Free Medisoft Tech Help- Medisoft V26, Medisoft Clinical EHR & More- Courtesy Support Resource

For prospective & existing Walker Tek Solutions' clients. (Remember me for upgrades ~ Gavin)
http://www.walkerteksolutions.com/forum/

DATA ENCRYPTION

http://www.walkerteksolutions.com/forum/viewtopic.php?f=3&t=1850

Page 1 of 1

DATA ENCRYPTION

Posted: Thu Feb 28, 2013 7:26 pm
by axolotl
Do you know if Medisoft data is encrypted? If not, how can the data be encrypted?
If so, how is it encrypted? Is there a particular algorithm used and what is the key length?

This is for a risk analysis.

Re: DATA ENCRYPTION

Posted: Fri Mar 01, 2013 9:32 am
by Gavin Walker
By default, Medisoft data is NOT encrypted. If you work with a Medisoft Value Added Reseller who knows how, you CAN turn on encryption in a Medisoft database. This would be using an RC4 encryption algorithm which has a maximum of 106 bit key length depending on what password you setup in the Advantage data dictionary for the key. If you are looking for something that is FIPS compliant, then this is not your solution.

What I do on my newer Internet hosted Medisoft Servers is I have the entire hard drive encrypted with Windows Bitlocker which IS FIPS compliant and then I encrypt certain key tables using Advantage's RC4. This will prevent a "casual" Windows user from browsing the Medisoft files and figuring out Medisoft passwords and patient names, etc.

Something else to keep in mind, if you are doing electronic billing, then claim files and reports containing patient information will be stored on the disk which are not part of the database and are not encrypted. Also, users can run reports and export them to disk, which is not secure. Various temp files and log files can be generated and stored all over the disk and can sometimes contain patient information. So Medisoft itself is NOT considered a "secure" application.

Re: DATA ENCRYPTION

Posted: Fri Mar 01, 2013 5:30 pm
by axolotl
I did figure out how to set the encryption password using ARC. I found that I did not have to remove the encryption password or decrypt tables to successfully access the data from within the Medisoft program. I also found no noticeable delays in accessing the data although my test database is quite small.

Does Windows BitLocker secure the Medisoft data even if it resides on a separate volume/physical drive than the OS? If so, is it possible to have separate encryption keys for each volume?

Thank you.

Re: DATA ENCRYPTION

Posted: Sat Mar 02, 2013 10:33 am
by Gavin Walker
I do believe bitlocker can only encrypt local disk drives. So it would be something you setup on the
server

Re: DATA ENCRYPTION

Posted: Sat Mar 02, 2013 10:52 am
by Gavin Walker
I do believe bitlocker can only encrypt local disk drives. So it would be something you setup on the
server
All times are UTC-05:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/