo a sent email in Office 365.

Recall an Office 365 email with undo send

In every Office 365 account, you can opt in to an undo send feature. This free feature allows you to retract an email for up to 30 seconds after you have sent it.

How to enable undo send on your computer

1. First, sign into Office 365 and select the Settings gear icon at the top right hand corner of the page.

office 365 settings gear button

2. Scroll towards the bottom of the Settings page until you reach “Your app settings”. Select “Mail”.

office 365 settings, office 365 your app settings,

3. After you click on “Mail”, you will be brought to the “Options” page. Click the “Mail” option again, then find “Undo send.”

office 365 undo send

4. After selecting “Undo send”, you’ll be brought to the Undo send menu. Choose “Let me cancel messages I’ve sent for”, and then choose how long or short you want to be able to undo a sent email in the drop down menu. Once done, select “Save.”

undo send menu, office 365 undo send menu

How “undo send” works in Microsoft Office 365 

To see the “undo send” feature in action, first compose an email and send it as you normally would.

office 365 undo send test email

After you hit send, look at the top right part of your screen. You’ll notice a progress bar in action. The bar will run for as long as you gave yourself time to “Undo send” an email.

In order to recall the email, simply press “Undo”.

microsoft office 365 undo send feature email

Your recalled email will re-appear in a separate window for you to either edit as necessary or cancel it altogether.

However, you only get one second chance in Office 365. If you hit send after editing your email in the separate window, you won’t see the “Undo email” option again. Be sure to review your email contents and who you’re sending it to carefully!

Prevent accidental emails even further with Email Data Loss Prevention (DLP)

Even with an undo send feature enabled, you can still miss the window to retract your email. And it happens – we’re only human.

With our Email DLP Suite, you can make sure no emails – especially those containing sensitive information – slip through the cracks.

Email DLP allows you to set customizable rules so no sensitive data gets sent accidentally or maliciously. Social security numbers, proprietary information, PHI, and more can be recognized and “quarantined” from being sent out until you give the final approval.

Accidents happen, and it’s always better to be safe than sorry.

Sunday, 25 February 2018

What is HITRUST Certification?

What is HITRUST Certification? - Paubox

The Health Information Trust Alliance (HITRUST) is a standards development organization that was founded in 2007. It develops and maintains a healthcare compliance framework called the HITRUST Common Security Framework (CSF).

According to HITRUST, the CSF is:


“A certifiable framework that provides organizations with a comprehensive, flexible and efficient approach to regulatory compliance and risk management.

Developed in collaboration with healthcare and information security professionals, the HITRUST CSF rationalizes healthcare-relevant regulations and standards into a single overarching security framework. Because the HITRUST CSF is both risk- and compliance-based, organizations can tailor the security control baselines based on a variety of factors including organization type, size, systems, and regulatory requirements.”


The HITRUST CSF is designed to unify security controls from federal law (HIPAA), state law, and non-governmental frameworks (PCI-DSS) into a single framework that’s tailored towards use in the healthcare industry.

To become HITRUST certified, organizations typically follow a 4-step process:

  1. Leverage the HITRUST CSF assessment tool to identify applicable HITRUST Controls
  2. Complete HITRUST CSF assessment and engage a third-party HITRUST auditor to test controls
  3. Organization and auditor both submit their assessment to HITRUST for review via the MyCSF Portal
  4. Achieve HITRUST certification

Amazon Web Services (AWS) and HITRUST

If you are a cloud software company like Paubox, choosing the right cloud vendor for compliance and security is vitally important. As such, Paubox has been a customer with Amazon Web Services (AWS) since day one.

To address security and compliance, AWS uses a Shared Responsibility Model.

Under this model, AWS manages security of the Cloud and its underlying infrastructure, while security in the Cloud is the responsibility of the customer.

AWS customers have a broad range of controls to implement to protect content, platform, applications, systems and networks.

In the context of compliance, AWS offers customers compliance-ready infrastructure and provides tools and services they can use to be compliant on the AWS Cloud.

To help customers with their HIPAA and/or HITRUST compliance, AWS provides access to a suite of both AWS-native tools and services designed for use by customers to secure their workloads and encrypt and obfuscate PHI.

