Medical Records
Encrypted Medical Record Input Field
Patient data entered in web forms is protected by HIPAA but exposed in the browser DOM. SmartField encrypts diagnoses, prescriptions, and lab results at the keystroke level.
The Problem
Medical Records entered in a standard HTML input are immediately accessible to any JavaScript on the page:
// Any script, extension, or tracker:
document.querySelector('input').value
// Your medical records in plaintext
The Solution
<smart-field type="password" encrypt-key="/api/sf-key"
placeholder="Enter medical records"></smart-field>
Now the same attack returns AES-256-GCM encrypted data. The medical records never exist as plaintext in the browser.
What the User Sees
The user types normally. The screen shows animated cipher characters: ΣΩΔψξλμπ
The real medical records are stored in a WeakMap (invisible to JavaScript) and encrypted with AES-256-GCM (unreadable without the server key).
Server-Side Decryption
// Node.js
const sf = require('@smartfield-dev/server');
await sf.init();
const data = await sf.decrypt(req.body.field);
// Your medical records in plaintext, server-side only
Frequently Asked Questions
How does SmartField encrypt medical records?+
SmartField generates a new AES-256 key and IV for every encryption. Medical Records are encrypted before they exist in the DOM. The AES key is wrapped with RSA-2048. Only your server can decrypt.
Can trackers like Hotjar capture medical records?+
No. Hotjar records DOM content. SmartField stores medical records in a WeakMap inside a closed Shadow DOM. Hotjar only captures cipher characters.
What server languages are supported?+
SmartField provides SDKs for Node.js, Python, Java, Go, PHP, and Ruby. All tested and verified.
Related Pages