Provider Link Security
Overview
`
Last Modified:
21 Jan 2010
– CONFIDENTIAL –
Page 2 of 4
INTRODUCTION
The Provider Link Security Overview describes the technology that supports the security of the Physician
Website.
PHYSICIAN ACCESS SETUP

Physician, physician office and facility information is entered by authorized users into the HCHB
application. Each HCHB customer has a dedicated database that stores all data related to that
customer and its patients.

Once the physician record has been created, authorized Provider Link administrators can create
a login to Provider Link via https://providerlink.hchb.com/Maint/Users.aspx. The procedure for
creating user accounts is described in the HCHB Provider Link Administration User Manual.
Administrative users may generate random temporary passwords or assign temporary
passwords for new users or existing users needing password resets then optionally email the
password to the user.

The Provider Link user account is maintained in a single centralized Provider Link database, with
the following information:
o
o
o
o
User details: User ID, user name, and password hash.
Roles: Physician, Agency Admin, and Facility User are the primary roles. Other roles and
the permitted actions of each are described in the Provider Link Administration User
Manual.
Agencies: Each user is associated with one or more HCHB customer agencies whose
patients are serviced by that physician or facility.
Mapping: Each user is mapped to a single physician or facility in the associated agency
database.
USERNAMES AND PASSWORDS

Physicians and Facilities are created in the HCHB Application. HCHB access is managed through
integrated Active Directory Domain security.

Provider Link non-HCHB Support users are maintained in a single centralized Provider Link
database.
o Usernames are stored as plain data.
o Passwords are stored using a hash encryption algorithm.

Provider Link HCHB Support user access is managed through integrated Active Directory Domain
security.
Page 3 of 4
WEBSITE LOGIN AUTHENTICATION
SECURE WEBSITE CONNECTION

The Provider Link public website utilizes 128-bit SSL public key cryptography using the
*.hchb.com global server certificate.
USER LOGIN VALIDATION

The user enters his or her username and password on the login page.

The centralized Provider Link database is queried for the specified username. If the username
does not exist, the user is denied authentication and provided with the following message:
Unable to validate your account, please try again.

A hash is taken of this plain text password which is then byte compared to the password binary
field in the user record selected in the previous step.

If the password matches, the user is authenticated and granted access to the site.

If the password doesn’t match, the user sees the following message:
Unable to validate your account, please try again.

At this point, the Provider Link database is queried for all agencies associated with the current
user.

Once the user selects a particular customer from the list:
o The customer ID is bound to the current session, and
o A connection string is created to access the agency database.
DATABASE CONNECTION

Provider Link runs under an Application Pool identity and gets access to the database via
integrated Windows security. No credentials are stored in the website’s configuration file.

The web server and database server are isolated in the same flat internal HCHB network. A
firewall is used to secure access to the Internet-facing Web server and it does not allow direct
access to the database server. Future plans are to implement a DMZ to further isolate the
public-facing Web server from internal systems. This will reduce the risk to our internal systems
if the web server is compromised.
Page 4 of 4
INACTIVITY LOGOUT



Pages other than Login, Change Password, and Forgot Password pages are refreshed after 21
minutes of inactivity, a minute after the session timeout of 20 minutes.
If the authentication ticket is still valid upon refresh then the page will reload.
If the authentication ticket is not valid then the refresh will result in the user being logged out
and redirected to the Login page.
ORDER AND FACE-TO-FACE ENCOUNTER SIGNING SECURITY

A physician signing orders or approving Face-to-Face Encounters must re-enter his or her
password to confirm the requested actions. This password entry is validated against the same
membership database and the update cannot proceed without successful validation.

Once signed, Provider Link writes an electronic signature record associated with each approved
order or Face-to-Face Encounter.

There is no function in Provider Link for physicians to retract order signatures or approvals of
Face-to-Face Encounters once these are confirmed.
AUDITING
PASSWORD CHANGES

The user is prompted to change their password on an interval defined by the agency and, if
allowed, the user (as of the March, 2011 release; previously, we prompted for the change every
90 days). The date of the last update is stored in the user’s record.
ACTIVITY

User activity is tracked and logged in a tracking record. This records page navigation through the
site, and will be extended to include more detail as needed.

Data changes made in the Provider Link database are audited per user (as of the March 2011
release.)

Data changes made in customer databases are tracked and logged via the HCHB User Audit Logs.