All I want is to have some peace of mind. Boston
California's Valued Trust (CVT) needed a way for their thousands of subscribers to submit documents as part of their insurance enrollment. These documents would include birth certificates, marriage certificates, and other pieces of personally identifiable information (PII). As a covered entity with HIPAA compliance requirements, CVT needed to know this sensitive PII would be safe.
While Drupal, the content management system powering MyCVT, didn't provide an out-of-the-box encrypted file solution, Tandem had a plan. Using AES encryption, we wrote a Drupal module extending Drupal's file system to encrypt all private documentation in MyCVT. Even if the file system were compromised, attackers would need to decrypt the documents in order to gain access to them.
Security didn't come at the price of usability. Tandem was able to create an easy interface for uploading the documents, as well as a system for administrative users to review and approve the documents. Audit records allow support staff to understand who uploaded and reviewed the documents.
With the new file store, CVT was able to process insurance enrollment applications much more efficiently, replacing the onerous system of receiving paper copies of documents and physically filing them. Using open-source technologies, Tandem was able to improve CVT's usability while also bolstering security and HIPAA compliance.