Security and Managed Services



Similar documents
Security from a customer s perspective. Halogen s approach to security

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Client Security Risk Assessment Questionnaire

Altus UC Security Overview

SOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for Disaster Recovery

With Eversync s cloud data tiering, the customer can tier data protection as follows:

FormFire Application and IT Security. White Paper

DISASTER RECOVERY. Omniture Disaster Plan. June 2, 2008 Version 2.0

Cloud Management. Overview. Cloud Managed Networks

For more information on how to build a HIPAA-compliant wireless network with Lutrum, please contact us today!

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery

Cloud Contact Center. Security White Paper

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER

Security Controls for the Autodesk 360 Managed Services

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

Cloud-based archiving Secure. Easy. Affordable. Centricity Image Archive

Designtech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, Designtech Cloud-SaaS Hosting and Delivery Policy

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

How To Write A Health Care Security Rule For A University

Projectplace: A Secure Project Collaboration Solution

Leveraging Dedicated Servers and Dedicated Private Cloud for HIPAA Security and Compliance

Cloud Management. Overview. Cloud Managed Networks

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Disaster Recovery (DR) Planning with the Cloud Desktop

Oracle Cloud Enterprise Hosting and Delivery Policies Effective Date: June 1, 2015 Version 1.5

What is the Cloud, and why should it matter?

<cloud> Secure Hosting Services

CLOUD SERVICES FOR EMS

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Powering the Cloud Desktop: OS33 Data Centers

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

MANAGED EXCHANGE SOLUTIONS Secure, Scalable and Compliant Hosted Environments

HIPAA COMPLIANCE AND

Keyfort Cloud Services (KCS)

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

Famly ApS: Overview of Security Processes

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

Telecom Business Continuity Solutions FOR INTERNAL USE ONLY

DISASTER RECOVERY WITH AWS

Birst Security and Reliability

A Cloud Storage Solution. Digital Record Center for Medical Images

Things You Need to Know About Cloud Backup

RL Solutions Hosting Service Level Agreement

5 Things You Didn t Know About Cloud Backup

Appendix E to DIR Contract Number DIR-TSO-2736 CLOUD SERVICES CONTENT (ENTERPRISE CLOUD & PRIVATE CLOUD)

Assessing Business Continuity Solutions

How To Backup Your Hard Drive With Pros 4 Technology Online Backup

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

Service Organization Controls 3 Report. Report on Hyland Software, Inc. s OnBase Online Cloud Platform, relevant to Security and Availability

5 Critical Considerations for. Enterprise Cloud Backup

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Table of Contents. CSC CloudCompute Service Description Summary CSC 1

Everything You Need to Know About Network Failover

HIPAA Privacy & Security White Paper

Vendor-neutral, cloud-based medical image archiving

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

White Paper. Software as a Service by Yardi. Secure, seamless hosting and support

Data Backup and Restore (DBR) Overview Detailed Description Pricing... 5 SLAs... 5 Service Matrix Service Description

Hosted SharePoint: Questions every provider should answer

Business white paper Top 10 reasons to choose Cloud-based Archiving

HIPAA Security Alert

DriveHQ Security Overview

Making the leap to the cloud: IS my data private and secure?

Multi-Datacenter Replication

Cherwell Software Hosted Environment

Autodesk PLM 360 Security Whitepaper

Secure Hosting Solutions For SAGE Energy Management

High Availability of VistA EHR in Cloud. ViSolve Inc. White Paper February

Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

CallRail Healthcare Marketing. HIPAA and HITECH Compliance for Covered Entities using Call Analytics Software

custom hosting for how you do business

GoodData Corporation Security White Paper

A new innovation to protect, share, and distribute healthcare data

SaaS Service Level Agreement (SLA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Brochure Achieving security with cloud data protection. Autonomy LiveVault

