decimal App Documentation

User Tools

Site Tools

Trace: all_tutorials userguide
pdotd:rn-30

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pdotd:rn-30 [2021/11/18 14:30] – [Internet Communications] dpatenaudepdotd:rn-30 [2023/01/20 20:33] (current) – [PHI/PII Transmission] dpatenaude
Line 1: Line 1:
- 
 {{  :pdotd:decimal_logo_small.png?150|}} {{  :pdotd:decimal_logo_small.png?150|}}
 ====== RN-30: p.d 5.4 Security Overview ======  ====== RN-30: p.d 5.4 Security Overview ====== 
Line 10: Line 9:
 p.d is a locally installed software application for which the primary purpose is to enable users of various radiation treatment planning systems (TPS) to design, calculate, measure, and order patient-specific radiotherapy devices that are custom manufactured by .decimal. These devices are typically either apertures/blocks or intensity modulators / range compensators. The general software workflow is to import patient information from the TPS via DICOM, then design and/or review the required patient devices (blocks and modulators) with p.d, and finally to order the devices. Additional functions are also available to check order status, digitize scanned electron aperture images, and export data back to the TPS via DICOM, which may also be frequently used by some facilities. Figure 1 describes the communications between the p.d software, .decimal servers, and TPS computers. p.d is a locally installed software application for which the primary purpose is to enable users of various radiation treatment planning systems (TPS) to design, calculate, measure, and order patient-specific radiotherapy devices that are custom manufactured by .decimal. These devices are typically either apertures/blocks or intensity modulators / range compensators. The general software workflow is to import patient information from the TPS via DICOM, then design and/or review the required patient devices (blocks and modulators) with p.d, and finally to order the devices. Additional functions are also available to check order status, digitize scanned electron aperture images, and export data back to the TPS via DICOM, which may also be frequently used by some facilities. Figure 1 describes the communications between the p.d software, .decimal servers, and TPS computers.
  
-FIXME+{{ :pdotd:rn-30-figure1.png |}}
  
 ===== General Security Information ===== ===== General Security Information =====
Line 17: Line 16:
 Like all TPS software, p.d does display PHI and PII on the screen during use, so standard precautions should be taken to ensure the local PC locks when idle and is otherwise protected from unintended access. Each p.d installation maintains a log of all login, import, export, and order events that can be reviewed if misuse is suspected. Users of the p.d software are general radiation therapy professionals, including dosimetrists, therapists, and medical physicists. Like all TPS software, p.d does display PHI and PII on the screen during use, so standard precautions should be taken to ensure the local PC locks when idle and is otherwise protected from unintended access. Each p.d installation maintains a log of all login, import, export, and order events that can be reviewed if misuse is suspected. Users of the p.d software are general radiation therapy professionals, including dosimetrists, therapists, and medical physicists.
  
-Since the primary purpose of using the p.d software is to order devices for patients, there is a necessity to transmit device manufacturing parameters and information to .decimal servers. In order to protect patient privacy, our proprietary order file format contains only the minimal data necessary to manufacture the requested device (a full description of the file format can be found at the end of this document). These files do not include PHI or PII or any sensitive customer billing/payment information, although customers can optionally include their internal Medical Record Numbers in the files to ensure invoices received from .decimal can be linked to the appropriate patient.+==== PHI/PII Transmission ==== 
 + 
 +Since the primary purpose of using the p.d software is to order devices for patients, there is a necessity to transmit device manufacturing parameters and information to .decimal servers. In order to protect patient privacy, our proprietary order file format contains only the minimal data necessary to manufacture the requested device (a full description of the file format can be found at the end of this document). These files do not include, by default, PHI or PII or any sensitive customer billing/payment information. Customers can optionally include
 +  * Their internal Medical Record Numbers in the files to ensure invoices received from .decimal can be linked to the appropriate patient. This option is enabled within the p.d application settings. 
 +  * The patient initials if the [[direct:userguide#app_specific_permissions|decimal Direct App option]] for this is enabled. 
 + 
 +Please refer to [[pdotd:rn-30#data_included_in_device_files|Data Included in Device Files]] for further details. 
 +==== Software Security ==== 
 + 
 The following are some additional features of note regarding the p.d software: The following are some additional features of note regarding the p.d software:
  
   * The software is installed on a per user basis on Windows based PCs   * The software is installed on a per user basis on Windows based PCs
-  * Authentication with .decimal servers is required to access the software and all user data is saved in their local Windows directory, preventing access from other accounts+  * Authentication with .decimal servers is required to access the software 
 +    * Multi-Factor Authentication (MFA) is [[support:security:mfa|available to users as an option]] 
 +  * All user data is saved in their local Windows directory, preventing access from other accounts
   * Communication between p.d and .decimal servers uses a TLS connection   * Communication between p.d and .decimal servers uses a TLS connection
   * Each device file created by p.d is transferred to .decimal servers using a secure HTTPS connection   * Each device file created by p.d is transferred to .decimal servers using a secure HTTPS connection
-  * Before the file for each device is created, the patient name is anonymized such that only the initials are readable+  * Before the file for each device is created, a unique ID is generated by p.d to reference the patient so that no PHI or Patient PII is sent to .decimal
  
