Partnering with pediatric practices

Anthem data breach - Encryption is Important

Involved in the NDA community

February 8, 2015

eTherapyDocs encrypts data while in transit AND sensitive data while it is at rest.
eTherapyDocs Blog

By now everyone is aware of the Anthem Data Breach. Experts said the information was vulnerable because Anthem did not take steps, like protecting the data in its computers though encryption, in the same way it protected medical information that was sent or shared outside of the database. Data needs to be protected at two different times. The first time is while 'in transit', which is when data is being sent back and forth from your browser to the server and while data is transmitted from one system to another. The second time to protect data is while it is 'at rest', specifically when it is stored within the data storage area or a database. While Anthem protected data while it was in transit, they failed to encrypt the data, like Social Security numbers, while it at rest (stored). eTherapyDocs encrypts data while in transit AND sensitive data while it is at rest.

The encryption and decryption process is time consuming and makes it harder for companies like Anthem to share their data with legitimate entities. eTherapyDocs takes the time to protect sensitive data both in transit and at rest. eTherapyDocs uses something called SSL (Secure Sockets Layer) that takes sensitive information such as patient information, social security numbers, and login credentials to be transmitted securely. Without SSL, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. eTherapyDocs takes the SSL encryption a step further by providing Extended Validation (EV) SSL (eTherapyDocs Encryption). EV SSL is the highest class of SSL available today using 2048 bit encryption. You can feel safe knowing that eTherapyDocs uses EV SSL and see that indicated by the visible green address bar when you are logged into the system.

Are you wondering about the HIPPA implications? HIPPA does require certain kinds of encryption and good practice around it. They do requires that any patient data 'transmitted over the internet' must be done using encrypted connections. However, HIPAA to avoid imposing an unreasonable burden on data at rest, when the likelihood of disclosure is low and they allow alternative security measures and only suggest that data at rest is encrypted. Although beyond HIPPA regulations, eTherapyDocs encrypts critical sensitive data, while it is stored and at rest. We take data protection seriously.

For more information about the Anthem breach see the article below. Bloomberg's report on Anthem Data Breach