Security for our customers and their patients is one of our top priorities. To help ensure everyone has the best and most secure experience using VIPatient, we have compiled our security standards to document how we are keeping sensitive data safe.
The VIPatient web application uses SSL security certificates with a 4096 bit encryption to verify that you and your patients are connected securely to our servers.
After the connection is made, the next security protocol in place is our password policy. We require that a password is at least 7 characters long, contains upper and lower case letters as well as atleast one number.
After logging in, all patient information is stored in an encrypted SQL database only accessibile by our servers. VIPatient uses a PBKDF2 one-way password hash with a unique salt value for each user every time they change their password. This greatly increases the complexity of any type of brute force attack.
Our video framework leverages the latest in WebRTC technology. Video calls use an end-to-end encryption based on a 4096 bit SSL certificate. Most of the time, data is not even passed to our servers. In some cases, when video information must move through our control server, located at control.vipatient.net video information is never decrypted and passes straight to the end client.
Our signaling server also uses a trusted SSL certificate to ensure that all communications are secure before they leave the client side browser.