DATA ENCRYPTION

Posts related Medisoft software.
Post Reply
axolotl
Posts: 65
Joined: Fri Mar 25, 2011 3:00 pm

DATA ENCRYPTION

Post by axolotl » Thu Feb 28, 2013 7:26 pm

Do you know if Medisoft data is encrypted? If not, how can the data be encrypted?
If so, how is it encrypted? Is there a particular algorithm used and what is the key length?

This is for a risk analysis.

User avatar
Gavin Walker
Posts: 4625
Joined: Wed Apr 04, 2007 10:11 pm
Location: Springfield, MO
Contact:

Re: DATA ENCRYPTION

Post by Gavin Walker » Fri Mar 01, 2013 9:32 am

By default, Medisoft data is NOT encrypted. If you work with a Medisoft Value Added Reseller who knows how, you CAN turn on encryption in a Medisoft database. This would be using an RC4 encryption algorithm which has a maximum of 106 bit key length depending on what password you setup in the Advantage data dictionary for the key. If you are looking for something that is FIPS compliant, then this is not your solution.

What I do on my newer Internet hosted Medisoft Servers is I have the entire hard drive encrypted with Windows Bitlocker which IS FIPS compliant and then I encrypt certain key tables using Advantage's RC4. This will prevent a "casual" Windows user from browsing the Medisoft files and figuring out Medisoft passwords and patient names, etc.

Something else to keep in mind, if you are doing electronic billing, then claim files and reports containing patient information will be stored on the disk which are not part of the database and are not encrypted. Also, users can run reports and export them to disk, which is not secure. Various temp files and log files can be generated and stored all over the disk and can sometimes contain patient information. So Medisoft itself is NOT considered a "secure" application.
Gavin Walker
Walker Tek Solutions, LLC
417-890-6777 x0
fax: 417-763-6386

axolotl
Posts: 65
Joined: Fri Mar 25, 2011 3:00 pm

Re: DATA ENCRYPTION

Post by axolotl » Fri Mar 01, 2013 5:30 pm

I did figure out how to set the encryption password using ARC. I found that I did not have to remove the encryption password or decrypt tables to successfully access the data from within the Medisoft program. I also found no noticeable delays in accessing the data although my test database is quite small.

Does Windows BitLocker secure the Medisoft data even if it resides on a separate volume/physical drive than the OS? If so, is it possible to have separate encryption keys for each volume?

Thank you.

User avatar
Gavin Walker
Posts: 4625
Joined: Wed Apr 04, 2007 10:11 pm
Location: Springfield, MO
Contact:

Re: DATA ENCRYPTION

Post by Gavin Walker » Sat Mar 02, 2013 10:33 am

I do believe bitlocker can only encrypt local disk drives. So it would be something you setup on the
server

User avatar
Gavin Walker
Posts: 4625
Joined: Wed Apr 04, 2007 10:11 pm
Location: Springfield, MO
Contact:

Re: DATA ENCRYPTION

Post by Gavin Walker » Sat Mar 02, 2013 10:52 am

I do believe bitlocker can only encrypt local disk drives. So it would be something you setup on the
server

Post Reply