Provider Link Security Overview ` Last Modified: 21 Jan 2010 – CONFIDENTIAL – Page 2 of 4 INTRODUCTION The Provider Link Security Overview describes the technology that supports the security of the Physician Website. PHYSICIAN ACCESS SETUP Physician, physician office and facility information is entered by authorized users into the HCHB application. Each HCHB customer has a dedicated database that stores all data related to that customer and its patients. Once the physician record has been created, authorized Provider Link administrators can create a login to Provider Link via https://providerlink.hchb.com/Maint/Users.aspx. The procedure for creating user accounts is described in the HCHB Provider Link Administration User Manual. Administrative users may generate random temporary passwords or assign temporary passwords for new users or existing users needing password resets then optionally email the password to the user. The Provider Link user account is maintained in a single centralized Provider Link database, with the following information: o o o o User details: User ID, user name, and password hash. Roles: Physician, Agency Admin, and Facility User are the primary roles. Other roles and the permitted actions of each are described in the Provider Link Administration User Manual. Agencies: Each user is associated with one or more HCHB customer agencies whose patients are serviced by that physician or facility. Mapping: Each user is mapped to a single physician or facility in the associated agency database. USERNAMES AND PASSWORDS Physicians and Facilities are created in the HCHB Application. HCHB access is managed through integrated Active Directory Domain security. Provider Link non-HCHB Support users are maintained in a single centralized Provider Link database. o Usernames are stored as plain data. o Passwords are stored using a hash encryption algorithm. Provider Link HCHB Support user access is managed through integrated Active Directory Domain security. Page 3 of 4 WEBSITE LOGIN AUTHENTICATION SECURE WEBSITE CONNECTION The Provider Link public website utilizes 128-bit SSL public key cryptography using the *.hchb.com global server certificate. USER LOGIN VALIDATION The user enters his or her username and password on the login page. The centralized Provider Link database is queried for the specified username. If the username does not exist, the user is denied authentication and provided with the following message: Unable to validate your account, please try again. A hash is taken of this plain text password which is then byte compared to the password binary field in the user record selected in the previous step. If the password matches, the user is authenticated and granted access to the site. If the password doesn’t match, the user sees the following message: Unable to validate your account, please try again. At this point, the Provider Link database is queried for all agencies associated with the current user. Once the user selects a particular customer from the list: o The customer ID is bound to the current session, and o A connection string is created to access the agency database. DATABASE CONNECTION Provider Link runs under an Application Pool identity and gets access to the database via integrated Windows security. No credentials are stored in the website’s configuration file. The web server and database server are isolated in the same flat internal HCHB network. A firewall is used to secure access to the Internet-facing Web server and it does not allow direct access to the database server. Future plans are to implement a DMZ to further isolate the public-facing Web server from internal systems. This will reduce the risk to our internal systems if the web server is compromised. Page 4 of 4 INACTIVITY LOGOUT Pages other than Login, Change Password, and Forgot Password pages are refreshed after 21 minutes of inactivity, a minute after the session timeout of 20 minutes. If the authentication ticket is still valid upon refresh then the page will reload. If the authentication ticket is not valid then the refresh will result in the user being logged out and redirected to the Login page. ORDER AND FACE-TO-FACE ENCOUNTER SIGNING SECURITY A physician signing orders or approving Face-to-Face Encounters must re-enter his or her password to confirm the requested actions. This password entry is validated against the same membership database and the update cannot proceed without successful validation. Once signed, Provider Link writes an electronic signature record associated with each approved order or Face-to-Face Encounter. There is no function in Provider Link for physicians to retract order signatures or approvals of Face-to-Face Encounters once these are confirmed. AUDITING PASSWORD CHANGES The user is prompted to change their password on an interval defined by the agency and, if allowed, the user (as of the March, 2011 release; previously, we prompted for the change every 90 days). The date of the last update is stored in the user’s record. ACTIVITY User activity is tracked and logged in a tracking record. This records page navigation through the site, and will be extended to include more detail as needed. Data changes made in the Provider Link database are audited per user (as of the March 2011 release.) Data changes made in customer databases are tracked and logged via the HCHB User Audit Logs.