Recovering a Lost / Forgotten Shared Encryption Key

In the worst case scenario of a lost encryption key, CognisantMD has no way to find or retrieve your unique key on your behalf (this is one of the ways we help to ensure patient data is always secure). However, there are some troubleshooting steps you can take to try to recover it on your own.

Step 1: Try the Ocean Portal

Log in to the Ocean portal

Assuming you are a site administrator, navigate to the Admin tab.

Select the "Encryption" section from the menu on the left and your shared encryption key should appear there. If not, the "hint" may help you track down where you should be looking and/or what you chose your key to be.

If that doesn't help, continue to Step 2 below.

Step 2: Try the EMR

If you are using the TELUS Practice Solutions Suite or OSCAR EMR, you may be able to access the encryption key from within your EMR.

If you are using PS Suite, open the Ocean custom form and click "Settings" on the custom form. Enter your Ocean credentials (username and password) and a menu of options should appear. Click on "Shared Encryption Key" to view your shared encryption key.

If you are using OSCAR, click on the OSCAR eForm's "settings" tab, choose "advanced settings" and "reset encryption key" (it won't change it; it will simply show the existing value).

Step 3: Try a Colleague's Web Browser

A user who can view patient data in plain text in their web browser can do so because they have the encryption key in their browser's local storage. If you set up Ocean using your web browser, it might be available by logging in to your Ocean portal account using this same web browser. If a colleague set it up, you can ask them to log into their Ocean portal account.

In either case, you will see the shared encryption key in the "Admin" tab (which only site administrators can see) under the "Encryption" section (selected from the menu on the left). Again, the encryption key, although it may be shown in the web page, is actually from the web browser's local storage (i.e. on your computer in a folder for that browser).

Step 4: Try an Ocean Tablet

If you have an Ocean Tablet, you can access the Encryption Key via the clinician admin menu (via the "cog" icon). You will need Ocean user credentials to access the menu, and only users with site admin permission can choose "view shared encryption key", but if you have such permissions, it will show you the key.

If you've tried everything and still can't find it...

If your shared encryption key is truly lost, you will need to create a new one and update all your devices. However, if you do this, you will not be able to retrieve any previous patient responses or referrals (and we, sadly, cannot help retrieve them either). We can help you choose a new key at this point, as long as you are ready to abandon old Ocean patient records that have yet to be downloaded to your EMR.


Protecting Your Encryption Key in the Future

Your shared encryption key is the ultimate guard against unauthorized access to your patient's data, and should therefore be handled with great care and stored in a safe place. It’s also recommended that access to the key be limited to trusted administrative account holders. In order to prevent against the worst case scenario of a lost key (and lost patient data), we recommend taking the following steps:

  • Administrative access in Ocean is required to change the shared encryption key. As a result, you should limit admin privileges to a small number of trusted users. However, always ensure that you have redundancy, in case an admin user leaves the organization.
  • Ocean allows you to save a "hint". Make an effort to ensure that the hint will always allow an admin user to recover the key. This might include noting a secondary storage location.
  • Consider a safe online password storage tool designed for shared team use such as Common Key or 1Password.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request