Level I - Public. Technical Portfolio. Revised: July 2015

Addressing Cloud Computing Security Considerations

7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS

HIPAA RISK ASSESSMENT

Blackboard Managed Hosting SM Disaster Recovery Planning Document

Transcription:

iconnect Cloud Archive System Overview Security and Managed Services iconnect Cloud Archive (formerly known as Merge Honeycomb )

iconnect Cloud Archive offers cloud-based storage for medical images. Images are accessible anywhere, any time via a standard web-browser. As your storage needs grow, you can simply add capacity in the cloud instead of adding onsite storage hardware, management and bandwidth. To ensure the availability and security of these valuable assets, iconnect Cloud Archive runs on a secure, high-availability infrastructure to deliver a complete, reliable cloud-based image management solution. The purpose of this document is to outline how iconnect Cloud Archive addresses security and managed services to ensure that you remain in compliance with regulations that impact medical images. Medical Image Security Medical images, like other patient data fall under regulations like Health Insurance Portability and Accountability Act (HIPAA). The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes. Because of HIPAA and other guidelines, images archived in iconnect Cloud Archive are protected through a full breadth of services outlined in this document. From managing the underlying infrastructure, to protecting the valuable data, to ensuring staff follow well-defined processes, iconnect Cloud Archive offers complete protection and security for archived images. In addition to the following controls, the iconnect Cloud Archive policies and procedures are audited on a regular basis to encourage continual improvement in the safety and performance of the application and vital image data archived within it. SECURITY AND MANAGED SERVICES iconnect CLOUD ARCHIVE SYSTEM OVERVIEW 2

Datacenter Security Area What s Required? iconnect Cloud Archive Security Staff and systems to monitor for security breaches. 24/7/365 staff and systems use man traps, biometrics and continuous security monitoring by personnel. Power & redundancy Backup plan in the event that the primary power source is unavailable. Offers N+1 style of power source and full load secondary circuits. Also offers N+1 cooling and its redundancy. Each facility is on a different regional power grid. Onsite staff Fully staffed datacenters. Staffed 24/7/365. Facilities Structurally sound buildings that can withstand external pressures. Offers 12-inch concrete walls to withstand significant events like high winds, tornados. Facilities are outside of flood plains. Redundant facilities are geographically dispersed so that the same natural disaster cannot take out both data centers. SECURITY AND MANAGED SERVICES iconnect CLOUD ARCHIVE SYSTEM OVERVIEW 3

Network Security Area What s Required? iconnect Cloud Archive Network redundancy Carrier and physical network diversity to ensure accessibility in the event of a network outage from an Internet Service Provider (ISP) or physical damage to WAN infrastructure. High availability infrastructure. Leverages multiple ISPs at each data center for carrier diversity and high availability. Geographic load balancing ensures application availability and performance. Application and data security Security measures including: Packet inspection firewall Intrusion detection Intrusion prevention Application firewall Anti-virus and Anti-malware Includes best practice firewall configurations and dual Active/Active redundant configurations. 24/7/365 third-party managed Security Operation Center (SOC). Uses managed services for Intrusion detection, prevention, application and anti-virus as well as anti-malware services. Security incident management Reporting processes to account for any security incidents or breaches. All security incidents are evaluated per Merge s CAPA process and any incidents that potentially affect protected health information are added to the HIPAA investigation process. SECURITY AND MANAGED SERVICES iconnect CLOUD ARCHIVE SYSTEM OVERVIEW 4

Application Security Area What s Required? iconnect Cloud Archive Network Secure Internet connection. Uses HTTPS/SSL for logins and connections and requires strong passwords to access the system. The iconnect Cloud Archive gateway uses SSL and matched certificates for communication between the gateway and iconnect Enterprise Archive hosted in the datacenter. Use of SSL connections provides encryption of the data in motion. Application Secure storage of images to and from the archive. In addition to application level encryption, disk level encryption ensures encrypted data at rest. Also uses encrypted replication of the images and other objects from one data center to the other. Database Secure database. Uses Oracle Enterprise Edition database with Advanced Security Option for encryption of the database at rest. Each data center has its own independent database so that even with loss of one data center, iconnect Cloud Archive will continue to operate. Disk Security of image data while at rest. In addition to disk level encryption, the application also encrypts the data at rest. Application redundancy Ability of the application to failover and run on another system in the same datacenter or on a system in a separate datacenter. The iconnect Cloud Archive infrastructure includes two geographically dispersed datacenters. Each datacenter includes a full copy of the application with its own database and image set. It is designed to provide system redundancy as well as operate autonomously when required to provide continuous application availability whether due to network outages, power failures, system upgrades or other events. SECURITY AND MANAGED SERVICES iconnect CLOUD ARCHIVE SYSTEM OVERVIEW 5

