Home Forums Discussions Feedback and Recommendations Patient registration

Alexis, from a compliance standpoint there are two major concerns which can be easily addressed:
1) Transmission - The transfer of the data from the patient's PC to your server and the reverse. This can be accomplished with the requisite level of SSL. This encrypts the data while it is being transmitted from PATIENT --> SERVER <-- PATIENT.

2) Data Storage - how the data is stored on the server. Most databases today have the ability to encrypt stored data, and decrypt it on request. This means even is someone were to get hold of the physical database files, they would not be able to extract any patient information.

So here is how it should work:
Patient --> Server
Patient is presented with form.
Patient fills forms.
Patient hits save.
Data is sent to the database via SSL Encryption.
Data arrives at the database and is encrypted and stored.

Server --> Patient
Patient logs in.
Database decrypts patient data for reading.
Data is sent to patient form via SSL Encrypt.
Patient "changes/updates" his/her data and hits send.
Data is sent to the database via SSL Encryption
Data arrives at the database is encrypted and stored.