Date
of Last Review 6/6/08
SME: Director of Management Information Systems
Sunrise Database Security Analysis
Listed below are the security measures considered for the Sunrise application with the costs / benefits / status. All reasonable measures have been implemented to insure the security of the system. In some cases, measures are currently being implemented or we are waiting for Eclipsys to release new products that will help add additional security measures.
Security Measure |
Cost |
Status |
Benefit |
| Database in a Geographically Restricted Area with environmental and security controls | Cost has been covered by relocation of the server room to the second floor of the hospital. | Completed | Physical access controls and monitoring |
| Virus Protection on database server | Cost has been covered by HCPC participation in the University’s site license to McAfee. | Completed | Protection from worms and other malicious programs |
| Encryption of database data | $100,000 for Neoscale data encryption devices | Completed | Data on disks is secure from intruders |
| External access to the Sunrise software is only via an encrypted VPN session | Cost has been covered by UT security | Completed | Data coming over the internet cannot be read without decryption key |
| Off site backup tape rotation | $1,500 – HCPC portion of UTHSC contract | Completed | Tapes are available for disaster recovery |
| Disaster recovery cold site at SUNGUARD | Cost ($18,000 has been covered by UT disaster recovery contract with SUNGUARD | Currently being implemented and tested annually. Tested Feb. 2007 | We have a location available incase of a disaster. |
| Checks of security logs in the Sunrise database | Employee Salary | Completed | Prevent lost or manipulation of data. |
| User password changes every 90 days | Cost of helpdesk calls due to users forgetting passwords | Completed | If password is not changed account cannot be accessed |
| Internal encryption of data on the wire | N/A | Currently not available; should be available when Sunrise uses a web front-end. | All data on the wire would be encrypted |
| Application of operating system patches | 2hr downtime which means staff uses manual procedures | Ongoing | Protects from OS level attacks |
| Loss of patient data not collected due to emergency/disaster | Cost $519.00 per patient day | Ongoing | Revenue for hospital |
| Employee cost to restore data in case of emergency/disaster | Travel to Dallas and employee/s salaries | Currently being implemented and tested | Resume operation |
Director of MIS
UT-HCPC
Related standards
Texas Administrative Code Chapter 202
The Joint Commission : Management of Information
HIPAA
