-
2.0 Information for Organization AdministratorsThis section provides technical information for Organization Administrators.
-
2.1 System SecurityAzure Log Analytics is used as the infrastructure level logging as well as the application logging, audit logging. This also includes logging errors and exceptions.
-
2.1.1 Data Security Procedures & SafeguardsThe following were implemented as data security procedures and safeguards. Data Security Procedures and Safeguards AzureSQL has encrypted storage Azure Key Vault: All Encryption Keys are stored in AzureKey Vault; Azure Key Vault is used to store secret keys, encryption keys, SSL certificate keys, etc. Data Security: Sensitive ePHI data is encrypted at application level Cache items are encrypted End-to-end SSL encryption from browser to server on both frontend and backend applications ePHI data is encrypted at application level Client caching for requests that contain ePHI are disabled Database access is configured to only be accessed from the application server
-
2.1.1.1 Automatic Log-offAfter a period of 10 minutes, users are given a 2 minute warning and then logged out of the system automatically.
-
2.1.1.2 Data DeletionUsers of various roles have the ability to delete data and objects through the UI. All data deletes made the UI are only soft deletes, with records being marked as “Removed.” The data remains in the database but is no longer visible from the UI. In order to meet GDPR requirements for customers in the United Kingdom, administrators follow a standardized process to delete person records and associated data completely from the database upon a person’s request for removal of their own data.
-
2.2 Identity & Access ControlsP-CIS is equipped with both role-based access controls and user level access to records. Identity and access management are important to avoid unauthorized access to sensitive ePHI data. Opeeka P-CIS uses Azure AD to secure access to data hosted in the P-CIS application. Permissions are managed at the platform level to prevent unauthorized access to an Azure portal where the applications is hosted. External user’s access to the application is also implemented using Azure AD B2C to protection against unauthorized access to P-CIS Application.
-
2.2.1 Role Based Access ControlsUsers of the application are assigned a role. Roles include internal users: Helper-RW, Helper-RO, Supervisor, Admin-RW and Admin-RO. User roles establish what Modules a user can access and Security Groups identify which people’ information they can access, as seen in Figure 2.2.1.a. A complete list of permissions by role is in the document at Object 2.2.1.b. P-CIS implements role-based access controls such that users have certain access and privileges in the system.
-
2.2.2 User Level Access to RecordsIn addition to role-based access control, users who log in can only see the people that they are authorized to see based on their role. Organization Administrators can see all people, active and inactive, for their agency as well as all people shared to their agency. Supervisors can see active people they are assigned to help or who are assigned to be helped by someone they supervise or for which they review assessment for approval.
-
2.2.2.1. People Can Be Seen ByAn actively served person can be seen by: Any Helper/Supervisor currently assigned to the Person Any Reviewer currently assigned to the Helper/Supervisor assigned to the person Any Supervisor of any Helper currently assigned to the Person Any Supervisor of a Supervisor (…of a Supervisor…) of a Helper currently assigned to the Person All Supervisors who are currently assigned as the Collaboration Lead for a collaboration in which the person is currently enrolled All Organization Administrators An inactive person can be seen by:
-
2.2.2.2 Users by Role Can SeeHelpers can see: Any active person they are currently assigned to Any active person who is currently assigned to a Helper for which they are assigned as a Reviewer Supervisors can see: Any active person they are currently assigned to Any active person who is currently assigned to a Helper/Supervisor who they supervise Any active person who is currently assigned to a Helper/Supervisor/org admin that they are a reviewer for Any active person who is currently enrolled in a collaboration for which they are the lead Organization Administrators can see:
-
2.2.3 Identity ManagementP-CIS uses Microsoft Active Directory to manage identities. AD B2C. All log-ins are via email IDs. All rules for RBAC are managed by the application (REST API).
-
2.2.3.1 Unique User IdentificationUsing GUID, which is a 16 byte binary SQL Server data type (also denoted as UNIQUEIDENTIFIER in SQL Server). There is also a SQL int type field in dbo. User table, which is used as Primary Key and also for internal data transactions within application code. Primary intention of GUID is to use wherever it is needed to be exposed, like in API calls.
-
2.2.3.2 User CreationWhen users are added as a Helper, they receive an invitation to P-CIS as seen in Figure 2.2.4.a. Organization Administrators can add another user and make him Organization Administrators. Organization Administrators can have two access types RO, and RW. Organization Administrators can CRUD any user, or other attributes within the Agency (Org). Organization Administrators creates staff within the Agency (Org). Staff users are of types Supervisor and Helper. Supervisor access is always RW, but Helper can have two access types RO, and RW.
-
2.2.3.3 ADB2C Sign-up FlowAll the user creation happens within the AD B2C Server. The workflow is depicted in Figure 2.2.3.3.a. Sign-up of users via email, and log-in of users which will be explained in subsequent sections below. A user with an email address can log-in to only a particular agency; i.e, if a user has an email address user1@abc.com registered with agency1, he cannot use the same email address to register into another agency.
-
2.2.3.4 ADB2C Sign-in FlowWhen the application is opened, user will be redirected to the themed Opeeka log-in page in Azure B2C. User can enter email and password for log-in which will be validated against the AD in Azure B2C and a token will be generated. User must perform 2-factor authentication, user will be provided with screen to enter OTP to log-in. Once the user is authenticated, he/she will be redirected to Opeeka application to continue using that.
-
2.2.4 Emergency AccessP-CIS is a secure, could-based web application. Customers are responsible for establishing their own emergency access control procedures in the case of local power outages. P-CIS will remain accessible from any mobile, tablet, laptop or desk computer which remains operational during local power outages. P-CIS maintains strict access controls that can be maintained by customer’s own Organization Administrators. Customers are advised to establish their own break-glass procedures for any situations which might require immediate access to ePHI data.