The Shared Encryption Key
The shared encryption key is used by Ocean to decrypt private patient health information (PHI) locally, within your web browser. This prevents third parties (including CognisantMD) from accessing your clinic's PHI.
Web browsers are often "locked down" by site IT departments, as a general security measure. These restrictions can sometimes prevent Ocean and other web sites from storing information like the shared encryption key. If you are repeatedly prompted for the encryption key despite entering it successfully in the past, please consider the following possible explanations.
The encryption key is stored only within a particular browser, on a particular machine. It must be entered individually on each browser/computer combination that you use. We recommend that you enter it on each onsite computer browser as part of an initial setup.
The encryption key may have been previously stored on one browser, but not on the one currently open. For example, it may have been stored within Chrome on the computer, but not within Firefox.
Some shared computers are configured to store different settings for each user who logs in. If a particular user has not yet logged into a particular machine, and the machine stores different settings for this user, he/she will be prompted for the key for the first time.
Modern browsers provide users with the ability to open web pages in a "secret" or "private" mode, where information such as the encryption key, cookies, browsing history and so on are hidden. In this setting, the user needs to enter the encryption key for each session.
Since the encryption key is part of the browser's "local storage" and browsing history, it will be discarded with each session with this privacy setting in place. Please check your browser's Privacy and/or Security settings tabs to ensure this is not the case.
Some IT configurations prevent any user information from being stored across login sessions for privacy/security reasons. In this setting, the encryption key will be discarded between each session. Please discuss with your IT team if this is a concern.
Similar to the issue above, many remote login (terminal services) products such as Windows Terminal Services can be configured to store the browser's history ("localStorage") for individual users or remote terminals. However, if the remote login is configured to clear the entire browsing history with each session (particularly the localStorage), then the browser will not have the shared encryption key available when a new session is started.
As a general security measure, we recommend that sites change their encryption key periodically. When this happens, each browser/user configuration must be updated once with the new key.
To decrypt old referrals after the key has changed, the old key must be entered on the browser as well.
If none of the above scenarios are applicable, or you have any further questions, please contact CognisantMD support.