Since Ocean works with sensitive user and patient data, we designed it from the ground up to have rock-solid security. We created this collection of articles to transparently explain the industry-leading measures we’ve taken to guard this information. Despite our many ambitions to improve the quality of our healthcare system, protecting the privacy of our patients will always be paramount.
The Ocean system moves data between three systems over the Internet:
- the Ocean Tablet app
- the Ocean server
- the Electronic Medical Records (EMR) package.
In order to prevent eavesdropping, the Ocean system uses HTTPS, which is the global standard for secure data transmission used by governments and banks around the world. It would take millions of years to “brute force” hack the current standard of SSL encryption.
CognisantMD uses a signed, registered, publicly-trusted SSL certificate to protect against “man in the middle” attacks.
No patient or clinical data is stored on the Ocean Wave tablet. This guards against any privacy breaches in the event of theft or loss of the tablet.
Ocean stores its data in a highly secure, 100% Canadian-based data centre. Our data centres utilize superior data center infrastructure including environmental controls, fire suppression systems, redundant power sources and UPS backup, multi-homed Tier 1 bandwidth, 24/7 security including card entry, video monitoring) as well as technical and monitoring capabilities.
Administrative access requires an SSH connection with a key held only by CognisantMD system administrators.
Database access is limited to the application server cluster via IP white listing, meaning external computers are blocked from accessing the database directly. The database is secured with a password known only to CognisantMD system administrators.
As an additional, redundant level of security, all transmitted patient data is encrypted using a private key, defined by and known only by the clinic administrator. CognisantMD system administrators do not have access to this key and will never require it. This key ensures that even the most trusted CognisantMD administrators are completely unable to read patient charts.
The system uses AES for the encryption algorithm (an industry standard).
The only pieces of data that are not double-encrypted using this private key are those collected by optional, specially-designated anonymous eForms, explained further in the next section.
Ocean allows some carefully-selected forms to be designated as “anonymous”. These anonymous forms provide a secure mechanism for participating clinics to submit and aggregate research data on the Ocean server.
To protect patient privacy, responses to the answered forms are stored without any patient identifiers. Example informed consent forms are available to capture the patient’s consent when required.
Ocean site administrators have complete control over their participation and use of anonymous forms to ensure adherence to the principles above for their patient population (e.g. appropriate informed consent in local language, etc.).
There are three authentication mechanisms in Ocean:
A CognisantMD user can log into a site to manage configuration, export study results, etc. A CognisantMD user may belong to multiple sites and multiple sites may be associated with an individual user.
The credentials are private to a user; passwords are salted and one-way-hashed using SHA-256. In layman’s terms, there is no feasible way for anyone else to read or reverse-engineer a user’s password.
Ocean Wave Tablet Token
Ocean Wave tablets have their own unique authentication with limited security access, independent of specific users. Tablets are initially registered for a specific clinical site by a designated CognisantMD user. The registration is stored using a randomly generated token key secure to the tablet application.
Site EMR System
The EMR authenticates with Ocean using a site number and site password. The site password is manually configured in the EMR and in the Ocean site by a CognisantMD user.
To prevent any potential security oversights, all server-side services and resources are locked down by default. Users or other agents must be explicitly granted access to specific services.
In other words, no user, tablet, or EMR is granted access to do anything more than the bare minimum required to do its specific job.
Some examples of these restrictions include:
- no tablet is able access a patient chart without an authorized EMR user specifically granting access to the tablet for that patient’s chart on that day.
- individual users are systematically blocked from accessing data from any other site.
To ensure that these access constraints are always enforced, automatic security access filters are implemented on the server.
This server-side firewall ensures there is no access to a “backdoor” that might be exploited by malicious clients or compromised web browsers.