Security is part of our DNA

The Ocean Platform was built from the ground up to maximize security and protect privacy. Ocean’s industry-leading security stems from our robust client-side patient encryption technology. All patient data sent to and stored within Ocean is encrypted end-to-end using the industry-standard 256-bit AES (Advanced Encryption Standard), the same technology used by financial institutions and other healthcare institutions, providing an extra level of protection for PHI stored in Ocean.

To guard against any possible breach of personal health information on our Ocean servers, each patient’s data is encrypted using a unique, patient-specific encryption key. These per-patient keys are themselves protected by a clinic-specific Shared Encryption Key (SEK), which is held by the clinic’s own authorized administrators and stored securely within Ocean Cloud Connect. The SEK is encrypted at rest in the Cloud Connect database using a separate server-side key, ensuring that a database compromise alone is insufficient to access it.

Access to a site’s SEK is strictly scoped to that clinic’s own administrators. No one outside of the clinic’s circle of care can decrypt personal health information without these encryption keys. SEK access by OceanMD operations staff is strictly prohibited and would require a deliberate, multi-step, fully-audited action in direct violation of company policy.

Therefore, even if the Ocean server were to be compromised, or data were intercepted in transit, no unencrypted personal health information would be accessible.

This client-side encryption architecture provides an additional, industry-leading safeguard for personal health information.