Secure File Store

We helped California's Valued Trust create a secure store of files in the Drupal content management system for HIPAA compliance.

Secure File Store

Challenge

Allow thousands of users to upload documents and allow administrators to review them, while keeping all assets encrypted and secure.

Solution

Extend Drupal's file system with AES encryption with tight permissioning around access.

Impact

More than 60K documents uploaded, stored, and reviewed.
All I want is to have some peace of mind. Boston
60K+
Documents Uploaded
Drupal
Technology Used
AES
Encryption Standard

California's Valued Trust (CVT) needed a way for their thousands of subscribers to submit documents as part of their insurance enrollment. These documents would include birth certificates, marriage certificates, and other pieces of personally identifiable information (PII). As a covered entity with HIPAA compliance requirements, CVT needed to know this sensitive PII would be safe.

While Drupal, the content management system powering MyCVT, didn't provide an out-of-the-box encrypted file solution, Tandem had a plan. Using AES encryption, we wrote a Drupal module extending Drupal's file system to encrypt all private documentation in MyCVT. Even if the file system were compromised, attackers would need to decrypt the documents in order to gain access to them.

Security didn't come at the price of usability. Tandem was able to create an easy interface for uploading the documents, as well as a system for administrative users to review and approve the documents. Audit records allow support staff to understand who uploaded and reviewed the documents.

With the new file store, CVT was able to process insurance enrollment applications much more efficiently, replacing the onerous system of receiving paper copies of documents and physically filing them. Using open-source technologies, Tandem was able to improve CVT's usability while also bolstering security and HIPAA compliance.