EQUERY SECURITY


Server Internet Security Issues

HOW SECURE ARE FILES WHEN THEY ARE SENT ACROSS THE INTERNET VIA EQUERY?

Equery has a range of encryption options: Insecure, Zipmail, Standard and PKI (Public Key) cryptosystem (available December 2002).

 


STANDARD EQUERY SENDS FILES WHICH ARE:

  • Encrypted using a 2 layer security scheme
  • The outer layer utilises an 80 bit encryption key specific to each user
  • There are approximately 1.5 million billion key combinations making it virtually imposible to "brute force" crack the encryption.
  • The inner layer utilises a non-standard compression routine producing files with no identifiable structure. This also means that if the outer layer was cracked, there would be no way for the code-cracking program to determine that it had been successful.
  • The transmission is also packetised which further encodes the data during the transmission process.

While the encryption technique is not as good as PGP, the 2 layers of security make EQuery's Security similar to PGP.

PKI ENCRYPTION (available December 2002)

  • Provides the highest level of encryption
  • Not technically possible to crack with 128 bit encryption
  • Will be able to use Certificates issued by the Health Insurance Commission or other certification authorities
  • EQuery can generate its own key pairs

ZIP MAIL

ZIPMail accounts use the Windows ZIP compression utility to compress and password protect the result files. This method provides very good security and it is virtually impossible for even a very skilled person to intercept and read the results. However, experts in Internet protocols could intercept these files and it is technically possible to crack password protection on ZIP files using specialisec cryptographic tools.

EMAIL

EQuery's Email account type does not in any way encrypt or modify the results files and they arrive read to import into your Practice software.

It is difficult to intercept Email files. However, experts in Internet protocols could potentially read results sent using this type of account. Pathology/Radiology Services should require a letter of authority from the Practice Director asking for results to be delivered using this method.

NOTE: Both PKI (Baltimore implementation) and PGP are currently in widespread use by the HIC for Medclaims.

Gippsland Pathology Service
Princes Highway, Traralgon West, Victoria 3844, Australia, Tel: 61 3 5174 0800, Fax: 61 3 5174 7335