CODI Technical Security and Confidentiality Procedures
The FHCRC Clinical Information Shared Resource provides the following safeguards to ensure the integrity, reliability, accuracy, and security of data in CODI:
- Individual Authentication of Users: Each user will be required to have a unique user name and password and will be held accountable for all actions taken under that user name. Passwords must be changed at regular, frequent intervals and must meet minimum established standards (e.g., same password cannot be re-used and passwords must be a minimum length, cannot match common words, and must include a mix of characters).
- Access Controls: Access will be granted to users on a need-to-know basis. Groups of users will be defined by role (e.g., physician, research nurse, data abstraction staff, programmers). Properties associated with user accounts, in conjunction with application-level access control, will restrict access to individuals according to role.
- Audit Trails: The database will create an audit trail of all updates and specific user actions, as well as audit trail entries related to viewing of patient records per HIPAA regulations. All attempts to access the database will be logged as to date and time, identity of the user, patient identifiers and tables queried and whether permission was granted or denied.
- Physical Security and Disaster Recovery: Unauthorized physical access to the computers on which the database will run is prohibited. The computer room is secured by key card and mechanical lock and key, and is accessible only by authorized technical personnel. The computer room is climate-controlled and equipped with uninterruptible power supply (UPS) units to protect against unexpected or unavoidable power failures. To ensure against loss of data, the database is backed up nightly to tape, and tapes are rotated to storage in a secure, off-site location. It is policy for all computer printouts containing patient information to be secured when not in use, and shredded after use. Application programs on these servers use timeouts to automatically log users out of the system after a predefined period of inactivity.
- Protection of Remote Access Points: System access is protected by the FHCRC firewall, which is designed to protect sensitive data from exposure on the Internet. All external access to the system must go through this firewall and users must first authenticate their use of the database on the FHCRC domain. No dial-in telephone lines are installed on the server where the database is physically installed.
- Protection of External Electronic Communications: All data transmitted on the Internet requires the use of an encrypted communication channel, such as the Secured Sockets Layer (SSL) protocol or Secure Shell (SSH). Data transferred from other clinical care systems is encrypted and includes both integrity controls and message authentication. Integrity controls ensure that the value and state of all transmitted data are maintained and that data are protected from unauthorized modification. Message authentication ensures that the data received match the data sent.
- System Assessment: An internal assessment of the security system on which the database will reside is performed on a regular basis and system logs are routinely reviewed. The systems support group is closely tied to the FHCRC Information Security Office and participates in the continuing evolution and implementation of Center-wide security and confidentiality approaches.
- Data Integrity: Systems development and maintenance personnel implement internal processing and controls which reasonably ensure the accuracy and completeness of data which reside on their servers. Data entry screens will provide validation and error-checking and data entry validation reports will be automatically generated and distributed for review. In addition, data audit programs will be run on a regular basis to identify missing or out-of-expected-range data values. Data received electronically from other systems will be validated before loading and regular manual audits will be performed against the source systems.