Call Us Toll Free 877-960-2004

Fort Knox, Meet The Doctor in Your Pocket

Poctor provides an industry first: a geographically aligned and encrypted network to transport and store medical data.

Geographically Aligned Network

While HIPAA is a national mandate, most states have enacted their own laws and regulations pertaining to the use, collection and disclosure of health information. Poctor was built with this in mind – allowing our distributed network of servers to meet federal HIPAA requirements as well as state mandates that may require unique or stricter standards when it comes to managing sensitive medical information.

How it works:

After the directory server authenticates a user on the Poctor network, the user is provided a URL to a specific local server based on his/her registered location. All future communication for that user/session combination will be routed through, and stored on, that local server. Data use, logging, and expiration can be managed at that local server level, to comply with local and state mandates.

Use Case:

Dr. Mass (doctor registered in Massachusetts) logs into the Poctor network to send the result of a recent medical scan to Mr. Conn (patient that resides in Connecticut). The scan, notes, and logging are all stored on a Massachusetts server within the Poctor network and is governed by both federal HIPAA and local state laws. If Mr. Conn then communicates in reply to Dr. Mass, his data would be stored in accordance with his local server, and would reside on the Connecticut server.

Encryption and Message Routing

The Poctor network is nothing if not secure; data in transit and at rest is fully encrypted. Passwords are encrypted in such a way that any unauthorized retrieval is virtually impossible. Server to server communication takes place inside a secure, site-to-site virtual private network (VPN). Data transport between servers is further encrypted along SSH.

The Handshake (Step 1)

During the initial “handshake” (step 1), the client device (tablet, desktop/laptop, or smartphone) is authenticated against the Poctor directory server. This takes place over a 256-bit SSL connection.

The Directory server authenticates, and provides the URL of the state server needed for this client. Inside the private site-to-site VPN, the directory server also updates the appropriate state server to prepare for messages from this client (Session Communication- Step 2).

Session Communication (Step 2)

After the “handshake”, the client communicates directly with the state server, over SSL. Data is stored on an encrypted database, on the appropriate state server.