What do patients fear more than chronic illness or disease? For most, it is probably identity theft from a database security breach by hackers. Despite government regulations on the privacy of your health information detailed in the Health Insurance Portability and Accountability Act (HIPAA), and the certification standards of the Office of the National Coordinator for Healthcare IT (ONC) for healthcare software that ensure the security of your health data, there are a good number of people who are quite leery of making all of their sensitive information is accessible on a website.
The definitive video explanation of encryption.
Healthjump complies with HIPAA and is ONC Certified. What that means to patients who use Healthjump is that we hold their privacy and security as a top priority. Let's get specific about our security standards without getting extremely technical. I have done some research and had a chat with one my engineers and my CTO to get a simplified explanation of our top notch security standards.
Encryption in a nutshell
Our security starts with a 256 bit encryption, which probably means nothing to anyone who hasn't studied computer science. Essentially, at least the way it was explained to me, websites come in two forms; encryption and plain text. Encryption is like a secret code that needs a key to make it readable. To stop hackers from getting that key to a Healthjump profile, we have an insane number of key possibilities (2^256 to be exact - not even sure if that number has a name) that would need to be tried for a hacker to successfully find the right one. Like the video above says, it would take thousands of years with all of the worlds super computers to do that. So, the only feasible way an adversary could hack an account on Healthjump would be to figure out a person's password, which is a patient responsibility to protect.
Tips for a strong password
1. Make it at least 8 characters: Healthjump requires that.
2. Stay away from the obvious: Don't include names, birth dates, or pet names.
3. No complete words: If you use a word break it up with non-obvious substitutions. ex: y0u_tU8e or 60Ogle.c0m
4. Make sure it contains alphanumeric mixed case, and a special character or two: In the above example all are present.
5. Don't start with a capital letter if it is required, and don't put a few obvious numbers at the end. Make sure you mix them up.
You are already likely trusting this encryption with you money
Banks and other financial institutions are the most common users of 256 bit encryption, and rightfully so. If you can trust your bank to take care of your identity online, then it might making the leap of faith a little easier to hear that medical websites are using the same technology. Another factor with encryption is the key size. Healthjump currently uses a 2048 bit key, which is strongest encryption standard availble to the general public for use to encrypt their secret information. To find out what encryption a site is using, use Google Chrome as your browser and look at the url field. Before the https, you will see a lock or a green bar. Clicking on that will show you the sites security certificate. If you don't see an "s" after http, the site is not secure.
How does Healthjump use Encryption?
It is critically important that I am clear on how Healthjump uses this top notch encryption to keep patient information safe.
1. First Healthjump uses 256 bit encryption to make the connection between the user and Healthjump while making sure that the "man in the middle" can't figure out the key (in the video, this is "Eve"). The encryption ensures that user is communicating ONLY with Healthjump.
2. Once the connection is established, information in transit uses 128 bit encryption. The reason it is lower is because it is operating behind the initial 256 encryption at the connection. Essentially, it's just an extra layer of security.
3. Finally, information at rest is protected with the encryption. Anyone can look us up on the ONC site and see that our site is certified and audited to ensure these security standards.
Moral of the story
No one is saying that a data breach on a website with AES 256 bit encryption is impossible, it's just extremely unlikely and would take years to do. Keep a strong password and update on a regular basis to ensure your security on websites where your most sensitive information is stored. Embrace a sense of confidence that your privacy is secured on healthjump.com