Full HTTPS and WSS Encryption Now Standard in Dermi Atlas

Dermi Atlas Professional includes full TLS encryption as a standard capability, securing all clinical data in transit across the local network. Both the web application (HTTPS) and real-time synchronization channel (WSS) are protected by TLS certificates managed through Dermi Atlas Manager.

Why Local Network Encryption Matters

In a self-hosted deployment, clinical data travels across the local area network between client devices and the server. Without encryption, this traffic could be intercepted by any device on the same network. In healthcare environments where multiple devices, users, and sometimes guest networks coexist, encrypting all data in transit is essential for maintaining patient privacy and meeting regulatory requirements.

Automated Certificate Management

Managing TLS certificates on a local network presents unique challenges. Unlike public-facing servers that can use certificate authorities such as Let's Encrypt, self-hosted deployments on private networks require self-signed certificates. Dermi Atlas Manager automates this process entirely:

• Certificates are generated automatically during deployment
• IP address changes are detected automatically, triggering certificate rotation
• Certificate files are made available for installation on client devices
• No manual certificate creation or command-line interaction is required

Dual Protocol Encryption

Dermi Atlas uses two communication protocols, and both are encrypted:

• HTTPS secures all web application traffic, including image uploads, patient record access, and administrative operations
• WSS (WebSocket Secure) encrypts the real-time synchronization channel that keeps all connected devices updated simultaneously

This dual-protocol approach ensures that no clinical data, whether being actively viewed or passively synchronized, travels across the network unencrypted.

Compliance Benefits

TLS encryption in transit is a key technical safeguard required by healthcare privacy regulations including HIPAA and PIPEDA. By making encryption standard rather than optional, Dermi Atlas Professional helps practices meet these requirements without additional configuration or third-party tools.

For detailed setup instructions, see the SSL Certificate Setup for HTTPS Access and Data Security Architecture documentation.