Encrypt my data files

You are here:

ECLIPSE encrypts some data by default & can be configured to encrypt most data. Also, your operating system can be used to force encryption on ALL ECLIPSE data.

Locking down your operating system & its users is the only way to truly protect your data. This must be handled outside ECLIPSE within Microsoft Windows. To better comply with HIPAA, we also recommend ongoing protection such as Malwarebytes. As an alternative, ECLIPSE EHR Cloud, which maintains encryption across your database & internet connection, relieves you of those responsibilities. (Of course, if you allow your login credentials to be compromised… it would be up to you to fix that.)

Microsoft EFS

The most transparent & seamless way to encrypt all your data is with the Microsoft Encrypting File System.

  • EFS is completely transparent to ECLIPSE and allows users to access directory structures based on their Windows login credentials.
  • This must be setup by the system administrator on a user by user basis to accommodate valid ECLIPSE users.
  • Users without Windows specific login credentials (user name/password) will not be able to view or use any data files — even if they transfer the data to a different computer system where they can run ECLIPSE.
  • It’s imperative that you backup and keep the encryption key somewhere safe. Without it, it won’t be possible for anyone (including Microsoft) to access your data if your computer breaks down.

Microsoft BitLocker

Bitlocker Drive Encryption can help protect files from unauthorized access by protecting your drives. Bitlocker protected drives are compatible with ECLIPSE and provide an additional layer of protection for your data on networked drives.

ECLIPSE Database

Since 2011, ECLIPSE has been certified [an ongoing process including oversight & quarterly reporting] by the federal government as compliant with HIPAA security rules as part of the ever-evolving Meaningful Use (currently MIPS) certification process. If you want additional security past what can be seamlessly provided by Microsoft Windows — which we neither advocate nor recommend — we suggest you use ECLIPSE with a FairCom Server and encrypt your ECLIPSE database by selecting Rebuild selected files/indexes from the File | Utilities | Repair menu, checking the Encrypt the database during data file rebuild option and performing a database rebuild.

FairCom technology is used by the U.S. Department of Defense & their encryption techniques include proprietary algorithms. Their encryption techniques, which are incorporated into ECLIPSE as noted above, provides the means to add an extra level of confidentiality to an application’s data. FairCom designed proprietary algorithms to mask files on the disk from unauthorized inspection without sacrificing speed and efficiency, focusing on minimizing performance loss.

ECLIPSE Documents Database

ECLIPSE maintains a database of documents that can be scanned or imported. These documents may be images, video, audio, text, etc. Each document consists of a database entry and the document itself, stored in a separate folder. By default, all documents except PDF are stored in their original format without encryption, allowing system administrators to control access via the operating system.

  • You can automatically encrypt most documents. To turn this feature on: Access your configuration from the File | Utilities | Configuration menu & check Encrypt scanned/imported non-editable documents (e.g. JPG, PNG, TIF) on the General tab to turn this feature on.
  • Once this featured is turned on, most documents are automatically encrypted for storage & decrypted for viewing.
    • Select Encrypt Document Database from the File | Utilities | Repair menu to encrypt pre-existing stored documents.
    • Internal PDF documents are always encrypted regardless of configuration settings.
    • Imported PDF documents are automatically encrypted as of 10/18/2017.
    • Scanned images in TIF format, other image formats (e.g. jpg, png), video, and audio files are encrypted.
    • Files such as those from Microsoft Word & other text documents that may be edited are not currently encrypted prior to storage.
  • Document encryption may impact performance for large files.
  • Documents are encrypted as AES files to ensure the best possible performance & security.

General

  • Dedicated web service operations (e.g. prescriptions, patient portal) use the most stringent SSL specifications. Other web service operations use SSL when SSL is an available option (e.g. Google, Medline) .
  • As applicable (e.g. prescription services), ECLIPSE provides MD5 & SHA2 hash digests to further secure data sent via SSL or in files. Security levels are dependent on & dictated by the service API.
  • Automatic internal backups of ANSI 837 files are encrypted via AES.
  • Exported PDF files are optionally encrypted as 256 bit AES files.
  • ECLIPSE can directly transfer files via secure FTP.