AWS offers customers who need a Business Associate Agreement (BAA) for HIPAA compliance.

SEE ALSO: Is Amazon Web Services (AWS) HIPAA Compliant?

Friday, 23 February 2018

How to Undo A Sent Email in Microsoft Outlook (With Pictures)

undo sent email in microsoft email, unsend an email microsoft outlook

We’ve all accidentally sent an email too early, without a specific attachment, or to the wrong address.

Regardless of how it happened, an accidental email can make you seem too eager, too rushed, or worse: make you violate HIPAA. Sending protected health information (PHI) accidentally or to the wrong recipient (don’t always trust auto-fill!) is one of the most common causes for data breaches.

Luckily, there is a free and easy way to undo a sent email. Anyone can set it up, and we’re going to show you how.

We’ve looked at how to undo sent emails in other email providers:

This post will cover how to undo a sent email in Microsoft Outlook.

Undo a sent Microsoft Outlook email with “Recall This Message”

Recalling a Microsoft Outlook email takes a few steps. These steps work for Outlook 2010, 2013, and 2016.

1. Choose the “Sent Items” folder in your Outlook folder pane

2. Select the message that you want to un-send. Make sure you double-click the message and open it. If the message simply appears as a “preview” in the reading pane, as seen above, you won’t be able to find this next step.

3. Under the Message section, select “Actions” and then “Recall This Message”

microsoft outlook reading pane, microsoft outlook message recall this message

NOTE: If you are not able to find the “Recall This Message” option, the feature may not be available within your organization. Those with a Microsoft Exchange account should be able to see this step.

4. After selecting “Recall This Message”, you’ll have two options:

  • Delete unread copies of this message
  • Delete unread copies and replace with a new message

Choose whichever option you prefer, and select if you would like to be notified if your recall is successful. Then select OK.

microsoft outlook recall this message

To compose a replacement message, simply type in the email body as you normally would and select “Send” when finished.

And voila! With those simple steps, you now know how to undo a sent email in Microsoft Outlook.

Prevent accidental emails even further with Email Data Loss Prevention (DLP)

Even with an undo send feature enabled, you can still miss the window to retract your email. And it happens – we’re only human.

With our Email DLP Suite, you can make sure no emails – especially those containing sensitive information – slip through the cracks.

Email DLP allows you to set customizable rules so no sensitive data gets sent accidentally or maliciously. Social security numbers, proprietary information, PHI, and more can be recognized and “quarantined” from being sent out until you give the final approval.

Accidents happen, and it’s always better to be safe than sorry.

Is Constant Contact HIPAA Compliant?

Is Constant Contact HIPAA Compliant? - Paubox

We’ve been getting asked by customers and prospects about Constant Contact and their ability to use it in a HIPAA compliant manner.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.

In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:

Today, we will determine if Constant Contact offers HIPAA compliant email service or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

About Constant Contact

Constant Contact is an online marketing company, headquartered in Waltham, Massachusetts. The company was founded in 1995, went public in 2007, and was acquired by Endurance International Group in 2016.

Constant Contact and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.

We checked Constant Contact’s site and found what we were looking for in their Knowledge Base (KB).

In a KB article called Business Associate Agreements (BAAs), they state:



If you are a covered entity, please contact us at legal@constantcontact.com to request a business associate agreement prior to using our product with your email subscribers.

Constant Contact will only sign our business associate agreement form (additional charges may apply). We cannot make any changes to our standard form of business associate agreement under any circumstances.


While we can see that Constant Contact will sign their own BAA, there are additional details to take note of.

For example, Constant Contact also states in the aforementioned KB article:


[You] Should not use our systems for transmitting highly sensitive PHI (for example: mental health, substance abuse, or HIV information). Our application was not built for electronic medical records (EMR). If you have such information to send, please do not use Constant Contact.

In other words, while Constant Contact will sign a BAA with a customer, customers are not allowed to actually use their service to transmit PHI (protected health information).

Does Constant Contact Offer HIPAA Compliant Email Service?

The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.

Constant Contact clearly states that while they will sign a BAA, customers are not allowed to use their service to actually transmit protected health information (PHI).

Conclusion

Constant Contact is HIPAA Compliant but with strings attached.

