|
GRHID Servers
use the following security features to ensure HIPAA
compliance and the integrity and authenticity of data.
Access Control
The GRHID Server document repository allows patient
level and document level access control. The GRHID
Server clinical data repository allows patient level
and row level access control. Authorization to objects
can be assigned at the user or group/role level.
Audit Control
The following events are logged for each user:
- Add and delete of all documents and
data objects
- Retrieval of static documents
- Retrieval of specific data objects (optional)
Integrity
Documents may optionally contain W3C XML Digital
signatures, which are preserved, as the documents are
stored without alteration. One-way hash functions are
used to create message authentication codes for all
documents and objects to ensure their integrity in the
database. The source of all documents and data objects
is stored so that data can be traced back to its origin.
Authentication
GRHID Server web services use the WS-Security standard
for user/entity authentication via User Name Tokens,
x.509 certificates, or Kerberos tickets
Transmission Security
Documents may contain internal (enveloped) digital
signatures to verify their integrity. For documents
without internal digital signatures, digital signatures
may be used via the WS-Security standard to ensure that
a message/document has not been modified during transmission.
All communications over public networks are secured through
SSL encryption. |
