pdotd:rn-30
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
pdotd:rn-30 [2021/11/18 14:31] – [Appendix (Security Details)] dpatenaude | pdotd:rn-30 [2023/01/20 20:33] (current) – [PHI/PII Transmission] dpatenaude | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | |||
{{ : | {{ : | ||
====== RN-30: p.d 5.4 Security Overview ====== | ====== RN-30: p.d 5.4 Security Overview ====== | ||
Line 10: | Line 9: | ||
p.d is a locally installed software application for which the primary purpose is to enable users of various radiation treatment planning systems (TPS) to design, calculate, measure, and order patient-specific radiotherapy devices that are custom manufactured by .decimal. These devices are typically either apertures/ | p.d is a locally installed software application for which the primary purpose is to enable users of various radiation treatment planning systems (TPS) to design, calculate, measure, and order patient-specific radiotherapy devices that are custom manufactured by .decimal. These devices are typically either apertures/ | ||
- | FIXME | + | {{ : |
===== General Security Information ===== | ===== General Security Information ===== | ||
Line 17: | Line 16: | ||
Like all TPS software, p.d does display PHI and PII on the screen during use, so standard precautions should be taken to ensure the local PC locks when idle and is otherwise protected from unintended access. Each p.d installation maintains a log of all login, import, export, and order events that can be reviewed if misuse is suspected. Users of the p.d software are general radiation therapy professionals, | Like all TPS software, p.d does display PHI and PII on the screen during use, so standard precautions should be taken to ensure the local PC locks when idle and is otherwise protected from unintended access. Each p.d installation maintains a log of all login, import, export, and order events that can be reviewed if misuse is suspected. Users of the p.d software are general radiation therapy professionals, | ||
- | Since the primary purpose of using the p.d software is to order devices for patients, there is a necessity to transmit device manufacturing parameters and information to .decimal servers. In order to protect patient privacy, our proprietary order file format contains only the minimal data necessary to manufacture the requested device (a full description of the file format can be found at the end of this document). These files do not include PHI or PII or any sensitive customer billing/ | + | ==== PHI/PII Transmission ==== |
+ | |||
+ | Since the primary purpose of using the p.d software is to order devices for patients, there is a necessity to transmit device manufacturing parameters and information to .decimal servers. In order to protect patient privacy, our proprietary order file format contains only the minimal data necessary to manufacture the requested device (a full description of the file format can be found at the end of this document). These files do not include, by default, | ||
+ | * Their internal Medical Record Numbers in the files to ensure invoices received from .decimal can be linked to the appropriate patient. | ||
+ | * The patient initials if the [[direct: | ||
+ | |||
+ | Please refer to [[pdotd: | ||
+ | ==== Software Security ==== | ||
+ | |||
The following are some additional features of note regarding the p.d software: | The following are some additional features of note regarding the p.d software: | ||
* The software is installed on a per user basis on Windows based PCs | * The software is installed on a per user basis on Windows based PCs | ||
- | * Authentication with .decimal servers is required to access the software | + | * Authentication with .decimal servers is required to access the software |
+ | * Multi-Factor Authentication (MFA) is [[support: | ||
+ | * All user data is saved in their local Windows directory, preventing access from other accounts | ||
* Communication between p.d and .decimal servers uses a TLS connection | * Communication between p.d and .decimal servers uses a TLS connection | ||
* Each device file created by p.d is transferred to .decimal servers using a secure HTTPS connection | * Each device file created by p.d is transferred to .decimal servers using a secure HTTPS connection | ||
- | * Before the file for each device is created, the patient | + | * Before the file for each device is created, |
We value the privacy of our customers and the integrity of all our customer data and we employ significant efforts to use IT security best practices regarding the installation, | We value the privacy of our customers and the integrity of all our customer data and we employ significant efforts to use IT security best practices regarding the installation, | ||
Line 36: | Line 46: | ||
These ports must be open to passive communication with external addresses from the machine that is running p.d. Note that all communication is initiated from p.d (i.e., there should be no need to forward incoming ports to the p.d workstation). However, you must ensure that the aforementioned addresses be allowed to communicate with the p.d workstation in order for the software to function properly. | These ports must be open to passive communication with external addresses from the machine that is running p.d. Note that all communication is initiated from p.d (i.e., there should be no need to forward incoming ports to the p.d workstation). However, you must ensure that the aforementioned addresses be allowed to communicate with the p.d workstation in order for the software to function properly. | ||
The communication with .decimal Direct is used for authenticating the user, ordering devices, checking the status of orders, and synchronizing machine setup information. | The communication with .decimal Direct is used for authenticating the user, ordering devices, checking the status of orders, and synchronizing machine setup information. | ||
+ | |||
+ | <WRAP center round info 60%> | ||
+ | **Note:**\\ | ||
+ | p.d also requires unhindered HTTPS traffic to .decimal servers. Any security devices and policies that hinder, inspect, or redirect HTTPS traffic may result in p.d not connecting to or thinking there is a 'Man in the Middle' | ||
+ | [[support: | ||
+ | </ | ||
This protocol is also used to transfer data files that p.d creates for each device when placing an order. All data is transferred to the .decimal Direct servers using HTTPS. | This protocol is also used to transfer data files that p.d creates for each device when placing an order. All data is transferred to the .decimal Direct servers using HTTPS. | ||
Line 43: | Line 59: | ||
^ Data ^ Description ^ | ^ Data ^ Description ^ | ||
| TPS Info | The name and version of the TPS where the files originated and the version of p.d | | | TPS Info | The name and version of the TPS where the files originated and the version of p.d | | ||
- | | Patient Info | | + | | Patient Info | |
+ | * may optionally | ||
+ | * may be set to instead use the patient initials if the [[direct: | ||
+ | </ | ||
| Beam Number | Beam number associated with the device | | | Beam Number | Beam number associated with the device | | ||
| Beam Description | The beam description associated with this device | | | Beam Description | The beam description associated with this device | | ||
Line 74: | Line 93: | ||
+ | ---- | ||
+ | |||
+ | RN-30 Rev. 20221110 | ||
+ | |||
+ | ;#; | ||
+ | //Copyright © 2022 .decimal, LLC. | ||
+ | All Rights Reserved.// \\ | ||
+ | .decimal, LLC. 121 Central Park Place, Sanford, FL 32771. 1-800-255-1613 | ||
+ | ;#; |
pdotd/rn-30.1637245917.txt.gz · Last modified: 2021/11/18 14:31 by dpatenaude