gsporter wrote on Thursday, February 09, 2012:
It would be nice to be able to set a “private” key for the practice which would encrypt ALL uploaded files. Then have an “public” key that office staff would use to open them from within OpenEMR. Additional security could be added by using a system specific salt value.
Allowing individuals to set the encryption opens the door to a lot of issues. Say that office staff member leaves or mistypes a common shared encryption key. Also a hurried staff member would not be tempted to skip encrypting files.
I am not as worried about employees accessing files as much as external forces. That way a hacker would be required to 1) crack a user’s password to access openemr 2) crack the “public” key.
GP