 We value the privacy of our customers and the integrity of all our customer data and we employ significant efforts to use IT security best practices regarding the installation, configuration, and management of our servers and other IT infrastructure (see Appendix below for further details). Despite these measures, it is important to recognize that our primary means of protecting our customers’ sensitive data is to simply ensure that it never leaves their facility. The data received by .decimal from our customers is therefore intentionally limited, making many of the common questions regarding our policies and security measures with your data not critical to the protection of your patient or facility data (as we simply do not send your sensitive data to our servers). As such, users should not add PHI/PII data in any free-form text fields when ordering devices. We value the privacy of our customers and the integrity of all our customer data and we employ significant efforts to use IT security best practices regarding the installation, configuration, and management of our servers and other IT infrastructure (see Appendix below for further details). Despite these measures, it is important to recognize that our primary means of protecting our customers’ sensitive data is to simply ensure that it never leaves their facility. The data received by .decimal from our customers is therefore intentionally limited, making many of the common questions regarding our policies and security measures with your data not critical to the protection of your patient or facility data (as we simply do not send your sensitive data to our servers). As such, users should not add PHI/PII data in any free-form text fields when ordering devices.
Line 36: Line 46:
 These ports must be open to passive communication with external addresses from the machine that is running p.d. Note that all communication is initiated from p.d (i.e., there should be no need to forward incoming ports to the p.d workstation). However, you must ensure that the aforementioned addresses be allowed to communicate with the p.d workstation in order for the software to function properly. These ports must be open to passive communication with external addresses from the machine that is running p.d. Note that all communication is initiated from p.d (i.e., there should be no need to forward incoming ports to the p.d workstation). However, you must ensure that the aforementioned addresses be allowed to communicate with the p.d workstation in order for the software to function properly.
 The communication with .decimal Direct is used for authenticating the user, ordering devices, checking the status of orders, and synchronizing machine setup information.  The communication with .decimal Direct is used for authenticating the user, ordering devices, checking the status of orders, and synchronizing machine setup information. 
 +
 +<WRAP center round info 60%>
 +**Note:**\\
 +p.d also requires unhindered HTTPS traffic to .decimal servers. Any security devices and policies that hinder, inspect, or redirect HTTPS traffic may result in p.d not connecting to or thinking there is a 'Man in the Middle' attack when connecting to the .decimal servers. Please refer to 
 +[[support:it_troubleshooting|Troubleshooting Communication Issues (Firewalls, Proxies, and Web Security Appliances (WSAs))]] for further details on the issues posed by these devices.
 +</WRAP>
  
 This protocol is also used to transfer data files that p.d creates for each device when placing an order. All data is transferred to the .decimal Direct servers using HTTPS. This protocol is also used to transfer data files that p.d creates for each device when placing an order. All data is transferred to the .decimal Direct servers using HTTPS.
Line 43: Line 59:
 ^ Data ^ Description ^ ^ Data ^ Description ^
 | TPS Info | The name and version of the TPS where the files originated and the version of p.d |  | TPS Info | The name and version of the TPS where the files originated and the version of p.d | 
-| Patient Info | The anonymized patient name containing the patient initials and optionally the medical record (MRnumber +| Patient Info | An anonymized unique ID generated by p.d to reference the patient;<WRAP> 
 +  * may optionally include the medical record number (MRNif this option is turned on within p.d 
 +  * may be set to instead use the patient initials if the [[direct:userguide#app_specific_permissions|decimal Direct App option]] for this is enabled 
 +</WRAP>
 | Beam Number | Beam number associated with the device |  | Beam Number | Beam number associated with the device | 
 | Beam Description | The beam description associated with this device |  | Beam Description | The beam description associated with this device | 
Line 60: Line 79:
 | Surface or Polyline | Series of (X,Y,Z or X,Y) values in cm that represent the surface map or contour that describes the device. The format of each line is a series of two or three numbers separated by spaces. |  | Surface or Polyline | Series of (X,Y,Z or X,Y) values in cm that represent the surface map or contour that describes the device. The format of each line is a series of two or three numbers separated by spaces. | 
  
 +===== Appendix (Security Details) =====
 +|  **Area of Concern** |  **Description**  |
 +^ Policies and Procedures ^^
 +| Standards and Policies | Controlled procedures are in place for: data handling, remote access, third party access, incidence response handling, change management, and HR practices |
 +| Employees | All employees are drug tested, have background checks performed, and are required to sign a HIPAA confidentiality agreement |
 +| Visitors | All visitors are logged, escorted, and monitored through critical parts of the company |
 +| Vendors | All vendors with potential access to PHI/PII are required to sign a BAA with our company to protect such data |
 +| Data Storage | All data, including backups, are stored in the US |
 +^ Network Infrastructure ^^
 +| Access control | Networking devices are configured to only allow specific traffic to pass through, administrative access to the network is controlled and monitored, and external reviews of procedures are performed |
 +| Network Devices | Devices are maintained at the latest patch levels and critical devices are maintained in a locked, restricted access environment |
 +| Firewall | A dedicated firewall system is employed to protect the network, including blocking of non-standard IP ports |
 +
 +
 +----
 +
 +RN-30 Rev. 20221110
  
 +;#;
 +//Copyright © 2022 .decimal, LLC. 
 +All Rights Reserved.// \\
 +.decimal, LLC. 121 Central Park Place, Sanford, FL 32771. 1-800-255-1613
 +;#;
pdotd/rn-30.1637245807.txt.gz · Last modified: 2021/11/18 14:30 by dpatenaude