As an additional layer of security, all transmitted patient data is encrypted using a client encryption key, defined by and known only by the health information custodian and their chosen agents. OceanMD system administrators do not have access to this key. Since the key is required to decrypt PHI, this policy ensures that even trusted OceanMD administrators cannot view PHI.
The system uses AES for the encryption algorithm (an industry standard).
The only pieces of data that are not double-encrypted using this key are those collected by optional, specially designated anonymous eForms, explained further in the next section.