You should not use their service to actually transmit PHI.

Ron’s Pharmacy Services Suffers HIPAA Email Breach

Paubox HIPAA Email Breach

On February 2, 2018, Ron’s Pharmacy Services submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).

Located in California, the Ron’s Pharmacy Services email breach affected 6781 individuals’ protected health information.

Ron’s Pharmacy Services is classified as a Healthcare Provider.

HHS Wall of Shame

The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.

As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.

HIPAA Breach Report

The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.

Thursday, 22 February 2018

How to Undo A Sent Email in Gmail (With Pictures)

We’ve all accidentally sent an email too early, without a specific attachment, or to the wrong address.

Regardless of how it happened, an accidental email can make you seem too eager, too rushed, or worse: make you violate HIPAA. Sending protected health information (PHI) accidentally or to the wrong recipient (don’t always trust auto-fill!) is one of the most common causes for data breaches.

Luckily, there is a free and easy way to undo a sent email. Anyone can set it up, and we’re going to show you how.

We’ve looked at how to undo sent emails in other email providers:

This post will cover how to undo a sent email in Gmail.

Recall a Gmail email with undo send

Every Gmail and GSuite account includes a free little feature called Undo Send. With Undo Send, you can recall an email seconds after sending it.

How to enable undo send on your computer

1. Open Gmail and go into your Settings

2. Find the “Undo Send” section and check the box

3. Choose how long (or short) you want your send cancellation period to be

4. Finally, save your changes to put the undo send feature into effect

How “undo send” works in Gmail 

Below, I composed an email containing top secret proprietary business information and accidentally clicked send – oh no!

Gmail quickly confirmed my email was sent. But after enabling the “Undo Send” feature, now the option “undo” appears.

Almost immediately after selecting the “undo” button, my original email returned, and Gmail confirmed that my sent email was retracted.

Prevent accidental emails even further with Email Data Loss Prevention (DLP)

Even with an undo send feature enabled, you can still miss the window to retract your email. And it happens – we’re only human.

With our Email DLP Suite, you can make sure no emails – especially those containing sensitive information – slip through the cracks.

Email DLP allows you to set customizable rules so no sensitive data gets sent accidentally or maliciously. Social security numbers, proprietary information, PHI, and more can be recognized and “quarantined” from being sent out until you give the final approval.

Accidents happen, and it’s always better to be safe than sorry.

4 Ways Going Paperless Will Boost Your Bottom Line For Senior Care Providers

senior care, senior care providers, save money for senior care, senior care budgets, senior care costs

If you are a healthcare organization like a senior care provider, improving patient care is challenging with a limited budget. With finite beds, there is only so much revenue you can earn.

However, one way to increase your bottom line is to reduce costs. And one easy way to reduce costs: going paperless.

While transitioning from physical paperwork to digital paperwork might seem daunting, it’s actually easier than most people think. And the benefits far outweigh the risks.

Here are four key reasons why going paperless will boost your bottom line and improve patient care.

1. Documents are easier to find and organize

Nowadays, people can pull up a picture or email in seconds. Why fall behind the curve by sifting through piles of papers in bulky old cabinets?

By replacing a multi-step data entry process with an electronic document, your organization will not only look more modern and professional, but also be more efficient and increase your response time to patients.

Document management software can store and sort electronic receipts and invoices for faster billing and processing. Some document management software includes metadata for each transaction, such as who retrieved the file, the name of the person who requested the file, the date and time it was accessed, and the number of copies printed. These details comply with the HIPAA privacy rule and will help you pass any HIPAA audits.

Plus, you can employ automatic backups for electronic files. Instead of losing a physical piece of paper in the trash forever, you can store data on flash drives, the cloud (where you can schedule automatic backups), or an external hard drive.

Having backups available is a key way to recover from disaster scenarios like a ransomware attack.

2. Communicating with doctors, specialists, billing, and insurance companies is faster and cheaper

As a senior care facility, not only do you have to frequently communicate with patients and patients’ families, but you also have to speak with doctors, specialists, billing, and insurance companies. The constant communication between Primary Care Physicians (PCPs), specialists and insurance companies is where most fax expenses come from.

