Clud Services Frequently Asked Questins FAQ Revisin 1.0 6/05/2015
List f Questins Intrductin What is the Caradigm Intelligence Platfrm (CIP) clud? What experience des Caradigm have hsting prducts like CIP Clud? Infrastructure and Security Hw d yu deply a custmer t the CIP Clud? Hw d I cnnect t the CIP Clud? Hw d yu prtect data at rest? Hw d yu prtect data in transit? What certificatins d Clud Services and yur datacenters have? Hw d yu ensure cmpliance with security plicies? What authenticatin methds des CIP Clud use? Hw des CIP Clud define access levels? What are the advantages f rle-based access cntrl? What types f data can CIP Clud ingest and stre? Backup and recvery strategy Hw des disaster recvery wrk? Des data persist frever? What happens t my data at the end f my CIP Clud subscriptin term? Service availability Hw d yu measure availability? Hw d yu maintain high availability? Intrductin What is the Caradigm Intelligence Platfrm (CIP) clud? Caradigm uses the Caradigm Intelligence Platfrm (CIP) clud t run yur CIP envirnments fr yu in a hsted sftware-as-a-service mdel. Fr a mnthly subscriptin fee, the basic CIP Clud subscriptin includes bth access t the CIP applicatins yu subscribe t, as well as hsting, supprt, and maintenance services. CIP Clud slutins scale with the needs f yur rganizatin, depending n metrics such as the vlume f messages and number f cvered lives. In additin, the CIP Clud ffering includes a disaster recvery ptin that prvides bth a ht-standby site as well as increased service availability. The CIP Clud ffering als cmes with a develper s license that prvides yu with Chrt Designer and ther develpment tls t create custm CIP applicatins. What experience des Caradigm have hsting prducts like CIP Clud? The Caradigm Clud Services team has extensive experience in hsting healthcare IT prducts such as CIP, and has been hsting CIP (and its predecessr prduct, Amalga) fr custmers fr ver ten years. 2
Infrastructure and Security Hw d yu deply a custmer t the CIP Clud? The CIP Clud deplyment is purpse-built t meet the size and vlume demands fr each custmer. The clud deplyment fr each custmer: Is built in its wn private instance Deplys CIP applicatins in high-availability mde, with full redundancy Is set up s that n data is aggregated amngst disparate custmers. Hw d I cnnect t the CIP Clud? The CIP Clud ffering includes tw site-t-site VPN tunnels between the custmer s netwrk and the Caradigm datacenters (ne tunnel fr each f the Caradigm datacenters). These tunnels are used as the transprt fr all data feeds and CIP client traffic. Caradigm als supprts site-t-site VPN tunnels between yur netwrk and yur Health Infrmatin Exchange (HIE) slutin prvider (if any), as well as site-t-site VPN tunnels between yur HIE and select partner applicatins and the Caradigm datacenter envirnments. Hw d yu prtect data at rest? Data at rest in the CIP Clud is encrypted by using the fllwing technlgies: Prtected Health Infrmatin (PHI) n the file system is encrypted by using the Encrypting File System (EFS) feature f Windws Server. Online databases at rest and database backup files are encrypted by use the Transparent Database Encryptin (TDE) feature f Micrsft SQL Server 2012. Hw d yu prtect data in transit? Data in transit in the CIP Clud is currently encrypted by using the fllwing slutins: Netwrk traffic assciated with CIP applicatins uses HTTPS and SSL. Fr batch feeds, ur standard transprt prtcl is Secure FTP, which prvides fr SSL encryptin in transit. Server-t-server cmmunicatin is prtected within the datacenter by using SSL-based SQL Server cnnectins. What certificatins d Clud Services and yur datacenters have? Caradigm s CIP Clud is independently certified t the leading internatinal standard fr infrmatin security management, ISO27001. Our CIP Clud services als underg an annual SOC 2 Type II audit fr security and cnfidentiality cntrls, and a full reprt is made available t ur clients. In additin, ur datacenter facilities are ISO27001 certified and underg SSAE 16 Type II audits annually. Access t Service Operatins is autmatically audited, and includes events such as user identity, time f access, peratins perfrmed, and dwnlads r uplads. Hw d yu ensure cmpliance with security plicies? The Clud Services team perfrms quarterly security reviews f all envirnments t ensure that they cmply with established security plicies. 3
