No direct data access is provided at any user level to the entire system. Access to functional sub-portals will be controlled at the user portal level by a sophisticated User Role Management (URM) module accessible only by administration staff. Each user group has customized screens presenting only data authorized for view by that group and allows review or editing based on access authorization.
QRyde Cloud is implemented on ITMS 7.0 platform and inherits
all data safety protocols set up by HBSS’ ITMS platform.
HIPAA Standards: Organizations covered under HIPAA have three choices: implement the specification as it appears in the Rule, implement an alternative that is equivalent to the specification, or document why the specification is not applicable and therefore is not implemented. Read More…
Database Level Security Standards: The database system’s Oracle Advanced Security module supports the Advanced Encryption Standard (AES), DES, 3DES, and RC4 symmetric cryptosystems for protecting the confidentiality of Oracle Net Services traffic. Read More…
Secure Email Notification: The system will be designed to send all outbound email using a server on a restricted network for the purpose of sending and receiving email. This server will support Transport Layer Security (TLS) which will encrypt outbound email in addition to decrypt inbound email.
Web Server Standards: The general standard is the use of HTTPS/SSL, which encrypts data transmitted via a website. ITMS’s web server is an IIS (Internet Information Server). The IIS has the following security features: a) Basic Access Authentication, b) Digest Access Authentication, c) Integrated Windows Authentication, d) Client Certificate Mapping, e) IP Security, f) Request Filtering, and g) URL Authorization.
Inter-Application Communication: All transmission of data between applications, such as between ITMS and eligibility verification systems, will follow HIPAA protocols for electronic data interchange. All of ITMS’s data extraction and uploads are fully secured.
Firewalls: HBSS has several firewalls which are configured to allow only specific protocols to connect to a De-Militarized Zone (DMZ); servers on a DMZ are allowed access to internal systems and outbound internet traffic. Servers on the DMZ are externally accessible and restricted to specific systems and ports.
Remote access communication: Remote access is restricted to only network users in HBSS’s Active Directory. Network connections are established between the remote user and HBSS’s firewall using a Virtual Private Network (VPN), which encrypts the connection.
Mobile Application Security: Enablement of Mobile Computing at the transportation level as well as encouraging the responder to propose solutions across the board. Specifically, functions such as route adherence: informing customers of ETA, providing real-time ridership data; and on consumer side: enabling members to schedule trips and file complaints. Read More…
Mobile Data Terminals, Tablets, HBSS Phone Apps, and SMS Applications: HBSS will allow multiple types of devices that transportation providers may use to meet their requirements. Read More…
ITMS Navigation Portal: HBSS will provide as part of ITMS a Navigation Portal which will enable vendor devices and consumer applications to connect to it and exchange data. Devices can connect either directly or indirectly via Secure Web Services Representational State Transfer Application Program Interface (RST-API). Read More…
Mobile Security App Platform Options:HBSS will allow only those applications that are integrated with mobile security application platforms that meet HIPAA requirements. All high-security features must be monitored and controlled to ensure the communication channel remains secure.
Secure Back-End Server Connectivity: HBSS will support 2-tier architecture. Transportation providers who already have MDTs/AVL devices deployed may connect with ITMS Navigation Portal via SSL secure Web Services connectivity (REST API-Representational State Transfer Application Program Interface) protocol called NODE (New England Open Data Exchange), which is a transaction-based data exchange protocol. Read More…
Data Encryption: The application’s security should be based on one or more of the following security protocols: a) Digital signature verification using 1024-bit to 4096-bit RSA; b) Hashing using the Secure Hash Algorithm (SHA-1); c) TDES encryption and decryption in ECB and CBC modes; d) AES encryption and decryption in ECB and CBC modes (NIST certificate #886); e) Secure random number generation (NIST certificate #508). Read More…
HBSS is partnering with TierPoint services for the past 10 years, to host all of its virtualized environments in Marlboro, MA with a backup at Andover, MA facilities. We selected Tierpoint because we found it to be the right home for our mission critical QRyde Cloud.
As per TierPoint, their “data center facilities are designed to provide the highest levels of security, redundancy, and connectivity. Enterprise-class and carrier-neutral, their facilities feature unparalleled fiber connectivity and a physical infrastructure that delivers performance and protection.”
As per TierPoint, Data Center components include:
TierPoint’s power infrastructure provides the redundant, distributed, and diverse systems to keep all critical applications running around the clock. Their facilities use monitored power systems which include redundant generators, state-of-the-art paralleling gear with multiple distribution paths, on-site fuel capacity, and redundant and diverse UPS systems. Visit their power page for complete details.
State-of-the-art cooling systems keep data centers optimized for equipment to operate at peak. Each data center provides redundant data center cooling, humidity control systems, and multiple remotely monitored CRAC units.
TierPoint Safety & Protection
Advanced and early warning systems protect your investments. Their facilities are equipped with early warning smoke detection, gas, and dual pre-action dry pipe fire suppression systems as well as temperature and fire detection systems monitored 24/7.
TierPoint’s multi-layered security systems keep IT assets safe and secure 24 hours a day, 7 days a week, 365 days a year. Each facility includes:
It will optionally consist of
All required Virtual Machines (VM) shall be created on top of this layer (VMhost). Host replication will ensure that any VM which goes down, restarts its replicated copy
The architecture supports different layers of security and HIPAA compliance as well as disaster recovery architecture.