By switching to paperless communication, you can reduce the amount of faxes sent out, thus saving time and money spent sending fax after fax. Additionally, you’ll be saving on costs from having to physically store so many files year after year.

If you compile a list of patient emails, you can email appointment reminders, sales, or special offers without paying for postage or ink cartridges. Online contact forms save you the hassle of illegible handwriting and chasing down answers with easy organization and delivering straight to your email inbox.

READ MORE: How Does a Paubox Encrypted Contact Form Work? (With Pictures)

Then there is the opportunity cost savings, making things easier for your staff.

Going paperless will give your physicians, nurses and administrative staff a single access point for all patient records for when they need to update a file.

Typing is faster than writing, and simply dragging and dropping attachments into an electronic health record (EHR) is much quicker than manually entering the data and scanning it. This increased efficiency can allow for more patients to be cared for throughout the day.

These saved costs can be applied towards increasing the speed and quality of patient care.

Long gone are the days where you’ll need to maintain expensive office equipment like copiers or fax machines.

3. Paperless files are easily retrievable in the office and on mobile

In healthcare, every second counts when treating a patient. Instead of taking ten minutes or more digging through files to find one piece of paper, a paperless record can be found in seconds, regardless of the time or location.

Not only are lost files are a thing of the past, but it’s easy to communicate with staff who are on the go with encrypted HIPAA compliant email. Simply type a secure message, include any attachments as necessary, and send the email to one person or multiple people at once.

Some document software and EHR even have mobile apps. Paperless communication eliminates location restraints when it comes to patient care.

4. Good for the environment

Not only would your patients thank you by going paperless, the environment will too.

According to Statista, the global production of paper and cardboard was approximately 407 million metric tons in 2014. Office copy paper accounts for over 20% of total paper usage in the United States.

Going paperless reduces this obscene amount of paper usage, but also has another bonus: it reduces the amount of energy consumption too. You might be surprised how deactivating printers, faxes and copiers reduces your energy costs.

How other physicians responded to going paperless

You may be wondering, how did other physicians respond to transitioning to a paperless office? Dr. Catherine M. DesRoches answered that question by surveying 2,758 physicians in a study published by the New England Journal of Medicine.

According to the study, most physicians who transitioned to EHRs were satisfied after making the switch. 93% of physicians with fully functional systems were pleased with their EHRs and 88% of physicians with basic systems reported the same outcome.

In summary:

  • 97% felt the EHR system improved timely access to medical records
  • 95% noticed an improvement in timely prescription refills
  • 92% experienced improved communication with other providers
  • 72% felt patient communication improved
  • 85% noted avoiding medication errors
  • 82% noticed an improvement in quality of clinical decisions
  • 82%-85% reported a positive effect on the delivery of long-term and preventive care

Transitioning to a paperless office is more common than you think.

Going paperless and staying secure is easy for senior care providers

When it comes to securing patient information electronically, it’s not as scary as it might sound.

Services such as HIPAA compliant email, electronic health records (EHRs), and encrypted contact forms are all easy to implement and easy to secure.

Not only will you reduce your environmental footprint, but going paperless will help boost your office’s efficiency and potentially improve care to your patients.

Sunday, 18 February 2018

Kayak Fishing for Dungeness Crabs in Silicon Valley

Kayak Fishing for Dungeness Crabs in Silicon Valley - Paubox
Sharing my catch is a creative way to say mahalo in Silicon Valley

  • Kayak fishing is good for the mind and body.
  • I wanted to show my appreciation to folks who have helped us recently.
  • So I shared my catch with Lars Nilsson.

Kayak fishing is my release. It’s a great way to blow off stress, get exercise, focus on the moment and put food on the table. It’s Dungeness crab (Dungie) season now, so that’s what I’ve been targeting lately.

This weekend’s forecast called for light winds on Saturday and horrorshow gusts Sunday and Monday. That meant Saturday was GameDay.

Saturday’s high tide was at 11:34am, so I slept in a bit and got to Half Moon Bay with my truck, kayak and traps a little before 9am.

I try to plan my Dungie hunts two hours before a high or low tide mark. Dungies tend to move around more i.e., into my traps, during a tide change.

