The Clarius security architecture comprises of three main parts: the Scanner, the App and Clarius Cloud. To see how Personal Health Information (PHI) is stored and transferred, see the following information below.
All communication established with the Clarius Cloud, either from the Clarius App or from the user's browser is encrypted by using at least 256-bit TLS 1.2 encryption across all services and its robustness is tested regularly. This is the same technology widely used by browsers in secure communications throughout the Internet.
The Cloud connection is used to pull user data, Scanner permissions, and settings from the cloud. Completed examinations can be sent to Clarius Cloud for long-term storage.
Note: TLS 1.2 is FIPS compliant and uses the following protocols: ECDHE-RSA-AES256-GCM-SHA384
Credentials & Passwords
Clarius uses an account based system to manage device use and exam storage. Account passwords are encrypted and secured using the PBKDF2 algorithm with a SHA256 hash, a password stretching mechanism recommended by NIST.
Clarius Mobile Health and its support staff have no access to user's passwords. When users forget or lose their password, they can use Clarius' reset password mechanism.
The Scanner does not store any persistent images or PHI. During imaging, real-time images are streamed from the Scanner to the App on the smart device using a secure wireless protocol.
The user can choose to enter patient data on the App, which is then associated with the images. The App temporarily stores the images and patient information in a private, encrypted storage space on the smart device's operating system (OS).
On Apple devices this storage space is encrypted natively by iOS. On Android devices this storage space is segregated from other apps on the device and from the user. However, rooting the device may break this Android-enforced protection. It is strongly recommended, when using Android devices, that users do not use rooted devices and that they enable hard drive encryption. Once the App successfully stores the image remotely (i.e. to Clarius Cloud) the PHI information is deleted from the device.
Completed examinations are pushed to Clarius Cloud for long-term storage. Patient information are stored and encrypted in the server's database. More information on the Cloud security details can be found here.
If Clarius Cloud is not an option for image and PHI storage, the DICOM option can be used. Once images and PHI are sent over DICOM, security is on the onus of the user.