Aivia Health implements several data protection mechanisms. Firstly, all data exchanged between your web browser and the application server are encrypted using 256-bit SSL technology (note the valid certificate designation within your browser and the HTTPS prefix within any site URL). The database is also encrypted using Microsoft's Total Data Encryption technology (TDE) to ensure that the database is encrypted while at rest. Sensitive database fields, such as first name, last name and email are also encrypted. This means that even if the database is compromised, the data is non-identifiable.
Within the application itself, role-based security is implemented. This means that even if a user figured out the URL scheme to view someone else's records, they would need to be logged in, have a role assigned to them that would allow them access to the particular area, and have access to the requested record.
Vulnerability monitoring is also enabled within the hosted application and database environments, and regular audits are performed to detect anomalies. Further, multi-factor authentication can be enabled for any account for an additional level of access protection, and when any unsuccessful login attempt occurs, the associated account will receive an immediate notification alerting to the incident with the option to reset the account credentials.
While it is very difficult to guarantee that data can be made 100% secure when hosted on the open internet, we can take adequate steps to mitigate data vulnerability and exploitation, such as all of those mentioned above.