The Dungies weren’t in their usual spots yesterday, so I tried some new spots and eventually captured 7 plus a red rock crab.

I dropped four of them off today with Lars Nilsson aboard his sleek boat in the Marina.

Mahalo for the help, Lars!

SEE ALSO: Thoughts on the Water: Looking Ahead on 2017


Launched at 9:15am
Kayak Fishing for Dungeness Crabs in Silicon Valley - Paubox
Got a few keepers in there
Kayak Fishing for Dungeness Crabs in Silicon Valley - Paubox
I paddled to the green can to look for bait to catch and cut up
Kayak Fishing for Dungeness Crabs in Silicon Valley
After five hours on the water, I got 7 keepers and a red rock crab
Dungie Crabs for Lars Nilsson - Paubox
I caught up with Lars Nilsson today aboard One & Only
Lars Nilsson - One and Only - Paubox
Dropped off Dungies and got some more advice. Mahalo Lars!
Lars Nilsson - Dungie crabs

Is MailChimp HIPAA Compliant?

Is MailChimp HIPAA Compliant? - Paubox

We’ve been getting asked by customers and prospects about MailChimp and their ability to use it in a HIPAA compliant manner.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.

In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:

Today, we will determine if MailChimp offers HIPAA compliant email service or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

About MailChimp

MailChimp is a marketing automation platform and an email marketing service.

MailChimp began as a paid service and added a freemium option in 2009.

MailChimp and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.

We checked MailChimp’s site and found what we were looking for on their Terms of Use page.

On their Terms of Use page, they state:



20. Compliance with Laws
You represent and warrant that your use of MailChimp will comply with all applicable laws and regulations. You’re responsible for determining whether our Services are suitable for you to use in light of any regulations like HIPAA, GLB, EU Data Privacy Laws, or other laws. If you’re subject to regulations (like HIPAA) and you use our Service, then we won’t be liable if our Service doesn’t meet those requirements.

Does MailChimp Offer HIPAA Compliant Email Service?

The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.

MailChimp clearly states they will not sign a BAA or be liable for supporting HIPAA compliance.

Conclusion

ManilChimp is not a HIPAA Compliant email solution.

Friday, 16 February 2018

Chasing Chrome: A Day in the Life of a Startup CEO in San Francisco

A view from the top - Goodwin Proctor offices - Paubox
Everyday is different running a startup. Today was par for the course.

  • A conference call, catching up with a friend, biz dev, getting caught up with legal, discussing strategies and closing deals.
  • I place value on being early to meetings.
  • I love living and working in San Francisco.

I popped out of bed at 6:20am this morning, already realizing my alarm didn’t go off. We had a conference call coming up in 40 minutes with a large prospect.

Paubox runs on network time and I was not going to be late.

I hopped in the shower, skipped ironing my shirt and jumped in an Uber X. The drive from my place in North Beach to our SoMa office was less then 20 minutes and I arrived on time for our 7:00am call.

The rest of the day unfolded much the same way: Using Uber and hustle to get from meeting to meeting fashionably early.

Special shout out to my good friend Davy Chang for the idea to compile this “day in the life of” post.

Enjoy the pics. Aloha from SF!

SEE ALSO: Chasing Chrome: The Month in Review (July)


Catching up with Uldis Leiterts over free coffee at the Hyatt Regency

The Salesforce tower dominates the SF skyline
Salesforce Tower - Paubox
Arthur Bretschneider of Seniorly – A helpful startup CEO
Arthur Bretschneider - Senorly - Paubox
I hustled over to the Goodwin Proctor office at the Embarcadero Center
Goodwin Proctor offices - Paubox
Another beautiful winter day in the Bay Area
Goodwin Proctor offices SF - Paubox
Back at SaaS Alley. I ran into Shippo co-founder and CEO Laura Behrens Wu a few minutes later.
SaaS Alley - Paubox in SoMa
Evan Fitzgerald closing deals back at Paubox HQ
Evan Fitzgerald peace out - Paubox
Discussing strategy over Irish Coffee at The Cavalier
Mitch Steckbauer, Evan Fitzgerald, Hoala Greevy - Paubox

Thursday, 15 February 2018

Is PostageApp HIPAA Compliant?

