SECURITY The security of sensitive healthcare data is an important issue when selecting an application service provider. PhDx Systems' security measures are multi-layered and address many different aspects of our computing environment. HIPAA Compliant Click here for a document explaining HIPAA and PhDx's role. Physical Site PhDx offices are located in an office complex with after-hours security patrols and coded access to the building. Within the building, PhDx has restricted access and within the PhDx office spaces, access to the computer facility is restricted to authorized personnel and is located behind doors with multiple locks. Access to the servers supporting clients is monitored by the director of network administration and is restricted to authorized computer personnel only. The computer facility has dedicated electric circuits, separate environmental controls, and battery operated UPS systems that will sustain up to six hours of electrical interruptions. Network PhDx employs a firewall computer to isolate its internal network from the Internet. Using a demilitarized zone (DMZ) network configuration, PhDx further isolates critical and sensitive servers from publicly accessible network services, such as SMTP and DNS. A proxy server works in conjunction with the firewall to hide internal IP addresses from public scrutiny. This entire configuration is being upgraded constantly to provide the most current hardware technology possible. The director of network administration monitors access to the network. Stand-by servers ensure "warm" backups of production data and minimum recovery time in the event of a hardware failure. Authentication PhDx uses Class 3 Secure Server certificates granted by VeriSign, a recognized digital certificate authority. Server certificates identify a web server to client browsers wishing to establish an encrypted HTTPS web session. Client certificates are assigned to a specific client by a certificate managing authority. Client certificates serve to identify a given client browser to a specific web server. PhDx is capable of creating, assigning and managing its own client certificates in order to identify incoming requests to our web server. PhDx signs its Java class archives with digital code signing certificates also granted by VeriSign. A code signing certificate serves to identify to the client which entity is responsible for the code archive wishing to install itself as a trusted program on the client's computer. PhDx uses individual login/password combinations to authenticate a user. Once a secure web session has begun, the client is immediately prompted for their application login ID and password. Failure to supply valid responses to either field will deny the client access to the PhDx application. Data Transmission Security Data sent over the Internet during a browser session is encrypted using Secure Socket Layers (SSL). PhDx establishes secure web sites (accessed by a URL beginning with HTTPS) to host all client databases. The strength of the SSL encryption changes based on the location of the client, within or outside the United States. PhDx has chosen PGP as its preferred software to encrypt data files between clients and its network. Application Security Application security utilizes a role-based scheme based on the combination of permissions determined by an individual login identifier and membership in one or more user group(s). Read and/or write access to data, and specific application functionality can all be restricted based on user-level and group-level permissions. Selection sources are codes defined by the client and associated with a given person row in the database. The client can create an unlimited number of selection sources. One or more selection sources are then used to construct an access group, defining a subset of the underlying data visible to application functionality. For example, an access group can be defined such that the database appears to contain only a single physician's patients. An access group could be set up to see all patients who are a member of a certain health plan, and so on. User groups are created to associate several users with a common theme. Permission to read and/or write data as defined through access groups, and rights to use different application functionality is set at the user group level. Any individual assigned as a member of a user group will inherit that group's permission settings. A user login identifier and password are assigned to each user of the PhDx® Health Information Platform. Individual read/write/functionality permissions can be granted based on a user's login ID. Individual settings are typically used to allow for exceptions in permissions and rights granted to a particular user group. Physical Data Security PhDx maintains a daily backup schedule for all corporate server and workstation computers. Backup media are DAT tapes, which are rotated in a two-week daily cycle. PhDx transfers backup media to a secure offsite location in Albuquerque. Backup tapes are replaced on a regular basis to insure top condition. Permanent backups (weekly and monthly) are created and secured offsite as well. These tapes are constantly checked to insure that the data is accessible. PhDx internal and external client databases are processed during regular nightly backup procedures. In addition, data and structure necessary to rebuild and recover any PhDx application database are exported to flat files on a nightly basis. Those export files are then archived for online storage, and are written to tape during normal backup processing. PhDx uses "log shipping" techniques to continually populate a stand-by database server with copies of production databases. MS Windows NT access control lists (ACL), login IDs and passwords are used to restrict the manipulation of system files and database infrastructure on PhDx server computers. Only authorized IT personnel are given the proper logins and passwords to access these system resources. Password aging and minimum complexity rules are in place and enforced. |
