Secure
Each of the current implementations of PopMedNet managed by Harvard Pilgrim Healthcare is hosted in a Federal Information Security Management Act (FISMA) compliant private cloud tier III data center. Security is maintained by a combination of technology and policy.
Check out the System Security documentation on the PopMedNet Wiki for full details.
Physical Security
- Distributed infrastructure – partners maintain physical and operational control over electronic data in their existing environments
- Hosting facility secured with mantrap entrances, photo identification validation, manned armed security tours, and video surveillance 24 hours per day, 7 days per week
Technical Security
- Encrypted communications between the DataMart Client and Query Tool
- Encryption of all data in the PopMedNet operational database
- Automatic logoff after 30 minutes of Query Tool inactivity
- FISMA compliant passwords which expire every 6 months and may not be reused
- Encrypted password storage
- Cryptographically secured random values for session IDs
Administrative Security
- Role-based and monitored Query Tool access
- Continuous audit of all system activity
- Secure and controlled distribution of DataMart Client software
- Annual security audits and regular penetration testing
Scalable
Standard governance schemes and a common data model provide a straightforward path to partnership
Widely Adopted
Over 100 participating institutions, including the largest nationwide insurers, provide health data on over 223 million Americans
Proven Success
Over 150 studies, peer-reviewed publications, or ongoing projects have utilized PopMedNet