Is PostageApp HIPAA Compliant? - Paubox

We’ve been getting asked by customers and prospects about PostageApp and their ability to use it in a HIPAA compliant manner.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.

In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:

Today, we will determine if PostageApp offers HIPAA compliant email service or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

About PostageApp

PostageApp is an email management tool that sits between an app and the SMTP server. It was originally utilized internally by The Working Group (TWG) for client projects. It essentially is a competitor to SendGrid.

PostageApp and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.

We checked PostageApp’s site and could not find any mention of their ability to sign a BAA. We also did not find any mention of HIPAA or PHI (Protected Health Information).

At the bottom of the PostageApp Terms and Conditions of Use page, we do see they listed a contact address in Toronto, Canada.

Not being headquartered in the U.S., we can see why they do not make any mention of HIPAA on their site.

Does PostageApp Offer HIPAA Compliant Email Service?

The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.

Since we could not find any mention of HIPAA, Business Associate Agreement, or PHI, we conclude PostageApp is certainly not in the business of providing HIPAA compliant email.

Conclusion

PostageApp is not a HIPAA Compliant email solution.

Wednesday, 14 February 2018

Is SparkPost HIPAA Compliant?

Is SparkPost HIPAA Compliant? - Paubox

We’ve been getting asked by customers and prospects about SparkPost and their ability to use it in a HIPAA compliant manner.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.

In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:

Today, we will determine if SparkPost offers HIPAA compliant email service or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

About SparkPost

SparkPost is an email infrastructure provider that sends over 3 trillion messages a year. A direct competitor to SendGrid, SparkPost is located a mile away from us in San Francisco.

SparkPost and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.

We checked SparkPost’s site and could not find any mention of their ability to sign a BAA.

We did however, find a page called Messaging Policy.

On that page, they state:



Sensitive Information. You will not import, or incorporate into, any contact lists or other content you upload to the Services or the Site, any of the following information: social security numbers, national insurance numbers, credit card data, passwords, security credentials, bank account numbers, or sensitive personal, health or financial information of any kind.

Does SparkPost Offer HIPAA Compliant Email Service?

The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.

SparkPost’s Messaging Policy clearly states they are not in the business of providing HIPAA Compliant email service.

Conclusion

SparkPost is not a HIPAA Compliant email solution.

Sunday, 11 February 2018

Can I Use Postmark and be HIPAA Compliant?

Can I Use Postmark and be HIPAA Compliant? - Paubox

We’ve been getting asked by customers and prospects about Postmark and their ability to use it in a HIPAA compliant manner.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.

In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:

Today, we will determine if Postmark offers HIPAA compliant email service or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

About Postmark

Postmark provides transactional email services for web applications. The company competes with SendGrid and is based in Philadelphia, Pennsylvania.

Postmark and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.

We checked Postmark’s site and found a support article called Is Postmark HIPAA Compliant?

On that page, they clearly state:


If your business needs to be compliant with the Health Insurance Portability and Accountability Act, your emails typically need to be compliant as well. Postmark is not HIPAA compliant so we do not recommend using our platform if you need to send HIPAA compliant emails. We also cannot sign any Business Associate Agreements around HIPAA.

Does Postmark Offer HIPAA Compliant Email Service?

The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.

Postmark clearly states they are not in the business of providing HIPAA Compliant email service.

Conclusion

Postmark is not a HIPAA Compliant email solution.

Saturday, 10 February 2018

Can I Use SendGrid and be HIPAA Compliant?

Can I Use SendGrid and be HIPAA Compliant? - Paubox

We’ve been getting asked by customers and prospects about SendGrid and their ability to use it in a HIPAA compliant manner.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.

In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:

Today, we will determine if SendGrid offers HIPAA compliant email service or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

About SendGrid

SendGrid is a cloud-based customer communication platform for transactional and marketing email. The company was founded by Isaac Saldana, Jose Lopez, and Tim Jenkins in 2009. It was incubated through the TechStars accelerator program and went public November 2017.

SendGrid has offices in Denver,CO, Boulder,CO, Orange,CA, Redwood City, CA and London.

SEE ALSO: SaaStr Speaker Series with Sameer Dholakia and Ajay Agarwal: The Rule of 40 and More

SendGrid and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.

