The UC Medical Certificate For Secure Communication

One of the advantages of using Secure Sockets Layer technology is that it provides a very safe way to transmit data between a client and a server or between servers. In the medical field transmission of data about patients is common both within a hospital facility as well as between doctors, hospitals and medical health providers.

The benefit of SSL/TLS security is that it can be used to secure patient information through computerized physician order entry systems, also known as CPOE, or when completing the transmission of electronic health records. This makes information readily available to the medical professionals through mobile devices and networked computers, but it also creates a potential security issue.

One way to resolve this is through the use of Secure Sockets Layer (SSL) or Transport Security Layer (TLS) technology. As many hospitals and medical facilities use Microsoft Exchange and Office Communications servers the UCC (Unified Communications Certificates) can be used to secure these transmissions for both mobile devices and computer accessing the data on the server.

There is no specific UC medical certificate marketed just for use by the medical facilities and IT professionals providing management and administration for the servers. The UCC offered by Comodo has the capacity to handle up to 100 different domains and subdomains all on the same certificate. These certificates are also recognized by 99.9% of devices and browsers, which means that cell phones, tablets, medical equipment with the technology to provide data transmission and physician and nursing station computers will all recognize our UCC.

The Importance of Security

The use of the SSL/TLS product as the UC medical certificate will provide the medical facility and users with full HIPPA compliance with regards to the transmission of patient data.

HIPPA or the Health Insurance Portability and Accountability Act of 1996 provides a clear designation of the steps that the medical professionals have to follow to be compliant with this rule. As of 2009, there are additional groups that have to follow HIPPA requirements as well. These groups are considered to be Business Associates and it is up to the medical facility to ensure their Business Associates are also HIPPA compliant or face fines and sanctions. A Business Associate can be anyone, other than direct employees of the medical facility, that will view, transmit or process any patient data. This can include accountants, billing services, claims processing or other entities.

This includes not only the use of a UC medical certificate to ensure the HIPPA requirements, but also the hardware, software and technical infrastructure to provide and maintain security. This is evaluated through the use of risk assessments that look for potential areas where breaches can occur and identify them immediate to provide correction to the vulnerability.

The Essential Features

The use of the UCC for medical facilities, as with any other entity, organization or business, uses encryption to transmit data between the client and the server or between servers.

This encryption is done by the client (or the server sending the data) using a public key to create a secure pathway to a server that has a corresponding private key. Once the data is encrypted at the client, it is unreadable and protected by 256 bit encryption along the secure pathway. Even if it were to be intercepted by a man-in-the-middle attack, or if there was an attempt to modify or change the data, the entity attempting the hack would not have the ability to decrypt the data.

This is because the decryption can only be completed by the private key installed on the server by the IT administrator. This private key "unlocks" the encrypted data. There is only one private key that matches the public key for any one UC medical certificate.

The only possibility of a hack would be if the private key were somehow accessed through the server. However, even if this happens, the certificate can be revoked by the Certificate Authority, rendering it invalid. A replacement certificate with a completely new public and private key pair would then be generated by the IT administrator for the site with the Certificate Authority providing the new UCC for installation.

While there may not be a dedicated UC medical certificate available from a Certificate Authority, the UCC is a good choice for any medical facility or associated entity looking for effective security across multiple domains and subdomains. For more information on how these certificates are designed to work with Office Communications servers and Microsoft Exchange, see us online at You can also call and talk to our staff at +1 888 266 6361 for immediate information.

Related Articles
Back to TOP