- DImax and Enterprise Data Mart are deployed ‘out-of-line’ inside the health client establishment through mirrored port on a switch (hardware or virtual).
- Data created in the parsing process may contain PHI – names, MRN/Health ID, etc. and are stored as system logs on the appliance.
- All storage is contained on the appliance (VM or Hardware) can be backed up to the health client archive systems.
- All long term storage data is encrypted to AES256 standard and digitally signed – data alterations are impossible.
- Software upgrades, patches and fixes are downloaded from a Bialogics server. Each access is tested and controlled for activation keys and unique system ID’s.
- Upgrades can be automated if the system is allowed access to the Internet.
- Alternatively upgrades will occur when the administrator manually invokes an Upgrade.
- The Bialogics Upgrade server is located in a hardened facility in Victoria BC. All staff is criminal record checked prior to employment.
- The system is delivered with built-in firewall protection.
SYSTEM LOGGING AND AUDIT CAPACITY
- DImax captures network connection events, and parses network, DICOM, HL7 and XML messages in memory to extract relevant data. In the case of DICOM traffic, only the DICOM header information is parsed – payloads are unexamined and discarded by the process.
- All logged data can be archived and accessed only by the system itself.
Enterprise Data Mart
- Enterprise Data Mart collects, summarizes and stores all HL7 messages, DICOM headers and XML ensuriong that all messages are retained in JSON format.
USER ACCESS CONTROLS
- User access is browser-based and controlled through the assignment of roles along with strong passwords.
- The system is shipped with Administrator, Normal and Privacy user roles.
- Role types can be associated with analytical functions do as to restrict access to areas containing PHI.
- Users never access core logs retained by the system – information in those logs is parsed into a database and made available to the browser.
- Data can be extracted from the system in .csv format for further analysis. Where it is determined that the potential user should not have access to PHI, an automated hash is available to fully and irreversibly anonymize the extracted PHI-related data and to convert birth dates into years.
Email firstname.lastname@example.org or call 250-405-5380