We checked SendGrid’s site and found a Documentation page called Is Sendgrid HIPAA Compliant?

On that page, they clearly state:


No, we are not.

SendGrid does not natively support HIPAA compliant data transmission. We do not offer any encryption or security measures surrounding message transmission beyond those included in the SMTP RFC, which was not designed with HIPAA compliancy in mind.


Furthermore, on their Terms of Service page, they say:

SendGrid does not intend uses of the Service to create obligations under The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Gramm-Leach-Bliley Act (“GLBA”) or similar Laws (as defined below) and makes no representations that the Service satisfies the requirements of such laws. If You are (or become) a Covered Entity or Business Associate (as defined in HIPAA) or a Financial Institution (as defined in GLBA), You agree not to use the Service for any purpose or in any manner involving Protected Health Information (as defined in HIPAA) or Nonpublic Personal Information (as defined in GLBA). You will not allow any access to or use of the Services by anyone other than Your authorized Users or OEM Users (as applicable), and any such use will be consistent with the terms, conditions and restrictions set forth in this Agreement.

Does SendGrid Offer HIPAA Compliant Email Service?

The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.

SendGrid clearly states they are not in the business of providing HIPAA Compliant email service.

Conclusion

SendGrid is not a HIPAA Compliant email solution.

Friday, 9 February 2018

SaaStr 2018: How to Build an Outbound Sales Team

SaaStr 2018: How to Build an Outbound Sales Team - Paubox

On Wednesday, we arrived 25 minutes early to How to Build an Outbound Sales Team in Studio E.

The panel was moderated by Aaron Ross, who I saw speak last year at SaaStr 2017 Day 3. I recall immediately buying his book From Impossible to Inevitable.

I was eager to learn new outbound strategies this year.

Man, the room was uncomfortably packed. Like last year, people were standing, sitting in the aisle and seated on the carpet up front.

The panel was made up of:

  • Aaron Ross, Author – PredictableRevenue.com
  • Mélanie Attia, VP Marketing – Vanilla Forums
  • Scott Wong, Manager of Sales – Corral / Axia Technologies
  • Mackenzi Farsheed, Director of Demand Gen and Marketing – MindFire Inc.

Here are my takeaways from How to Build an Outbound Sales Team:

  • Growth companies hire SDR’s from within. Not outsourced.
  • Internal SDR teams always give better results.
  • Aaron Ross: Ideally start with 2 SDRs.
  • Aaron: It’ll take 4-6 months to get pipeline consistently working.
  • Aaron: It takes 2-3 years to show big results.
  • Management commitment and patience is important.
  • Aaron: 5-15 qualified appointments per month is industry standard.
  • Mélanie Attia: The phone is your best friend.
  • Aaron: Check and audit every opportunity that goes to quota. Do not let up on quality.
  • Scott Wong: As an SDR manager, challenge your SDRs.
  • Mackenzi Farsheed: Train SDRs to weave in price in the qualifying call.
  • Scott: Hire people first, talent second.
  • Mélanie: Don’t be afraid to ask for help.
  • Mackenzi: Start now and document along the way.
  • Mackenzi: Missed appointments and non-qualified meetings were problems early on.
  • Align the SDR program with the bottom line.
  • Melanie: Build strong Customer Success stories to support SDRs; focus on tangible results; be in sync with marketing.

About SaaStr Annual

SaaStr 2018: How to Build an Outbound Sales Team - Paubox
The room was packed.

SaaStr Annual is the largest non-vendor confab in the world, uniting the global B2B SaaS community both online and off. SaaStr Annual aims to help everyone scale faster and with less stress.

In 2018, over 10,000 Founders, Senior Executives, and VCs will come together over three action-packed days of high-quality networking, learning from those who’ve done it, and of course, great food, generously-poured drinks, and plenty of fun.

Thursday, 8 February 2018

How to Unlock the Domain Name of Your Dreams

Purchasing a custom internet domain name is a significant milestone in owning your own business. The domain name establishes your online presence, making a place for your customers to learn more about your product or brand.

But what exactly is a domain name?

A domain name is the part of a network address that identifies it as belonging to a particular domain.

