Encryption is a technique used to protect your data. Imagine your digital information was put through a virtual paper shredder, jumbled, and then locked away in a safe. Even if someone broke into that safe, they would only see bits of information which would be meaningless to them. That’s encryption in a nutshell.
Data Encryption (in transmission)
Industry standard AES 256-bit encryption is used at all points where patient information is transmitted between a user and our servers. This includes full encryption for information shared by providers and patients, as well as encrypted transmission of uploaded/downloaded documents and images.
Data Encryption (at rest)
All patient data and billing information is stored in encrypted database tables using standard AES 256-bit. All documents and images uploaded by a patient or provider are stored encrypted, as well. Full drive encryption is in place for all hard drives storing patient information and website operation data using SHA-512 encryption standards.
Audio and video for all sessions are transmitted over an encrypted channel using industry standard cryptographic primitives. Audio and video streams are decoded as received by a participating provider or patient.
Multiple servers are used to handle specific tasks, such as webhosting, data storage, and video session management. Each server is uniquely configured with separate access details, software decryption keys, permissions, and safeguards. Access to systems containing sensitive information is restricted to an internal network structure.
We use an enterprise-class hosting solution that provides all necessary tools for maintaining HIPAA-compliant security measures and patient privacy. Our encryption standards ensure that our hosting solution has no access to sensitive patient information at any time.
HIPAA-Compliant Business Standards
In accordance with the 2013 HIPAA guidelines and regulations, suppliers of telemedicine software solutions are required to maintain HIPAA-compliant security and business practices. Further, healthcare providers are required to enter a Business Associates Agreement (BAA) with their telemedicine software supplier. We maintain HIPAA standards and enter into a mutual BAA with each CloudVisit Telemedicine subscriber.