By Saty Mahajan, Co-Founder & CEO

Bento uses a combination of advanced technology and strict policy to make sure your information is protected at all times. We take your security and privacy VERY seriously. Every product feature we build is evaluated with your security and privacy in mind and we ensure it meets the highest standards.

We accomplish the protection of your data in three key ways:

1. Using Military Grade Encryption for all data stored in the Bento Cloud
2. Using TLS for encrypted data transfer over the internet between two devices.
3. Ensuring the Bento Cloud and Bento processes are HIPAA-compliant.

Let’s unpack these concepts a little bit.

What is Military Grade Encryption

First of all, encryption is the process of encoding information in a way that only authorized parties can read it. Encryption is what allows us to make sure that the information you share with us is only accessible by the parties that need to have access to it, such as you and your doctor. Military Grade Encryption is the friendly concept that refers to an encryption standard, AES-256, that was approved by the National Security Agency (NSA) to protect information at a “Top Secret” level. AES stands for Advanced Encryption Standard, and the 256 refers to the length of the key. The longer the key, the harder it is to break. How long would it take to crack an AES-256 encrypted piece of information? Even with the fastest quantum computers (that haven’t yet been invented), it would take significantly longer than how long the universe has been around! In other words, it’s impossible. Needless to say, your data is safe with us.

What is TLS?

TLS stands for Transport Layer Security, which is a security protocol in online communication for establishing privacy and data integrity between two computing devices (for instance the Bento Server and your Bento App). Ever see https:// or a lock icon in your browser when you visit your bank? That’s TLS at work. Bento uses TLS for all communication transfer internally in the Bento Cloud and between the Bento Cloud and our applications. This ensures that all information that is transferred is encrypted and protected at all times, end-to-end.

What is HIPAA compliance?

HIPAA is the Health Information Portability and Accountability Act of 1996. It is a law that provides data privacy and security provisions for safeguarding your medical information. With the creation of electronic records, a law was necessary to make sure entities that are given access to your health information, are very careful in safeguarding that information.

To be compliant with the HIPAA law, particularly the privacy rule, according to the HHS, you must “assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well-being.” Proper protection of Patient Health Information (PHI) really comes down to making sure two things are assured: proper access and proper security. We ensure proper security through the Military Grade Encryption use to encrypt data on the server as well as the use of TLS during transmission of data to and from our various applications (the Bento app, the Bento server, the Dentist portal, etc.). We leverage Amazon Web Services HIPAA-compliant services for our infrastructure. We ensure proper access by limiting the availability of information to only those who are allowed to see it, whether that is you, your provider, or our internal customer service team.

Conclusion

We value your privacy and believe it is a fundamental right. Bento uses advanced technologies like AES-256 and TLS in conjunction with strict information accessibility policies to make sure your health information and your personal information stay secure at all times.

If you have any questions about our security or privacy please feel free to reach out at privacy@bento.net.