How we keep your information secure:
We never store your password unencrypted, instead the password is encrypted by salting it and hashing it with SHA-256, which is irreversible. This is why we have to reset your password if it is lost or forgotten, as even we have no way of seeing what your password is. This ensures that even in the event of a data breach, your password is safe.
All of your information is stored on servers at Purdue's Bindley Bioscience Center. Access to these server is restricted. They are kept in a locked room, and only necessary personnel are able to access it. Remote access to the servers is available only using pre-shared RSA encryption keys; password-only access is disallowed. All data backups from the server database are encrypted with AES 256-bit encryption to ensure no information can be gleaned from them without the password.
Access to your personal information within the web site is only visible to your lactation consultant and The Lactor administrative staff, who must be fully versed in HIPAA compliance before access is permitted to the system.
Information transfer from your computer is available using SSL encryption only to ensure that your interaction with Lactor cannot be intercepted by a third party. LACTOR currently receives an "A-" rating for web security from ssllabs. We are working to increase this rating to an "A".