Monitoring Automated datacenter and application monitoring for system health and performance. 24/7/365 monitoring by multiple commercial application monitoring solutions. Contingency Backups of systems and data. Processes ensure regular system and data backups and all data backups are encrypted. Application availability Traffic management and service failover. Uses load balancing devices to check for system availability and failover to alternate systems if needed. Emergency access to data Access to customer data in the event of customer system failure. Geographic separation and redundancy. Hot recovery standby systems for replacement of customer data. The two datacenters hosting iconnect Cloud Archive are nearly 1,000 miles apart and access can failover from one datacenter to the other if necessary. Data integrity Ability to restore without corruption/ loss of data. Performs ongoing and recurring restoration testing. System multitenancy protections Each customer s data must be isolated from unauthorized access by other users. iconnect Cloud Archive is a multi-tenant solution. All incoming data is tagged with the owners identification (the CloudUID). This ID is applied for manual uploads through the portal as well as studies uploaded through the gateways. The CloudUID is checked on storage ingestion of the studies into iconnect Cloud Archive as well as for all requests for retrieval via the gateway or via the iconnect Cloud Archive web interface. Alternative access In the event of local (customer) disaster where the local network or gateway device are destroyed, provide accessibility to stored studies and ability to store new studies in the interim. The iconnect Cloud Archive web interface can be used to directly view already archived studies (important for surgical transfers) and can be used to upload new studies from temporary field facilities. SECURITY AND MANAGED SERVICES iconnect CLOUD ARCHIVE SYSTEM OVERVIEW 6

Staff Security Area What s Required? iconnect Cloud Archive Access controls and authorization Systems and processes to ensure only authorized staff access system and application data. Employs network and system access and control procedures as well as individual background checks for system staff. HIPAA training Security awareness training Annual training for all staff who could come in contact with patient data. Training to ensure staff follows best practice security guidelines. Staff are trained and tested annually. Staff are trained when first employed and on an as-needed basis afterwards. iconnect Cloud Archive Overview iconnect CLOUD ARCHIVE DATACENTER #2 iconnect CLOUD ARCHIVE DATACENTER #1 RCM iconnect ACCESS ENTERPRISE ARCHIVE iconnect ACCESS ENTERPRISE ARCHIVE GATEWAY RADIOLOGY PACS CARDIOLOGY PACS iconnect Cloud Archive is hosted on two geographically dispersed datacenters. The applications, databases and images are replicated between the datacenters using Merge s Replicated Content Management (RCM) technology. If necessary, operations can failover from one datacenter to the other to ensure the application is highly available to end users. Merge s RCM technology ensures that images and assets stored in each datacenter are securely kept in sync so that if one system or datacenter is unavailable, clients will still be able to archive and access all their images stored in iconnect Cloud Archive. SECURITY AND MANAGED SERVICES iconnect CLOUD ARCHIVE SYSTEM OVERVIEW 7

About Merge Merge is a leading provider of innovative enterprise imaging, interoperability and clinical systems that seek to advance healthcare. Merge s enterprise and cloud-based technologies for image intensive specialties provide access to any image, anywhere, any time. Merge also provides clinical trials software with end-to-end study support in a single platform and other intelligent health data and analytics solutions. With solutions that have been used by providers for more than 25 years, Merge is helping to reduce costs, improve efficiencies and enhance the quality of healthcare worldwide. For more information, visit merge.com and follow us @MergeHealthcare. CLD-2589 877.446.3743 x3 merge.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information