Error: You must enable JavaScript to use this site. Click here for instructions on enabling JavaScript.
Forgot your MyHealth Online ID?
MyChart ® Epic Systems Corporation

New User?
Sign Up Now
Have An Access Code?
Activate Now

Back
Security FAQ

Frequently Asked Questions On Security

Atrius Health actively monitors computer vulnerabilities. We will notify users immediately if we believe your information could be affected by a computer vulnerability.



What type of SSL certificate does MyHealth use?

We use a SHA-2, 2048 bit, Class 3 EV SSL certificate issued by Symantec (trusted by VeriSign).

Extended validation (EV) certificates use the highest level of authentication and were specifically created to boost and maintain users confidence online through a rigorous verification process and specific EV certificate browser cues like the green address bar. EV certificates incorporate some of the highest standards to authenticate online entities.

Click on the padlock icon in your browser to show details of a certificate,
or click the "Norton Secured" icon to the right.

  
ABOUT SSL CERTIFICATES
Secure URL

What are TLS and SSL?

TLS (Transport Layer Security) and its predecessor, SSL (Secure Sockets Layer), both of which are frequently referred to as 'SSL', are cryptographic protocols designed to provide data encryption and authentication between users and servers.

It is possible for data traveling over the internet to be intercepted by an unauthorized third party between the source (i.e., MyHealth web servers) and destination (i.e., your browser or mobile device). TLS/SSL provides protection by encrypting data as it is exchanged between computers.


TSL/SSL encrypts (or scrambles) data using a key (or code) that is known only to the sender and recipient. The encrypted data is unreadable unless it is unscrambled using the correct key. Regardless of the path the data takes over the internet, it remains secure because only the intended recipient has the key that will unscramble the data.


When you connect to a secure web site using TLS/SSL, the browser displays a padlock icon near the web address and the URL begins with https:// . These are indications the data traveling between your browser and a web server is being encrypted.


MyHealth web site requires at least a 128-bit TLS/SSL connection to ensure your information remains secure in transit. The encryption certificate also serves to confirm you are connecting to authenticated MyHealth servers. MyHealth uses 2048-bit SHA2 encryption keys.
More information on encryption.


Secure URL

What is 'https://'?

When you visit an encrypted web site, note the URL (Universal Resource Locator) starts with 'httpS://' rather than 'http://'.  The 'S' stands for secure, and along with the padlock icon, is an indication the data is encrypted. All requests to the MyHealth web site are forced to use https (TLS/SSL).

Why do I have to use a current browser?

Ensuring that patients can trust their MyHealth Online information is delivered securely to their browsers (and devices) is of great important to us, and our patients. We cannot provide that security with the limitations of older operating systems and browsers they cannot support current encryption standards.

While not directly related to the encryption requirements, Windows XP is no longer supported by Microsoft (since April 2014) and cannot be updated to address any critical security concerns, which would further reduce our ability to ensure your MyHealth Online information is transmitted securely and remains confidential.

Was MyHealth affected by the Shellshock vulnerability?

No, we are not affected.
The Shellshock vulnerability affects the Unix Bash shell which is not used in any MyHealth Online systems.

(Sept 25, 2014)

Was MyHealth affected by the HeartBleed SSL vulnerability?

No, we are not affected.
We do not use OpenSSL on our servers, and so have never been affected by the HeartBleed vulnerability.
The HeartBleed vulnerability only affected sites that used particular versions of OpenSSL (open-source software for implementing SSL).

(April 2014)