All confidential data in Secure Meeting Place is stored in encrypted form on disk. This ensures that only users you have invited to a room can view data associated with that room. The administrators of Secure Meeting Place are unable to decrypt any of your confidential data — your password is required to access the necessary encryption keys.
Your password is the critical piece of information used to unlock all data you have access to within Secure Meeting Place. You are encouraged to use a strong password and to not re-use your password on any other site.
For a more detailed discussion of how passwords are used on our site, please refer to our password information page page.
Per industry best practices, we use only US government recommended cryptographic algorithms. Each room has a unique random 256-bit key and all data associated with a room are encrypted with that key using the 256-bit Advanced Encryption Standard (AES-256). NIST has approved AES-256 for encryption of data classified as Top Secret.
Similarly, each user has another 256-bit key used to encrypt data that are not shared with other users, e.g. the names of groups that a user creates.
We also use public key cryptography (RSA with 3072-bit keys) to exchange a room's key from one member to another. This summary of public-key cryptography from Wikipedia explains how it works. By using public-key cryptography, one member of a room can send a secret (in this case the key to the room) to another user in a way that no other user (including Secure Meeting Place employees) can decrypt the key. All of this happens seamlessly for you when you invite someone to join a room.
Secure Meeting Place takes all necessary steps for HIPAA compliance so you can meet HIPAA compliance requirements while using our site. In particular, as long as you do not place protected health information in non-confidential fields (e.g. a room's external name), Secure Meeting Place will ensure all protected health information is secured as required.
Please refer to our HIPAA page for a complete discussion of the issues involved.