When you submit the "Secure Message" form, your SSL encrypted data is sent to our server. Our server then re-encrypts all elements of your data before storing your message a secure database. Once your (now unreadable) data is stored, the doctor will receive an email informing him/her to come pick up the message. The only piece of personal data that is sent is the password you designated. In order to read your message, the doctor must provide the server both the password you sent AND a private password known only to the doctor before the server will provide a decryption key and the data.

Thus, the message will remain unreadable without three different security measures: the password you set, the encryption key that is stored on the server, and the password that is held by the doctor.