Securing Patient Data in Transit During a Transfer

Moving protected health information (PHI) between systems is one of the highest risk moments in any EMR transfer. Here is how we keep it safe end to end.

Envelope encryption everywhere

Customer credentials are never stored in plaintext. Each secret is sealed with a per-record data encryption key (DEK), which is itself wrapped by a key encryption key (KEK) that lives in a managed key vault. The plaintext never touches our database and the KEK never leaves the vault.

Scope credentials tightly

A transfer only needs read access to the source and write access to the target. We request the narrowest possible scopes, rotate them aggressively, and revoke them the moment a transfer completes.

Audit everything

Every read, transform, and write is recorded with an immutable audit trail. If a compliance officer ever asks "who touched this record and when," the answer is a single query away.

Security is not a feature you bolt on at the end — it is the foundation every transfer is built on.