Select the search type
  • Site
  • Web
Search
You are here:  Support/Forums
Support

Bring2mind Forums

File Encryption for HIPPA requirements
Last Post 03/10/2014 11:45 AM by Peter Donker. 5 Replies.
Sort:
PrevPrev NextNext
You are not authorized to post a reply.
Author Messages
Highbeam Systems
New Member
New Member
Posts:2


--
12/20/2013 4:26 PM
I noticed a question from a previous post regarding file encryption to meet HIPPA requirements where you indicated that while this was not a part of the core system it could perhaps be added by some custom coding.

We are in a similar situation where we store some sensitive/regulated materials that are required to be encrypted. Ideally our goal would be to create a folder called, for example, Medical Info and then everything that is placed in that folder would be encrypted. Additionally, we would need to log all accesses to this folder (who, when) in order to comply with all of the regulations.

While we could devise several potential methods to accomplish this it would be best to have it added into DMX itself. HIPPA compliance is a big deal in the US and keeps getting bigger so I think some type of encryption + logging functionality would be a great addition to DMX.

My company would even be potentially interested in sponsoring this functionality if there is any interest on your part to add.

Please let me know your thoughts.
Peter Donker
Veteran Member
Veteran Member
Posts:4536


--
12/30/2013 1:33 PM
Hi,

Please contact me by email about this to see if this is feasible.

Best,
Peter
Highbeam Systems
New Member
New Member
Posts:2


--
01/02/2014 9:29 PM
Peter, I sent you an email regarding this before the holidays ... did you receive?
Peter Donker
Veteran Member
Veteran Member
Posts:4536


--
01/14/2014 12:28 PM
I did ...
Timothy Gleason
New Member
New Member
Posts:1


--
03/04/2014 5:06 AM
Hi Peter, We would also be interested in file encryption.
Peter Donker
Veteran Member
Veteran Member
Posts:4536


--
03/10/2014 11:45 AM
Regarding this, I have these remarks:

1. HIPAA (Health Insurance Portability and Accountability Act) states that health care information "may not travel over the internet in unencrypted form".
So this would concern solely transport, not storage. And transport can be encrypted through SSL which does not require a change to DNN or DMX.

2. If it's the storage that concerns you: there is an option in DMX to store in Amazon S3. This can be set to encrypted storage. So again, you could do this without a change to the module.

3. Any security measure us as strong as the weakest link. In the case of encryption, the first question I ask is: where would you store the keys? DMX needs to have these keys to perform the encryption and decryption. And wherever you store them, that is where your weakest link is.

4. Performance: any encryption and decryption would need to be done on the fly when users upload and download content. This obviously consumes server computing cycles. Now, you'll need to protect your server in case someone uploads a document of lets say 1 Gb. Because it just might crash the app pool. So you'll need to set some threshold for which it is reasonable to still encrypt.

Peter
You are not authorized to post a reply.