Beyond Passwords: How Encryption Protects Your Patient Data - SMARTMD Beyond Passwords: How Encryption Protects Your Patient Data - SMARTMD

Personally and professionally, we are asked to enter passwords daily. Exactly how most of us select them is generally erratic at best and at worst, a discombobulated exercise in combining kindergarten metaphors, pet names, birthdates and some dubiously ergonomic pattern of letters and numbers from the keyboard. Even using sophisticated password software, the sheer number of passwords we are asked to juggle is unthinkable in a world where we no longer even commit commonly dialed phone numbers to memory.

The 25 Most Common Passwords Used in All of 2016

(Estimated time for hacker to gain access using “brute force” methods. Of course, a hacker would be likely to try all the passwords on this list first.)

A quick peek at the password manager I am using right now indicates it is currently storing 981 passwords—no doubt, mostly long-defunct access to free Tetris clones, Club Penguin and launch codes. But that is fodder for another day. After all, in most cases, a password is just a metaphorical key to a locked door.

There is little doubt, well-crafted passwords are an important tool in keeping sensitive data safe but if you are serious about keeping your daughter out of your patient records on “Take Your Child to Work Day,”—if you are serious about keeping your sensitive data safe—even the best passwords are only a beginning.

SMARTMD takes great care and effort to assure the security of your data. You might say it’s an obsession. And for good reason. It’s not only in good faith of our myriad clients and the individuals they care for… it’s the law.


Beyond unlocking your computer, phone, or even the doors to your office in the morning, best practices, HIPAA, SMARTMD and even Agent 86, Maxwell Smart, demand an even greater level of protection than a simple password such as a locked door.

Arguably, the most powerful, available tool to keep your data safe, is encryption. With acronyms such as SSL (“Secure Sockets Layer”), WPA (“WiFI Protected Access”) and AES (“Advanced Encryption Standard”), encryption methods, when implemented properly, have been approved to communicate your most sensitive Protected Health Information (“PHI”).

Unlike a door lock, however, encryption does not necessarily prevent private data from being accessed. Instead, it modifies the data you wish to keep private so that it is extremely difficult (or impossible) to read, even if it accessed.

One major advantage of encryption over locking sensitive data with a password is, should someone manage to gain access to information by using (or even guessing) a password, for example, the data would remain useless. In common practice, private data is often exposed simply by logging into an application, and stepping away from the unlocked workstation (or even your phone) for just a moment.

In SMARTMD’s case, our implementation of the Advanced Encryption Standard, AES-256, encryption standard is so secure, it has even been approved by the US Government for transmission of Top Secret communications. It is always on, by default, and cannot be turned off.

Not only does encryption require a “key”—similar to a password—to gain access to your private data but this key, by scrambling the data it is protecting, allows your data to be stored or transmitted without the fear of an unauthorized individual simply finding their way around the “lock.”

But what if someone were to discover this secret key? Modern encryption, however, such as that used by SMARTMD, has another powerful “trick” up its technological sleeve to keep your data safe. The public key used to protect your data may only be used to encrypt private data. This key need not be secret at all and may be distributed openly.

In this asymmetric paradigm, data may be sent over public networks such as the internet, without concern that it might be exposed. Only the party with the singular (and often temporary) private key may decode the message—your private data. Anyone intercepting the encrypted message in transit, would find it completely unreadable.

Is AES-256 encryption hackable? In theory, yes. But, currently, it could take 50 supercomputers, checking a billion-billion AES-256 keys per second, about 3 Sexdecillion Years.

3,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years!

SMARTMD is constantly working to improve the ease and methods to keep you and your patients’ data safe. More on “Password” best practices coming soon.