Getting Up, Close & Personal with E2EE

As a medical practitioner, you are constantly exposed to abbreviations. So let’s examine the one from the world of technology, E2EE. It stands for ‘End-to-end Encryption‘. End-to-end encryption is quickly becoming the de facto standard in communication between two or more parties. As an example, if you send a message via email or SMS, you as a sender form one of the ‘Ends’. The party intended to receive the message is the receiver or the other ‘End’. When the message travels from one end to the other end, it is encrypted. Let’s examine how this works in practice. Typically, you’d be using some software such as Skyscape’s Secure Medical Messenger, Buzz.

All messages sent through the Messenger are encrypted on the sender’s device and remain encrypted as they travel over the mobile network/Wi-Fi/Internet, through the cloud/web server, and on the way back to your chat partner (say a nurse or another physician). In other words, none of the networks or servers will have a clue what the two of you are chatting about.

How is it accomplished?

In order to E2EE work, it uses a concept of two keys – a public key and a private key. Every user of the software is assigned a public key and a private key. A public key, as the name suggests, is shared with anyone with whom you are going to communicate with. And conversely, the private key is known only by the user and typically resides only on the user’s device.

A message (which could be text, voice, image or any other kind of data) can only be viewed on either the device of the sender (using the public key + the sender’s private key) or the recipient (using the public key + the recipient’s private key).

Step-by-Step

Let’s break down the process in steps:

STEP 1. Two keys, public and private are generated when a user opens the Secure Medical Messenger app for the first time. The encryption process takes place on your phone.

The private key remains with the user on the phone. The public key is transmitted through the server to the receiver.

The pubic key encrypts the sender’s message on the phone even before it reaches the server.

The server is only used to transmit the encrypted message. Only the receiver’s private key can unlock the message. No third-party including developers can read the message.

What can You Encrypt?

Anything. Really. Chat messages, files or PHI data transfers (health records, images, reports, EKGs and videos sent between hospitals, remote clinics and providers), even live phone conversation.

In the medical context, it is imperative as HIPAA regulations demand that any information that includes patients’ identity should be protected in such a manner. Skyscape’s BUZZ, which is a HIPAA-secure messenger, has been built around this principle. The level of security is akin to what you have come to expect from your banking or other apps that require highly degree of security. Military-grade encryption is virtually impossible to crack as it uses 256-bit keys that generate 2^256 possible combinations. There are no supercomputers yet that can crack such a key within a reasonable amount of time.

Leave a comment

Your email address will not be published. Required fields are marked *