To make the first impression of your organization’s web page a good one, follow these simple tips. Once you have a name in mind, scroll down to learn the easiest and cheapest ways to purchase your domain name of your dreams.

Helpful tips before you buy a domain name

1. Make your domain name easy to type

You want your domain name to be memorable, but you also don’t want to miss out on valuable visitor traffic by making your URL too complicated or difficult to understand.

With that said, avoid these in your domain:

  • slang
  • odd spellings of words
  • hyphens, especially multiple hyphens
  • numbers

2. Don’t make your domain name too long

Going back to tip #1, a memorable domain name is a simple domain name. A shorter domain name is not only easier to remember, but also reduces the risk of someone misspelling it when typing it in the address bar.

Most single domain names are taken for this reason. If there is a specific word you want that’s already taken, try getting creative by adding an adjective or verb before or after it. But make sure your domain name ultimately reflects your brand.

3. .com or .net? Does it matter?

In summary, yes and no. 75% of domains have the .com extension, with .net and .org coming in second and third place, according to Registrar Stats research.

With that said, most people are used to seeing com domain name in a web address and automatically assume that’s the norm. However, there are other websites that succeed with other domain extensions like .net, .info, or .org (think Wikipedia.org).

If your desired domain name is unavailable with a .com extension, and you really want it, then choosing .net or .org isn’t the end of the world. But if you do go outside the .com norm, be sure to remind your customers that you have a different domain name extension.

4. Don’t buy trademarked or similar domains

You don’t want to be too similar to trademarked or big brand names when creating your domain name. If you are, you run the risk of confusing people or worse, having a complaint filed against you and having to forfeit your domain name.

Avoid any legal challenges and competition by making your domain name unique in it’s own right.

5. Check if your domain is available on social media

Part of a successful online presence is a social media presence. Your domain name is a part of your brand, so you’ll want the name to be available as a username on social media so search engines and customers can put the two together.

So you’ve read the tips above and applied them to your branding guidelines, and now you have the perfect domain name for your website. What next?

Now, it’s time to bring your website to life by purchasing a domain name.

How to purchase a domain name

Congratulations, you’ve made it this far. Now rest easy knowing that you’ve overcome the hardest part – choosing a domain name (that’s available).

Domain name registration is surprisingly simple.

1. Make sure you have a web hosting service

To get your website live, you need a web hosting service and a domain name. Ideally, you should get these two items together. If you don’t have a service provider or a web developer, don’t worry. Here are a few options that offer both services:

If budget is a concern:

You’ll need to provide basic information such as contact information (i.e. an email address) and possibly a phone number.

Though these plans offer different things, any will be sufficient to bring your new website to life.

2. What if I want to change my domain name?

To change a domain name, you need to change your domain name system (DNS). Simply login to the domain name registrar that you used to register your domain name.

The process will vary depending on your registrar, but the steps will typically look like this:

  1. Find the DNS manager within your registrar
  2. Locate the DNS that you’d like to change
  3. Look for an option such as, “Use custom nameservers” and select it
  4. Then type in your desired new nameserver

3. Renew your domain name every year (or whenever it expires)

When you purchase your domain name, you’ll get an option of how long you want to purchase it. Typically this begins at one year and goes as long as ten years, and the longer you purchase it, the cheaper the annual fee is.

Most businesses recommend purchasing your domain name for at least two years. The longer time will help your SEO ranking in the long run and you won’t have to worry about renewing it for a short time.

However, make sure you don’t forget to renew your domain name or else, poof! Your website can go offline within seconds. And after a few weeks of going offline, your domain name will be available for purchase again.

4. Complement your new website with a professional business email

Every website has a contact section, whether it’s a separate page or in the footer. Legitimize your business even further with a professional business email.

With services like G Suite, you can have a business email like yourname@yourbusiness.com instead of yourname@gmail.com. The former looks more official and will make your brand seem more accomplished.

Once you secure a business email, we recommend that you keep your proprietary information safe with encrypted email. Not only will you protect your business against spam and phishing attacks, you will look more professional to your customers or potential customers with military grade encryption protecting both your outbound and inbound emails.

Once you complete all these steps, then congratulations. You now have established your online presence with your own fully qualified domain name and professional business email.