What authenticatin methds des CIP Clud use? The Caradigm datacenter systems use claims-based authenticatin, built n Micrsft Windws Identity Fundatin, t verify user credentials. Hw des CIP Clud define access levels? CIP Clud systems use rle-based access cntrl (RBAC) t prvide custmers an efficient way t manage user access. Custmers can use these rles t define user and administratr levels f access with the granularity they need. Rle membership determines the fllwing: The peratins that users have access t in applicatins and the Management Cnsle Permissin t read and write data CIP administratrs create and manage CIP rles in the Management Cnsle. What are the advantages f rle-based access cntrl? The CIP Clud uses a sustainable, rbust, cnfigurable, and extensible apprach t access cntrl. This apprach prvides the fllwing benefits: The custmer has a centralized system fr managing data and applicatin access: The custmer defines access plicies fr the entities t be secured. The custmer enfrces access acrss all applicatins and data The custmer can assign access at the needed level f granularity. Fr example: The user view f data recrds can be filtered statically, using entity prperties (fr example, Encunter.Facility = City Center ). The user view f data recrds can be filtered dynamically, using the user identity and any available tken claim (fr example, Encunter.AttendingMD = @user). The user view f data can be filtered at the cell level, masking r redacting parts f a recrd. Fr example, test results are nt displayed t nn-clinical staff. The custmer des nt need t add cde t enfrce security r t supprt auditing. What types f data can CIP Clud ingest and stre? The CIP Clud ffering is designed t ingest and stre all types f text data. Yu can cnfigure it t ingest Health Level Seven Internatinal (HL7) data and ther standard frmats including, but nt limited t, XML and CSV. This ffering is nt architected t ingest nn-text data such as picture archiving and cmmunicatin system (PACS) images r scanned dcuments, such as scanned charts. 4
Backup and recvery strategy Hw des disaster recvery wrk? The disaster recvery ptin extends the prductin envirnment with additinal cluster ndes and replicated databases that prvide a virtual mirrr image f the prductin envirnment. Like the prductin envirnment, the disaster recvery envirnment is built n a shared infrastructure with a discrete disaster recvery CIP instance per custmer. The main difference between the disaster recvery instance and the prductin instance is that the disaster recvery instance des nt include all f the high availability features (fr example, clustering and lad balancing) that exist in the prductin instance. The disaster recvery resurces are ge-replicated they reside in a datacenter that is gegraphically separate frm the custmer s primary prductin envirnment. Data replicates in real time between the primary prductin envirnment and the disaster recvery envirnment. This arrangement prvides custmers with additinal redundancy and prtectin if a primary datacenter fails, r an event ccurs that makes the cntinuatin f nrmal functins impssible at the primary datacenter. In the event f a failure at the primary prductin envirnment, the custmer redirects ingestin t the disaster-recvery envirnment and changes their lcal DNS t pint t it as well. Caradigm als changes its DNS t re-pint clients t the disaster recvery envirnment. After the primary prductin envirnment has recvered, the custmer and Caradigm revert the DNS changes. The precise Recvery Time Objective (RTO) and Recvery Pint Objective (RPO) fr yur service depend n the details f yur subscriptin agreement. The disaster recvery prcedure fr each custmer is tested annually. Des data persist frever? Each custmer s subscriptin agreement defines hw lng their data persists in the datacenter systems. At the end f this term, the data is destryed accrding t a standard perating prcedure. What happens t my data at the end f my CIP Clud subscriptin term? Custmers retain wnership f their data in the CIP Clud systems. If requested, at the end f the term f yur CIP Clud agreement, we will prvide a ne-time full cpy f the CIP user databases n remvable media. This cpy will be prvided in Micrsft SQL Server 2012 frmat with TDE enabled. Certificates and keys t unencrypt the data will be prvided ut-f-band frm the remvable media. 5
ABOUT CARADIGM Caradigm is a healthcare analytics and ppulatin health cmpany dedicated t helping rganizatins imprve patient care, reduce csts and manage risk thrugh the strategic, timely and cmpliant use f data generated acrss the healthcare cntinuum. Service availability Hw d yu measure availability? Currently, a mnitring service tests the CIP Clud systems by simulating a lgn fr each CIP Clud prductin instance nce every five minutes. These tests are run frm at least three remte datacenters. The results are aggregated int a mnthly availability metric per custmer. Hw d yu maintain high availability? In the primary prductin envirnment, each CIP server rle is either clustered r lad balanced t minimize single pints f failure. In additin, fr custmers wh purchase the disaster recvery ptin, Caradigm maintains a disaster recvery mirrr f the prductin envirnment t be used in the event f a catastrphic failure f the primary prductin envirnment. Fr mre infrmatin, see Hw des disaster recvery wrk? www.caradigm.cm +1-425-201-2500 500 108th Ave NE, Suite 300 Bellevue, WA 98004 6 2015 Caradigm. All rights reserved. Caradigm and the Caradigm lg are trademarks f Caradigm USA LLC. This material is prvided fr infrmatinal purpses nly. Caradigm makes n warranties, express r implied. The features and functinality available t custmers may vary depending n the custmer s subscribed applicatins and clud cnfiguratin. 6.