Back to Docs/Compliance and Security

Compliance and Security

Data Encryption

Vilulia protects case data through two layers of encryption: PHI fields in the database are encrypted with AES-256 using AWS Key Management Service (KMS), and all case documents are stored in Amazon S3 with server-side encryption enabled. For organizations on the HIPAA Basic or HIPAA Enhanced add-on, PHI field encryption is active automatically. Document encryption is applied to all organizations regardless of plan.

What you'll learn

  • How PHI field encryption works with AWS KMS
  • How document encryption works in S3
  • Which plans include PHI encryption
  • How encryption keys are managed

PHI field encryption

Protected health information stored in Vilulia database records is encrypted at the field level using AES-256. Each field has a per-field encryption context managed by AWS KMS. This means that even if database records were accessed without authorization, individual PHI values would be unreadable without the corresponding KMS key. PHI field encryption is enabled automatically when the HIPAA Basic or HIPAA Enhanced add-on is active on your organization.

Document encryption

Case documents are stored in Amazon S3 with server-side encryption (SSE) enabled. This applies to all organizations on all plan tiers — document encryption does not require a HIPAA add-on. Supported file types include PDF, DOCX, and common image formats. Encryption is managed by AWS and is transparent to the end user.

Key management

AES-256 encryption keys for PHI fields are managed by AWS KMS. Vilulia does not manage raw encryption keys directly — KMS handles key rotation, access control, and auditing. KMS key usage is logged by AWS CloudTrail, providing an independent audit trail of all encryption and decryption operations.

Email account tokens

OAuth access tokens for connected email accounts (Gmail and Outlook) are also encrypted at rest using a dedicated email encryption utility before being stored. This is separate from the PHI encryption system and applies regardless of HIPAA add-on status.

Related articles

Can't find what you're looking for? Contact Support

Having trouble with this feature?

Visit the Support Center for troubleshooting guides and how-to articles.

Go to Support Center →