Secure

Each of the current implementations of PopMedNet managed by Harvard Pilgrim Healthcare is hosted in a Federal Information Security Management Act (FISMA) compliant private cloud tier III data center. Security is maintained by a combination of technology and policy.

Check out the System Security documentation on the PopMedNet Wiki for full details.

• Distributed infrastructure – partners maintain physical and operational control over electronic data in their existing environments
• Hosting facility secured with mantrap entrances, photo identification validation, manned armed security tours, and video surveillance 24 hours per day, 7 days per week

• Encrypted communications between the DataMart Client and Query Tool
• Encryption of all data in the PopMedNet operational database
• Automatic logoff after 30 minutes of Query Tool inactivity
• FISMA compliant passwords which expire every 6 months and may not be reused
• Encrypted password storage
• Cryptographically secured random values for session IDs

• Role-based and monitored Query Tool access
• Continuous audit of all system activity
• Secure and controlled distribution of DataMart Client software
• Annual security audits and regular penetration testing