Date of Last Review 6/6/08
SME: Director of Management Information Systems

DATA TRANSMISSION AND STORAGE

DATA STORAGE

Eclipsys Sunrise Clinical Manager is our repository of patient data. The actual data is stored in a clustered SQL server database. The database resides on an HP EMA12000 SAN that has additional technology for the encryption of data written to the database LUN’s. We use Neoscale’s CryptoStor device to encrypt data as it is written to the disk system.

TAPE BACKUP

Backup of data are completed in accordance to the tape backup policy, however backup tapes are not encrypted.

EXTERNAL DATA TRANSMISSION

HCPC has made every effort to encrypt all HIPAA data being transmitted to external entities. Transmission of data is done by establishing a LAN to LAN VPN, managed by UT Security. Communication through the VPN is encrypted and uses hashes to verify data integrity throughout the transmission.

For security purposes, UTH enforces the following security requirements:

1. A minimum of 3des encryption must be used.
2. Diffie-Hellman group must be group 2.
3. Re-key times should be no longer than 24 hours for phase 1, and 8 hours for phase 2.
4. Any keys and/or passwords should be at least 8 characters long, and include letters PLUS either numbers     or other miscellaneous characters.

INTERNAL DATA TRANSMISSION

Currently the Sunrise Clinical Manager system does not have the capability to use secure protocols to write data to the database. However, there are audit mechanisms built into the database to indicate who changed the data. Data cannot be deleted from the database, corrections can be made and incorrect information is crossed out with a user and time stamp. When Eclipsys has secure protocol transmissions available we will implement based on an implementation strategy.

Director of MIS
UT-HCPC

Related standards

Texas Administrative Code Chapter 202

The Joint Commission : Management of Information
                                         HIPAA