Web Forms Encryption and Security
Below is information about the encryption methods used for Web Forms versus Patient Portal.
My patients see a weak security icon in their browser address bar. Are Web Forms secure?
Yes. Web Forms are secure but use an older method of encryption. This is why you may see a weak security icon.
How does Web Form security differ from Patient Portal security?
Both Web Forms and Patient Portal use secure https connections. The difference is the method of encryption.
- Web Form pages use an older method of encryption that makes it possible for users with older operation systems and browsers to access the site (e.g. Microsoft XP, Internet Explorer 10).
- Patient Portal uses a more modern encryption and provides better security. However, older operating systems and browsers cannot connect to it.
Why did you choose different methods of encryption for Web Forms and the Patient Portal?
It has to do with accessibility. 12.8% of users still use Microsoft XP as their operating system and there is no browser they can update to that will work with the more modern encryption methods.
- For Web Forms, we have opted to provide a more accessible form of security instead of restricting access to potential patients. We do not send PHI for web forms. Instead users are sending it in and not much of it.
- For the Patient Portal, because we are publishing PHI we must chose security over accessibility. However, patients who use older operating systems may not be able to use the Patient Portal due to the modern encryption methods.
We have had a few complaints, but hope you see why we do not 'fix' it. It is not broken is the best choice. Many hospitals and medical centers also use https sites with potentially insecure encryption. This is because accessibility sometimes trumps security. The data is still encrypted even if technically breakable. The Patient Portal encryption method is the more secure exception rather than the less secure rule.
See also eServices General Troubleshooting.