decimal App Documentation

User Tools

Site Tools

Trace: versions rn-30 userguide all_tutorials
pdotd:rn-30

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pdotd:rn-30 [2022/06/13 15:57] kerhartpdotd:rn-30 [2023/01/20 20:33] (current) – [PHI/PII Transmission] dpatenaude
Line 1: Line 1:
- 
 {{  :pdotd:decimal_logo_small.png?150|}} {{  :pdotd:decimal_logo_small.png?150|}}
 ====== RN-30: p.d 5.4 Security Overview ======  ====== RN-30: p.d 5.4 Security Overview ====== 
Line 17: Line 16:
 Like all TPS software, p.d does display PHI and PII on the screen during use, so standard precautions should be taken to ensure the local PC locks when idle and is otherwise protected from unintended access. Each p.d installation maintains a log of all login, import, export, and order events that can be reviewed if misuse is suspected. Users of the p.d software are general radiation therapy professionals, including dosimetrists, therapists, and medical physicists. Like all TPS software, p.d does display PHI and PII on the screen during use, so standard precautions should be taken to ensure the local PC locks when idle and is otherwise protected from unintended access. Each p.d installation maintains a log of all login, import, export, and order events that can be reviewed if misuse is suspected. Users of the p.d software are general radiation therapy professionals, including dosimetrists, therapists, and medical physicists.
  
-Since the primary purpose of using the p.d software is to order devices for patients, there is a necessity to transmit device manufacturing parameters and information to .decimal servers. In order to protect patient privacy, our proprietary order file format contains only the minimal data necessary to manufacture the requested device (a full description of the file format can be found at the end of this document). These files do not include PHI or PII or any sensitive customer billing/payment information, although customers can optionally include their internal Medical Record Numbers in the files to ensure invoices received from .decimal can be linked to the appropriate patient.+==== PHI/PII Transmission ==== 
 + 
 +Since the primary purpose of using the p.d software is to order devices for patients, there is a necessity to transmit device manufacturing parameters and information to .decimal servers. In order to protect patient privacy, our proprietary order file format contains only the minimal data necessary to manufacture the requested device (a full description of the file format can be found at the end of this document). These files do not include, by default, PHI or PII or any sensitive customer billing/payment information. Customers can optionally include
 +  * Their internal Medical Record Numbers in the files to ensure invoices received from .decimal can be linked to the appropriate patient. This option is enabled within the p.d application settings. 
 +  * The patient initials if the [[direct:userguide#app_specific_permissions|decimal Direct App option]] for this is enabled. 
 + 
 +Please refer to [[pdotd:rn-30#data_included_in_device_files|Data Included in Device Files]] for further details. 
 +==== Software Security ==== 
 + 
 The following are some additional features of note regarding the p.d software: The following are some additional features of note regarding the p.d software:
  
   * The software is installed on a per user basis on Windows based PCs   * The software is installed on a per user basis on Windows based PCs
-  * Authentication with .decimal servers is required to access the software and all user data is saved in their local Windows directory, preventing access from other accounts+  * Authentication with .decimal servers is required to access the software 
 +    * Multi-Factor Authentication (MFA) is [[support:security:mfa|available to users as an option]] 
 +  * All user data is saved in their local Windows directory, preventing access from other accounts
   * Communication between p.d and .decimal servers uses a TLS connection   * Communication between p.d and .decimal servers uses a TLS connection
   * Each device file created by p.d is transferred to .decimal servers using a secure HTTPS connection   * Each device file created by p.d is transferred to .decimal servers using a secure HTTPS connection
Line 36: Line 46:
 These ports must be open to passive communication with external addresses from the machine that is running p.d. Note that all communication is initiated from p.d (i.e., there should be no need to forward incoming ports to the p.d workstation). However, you must ensure that the aforementioned addresses be allowed to communicate with the p.d workstation in order for the software to function properly. These ports must be open to passive communication with external addresses from the machine that is running p.d. Note that all communication is initiated from p.d (i.e., there should be no need to forward incoming ports to the p.d workstation). However, you must ensure that the aforementioned addresses be allowed to communicate with the p.d workstation in order for the software to function properly.
 The communication with .decimal Direct is used for authenticating the user, ordering devices, checking the status of orders, and synchronizing machine setup information.  The communication with .decimal Direct is used for authenticating the user, ordering devices, checking the status of orders, and synchronizing machine setup information. 
 +
 +<WRAP center round info 60%>
 +**Note:**\\
 +p.d also requires unhindered HTTPS traffic to .decimal servers. Any security devices and policies that hinder, inspect, or redirect HTTPS traffic may result in p.d not connecting to or thinking there is a 'Man in the Middle' attack when connecting to the .decimal servers. Please refer to 
 +[[support:it_troubleshooting|Troubleshooting Communication Issues (Firewalls, Proxies, and Web Security Appliances (WSAs))]] for further details on the issues posed by these devices.
 +</WRAP>
  
 This protocol is also used to transfer data files that p.d creates for each device when placing an order. All data is transferred to the .decimal Direct servers using HTTPS. This protocol is also used to transfer data files that p.d creates for each device when placing an order. All data is transferred to the .decimal Direct servers using HTTPS.
Line 43: Line 59:
 ^ Data ^ Description ^ ^ Data ^ Description ^
 | TPS Info | The name and version of the TPS where the files originated and the version of p.d |  | TPS Info | The name and version of the TPS where the files originated and the version of p.d | 
-| Patient Info | An anonymized unique ID generated by p.d to reference the patient; may optionally include the medical record number (MRN) | +| Patient Info | An anonymized unique ID generated by p.d to reference the patient;<WRAP> 
 +  * may optionally include the medical record number (MRN) if this option is turned on within p.d 
 +  * may be set to instead use the patient initials if the [[direct:userguide#app_specific_permissions|decimal Direct App option]] for this is enabled 
 +</WRAP>
 | Beam Number | Beam number associated with the device |  | Beam Number | Beam number associated with the device | 
 | Beam Description | The beam description associated with this device |  | Beam Description | The beam description associated with this device | 
Line 76: Line 95:
 ---- ----
  
-RN-30 Rev. 20220323+RN-30 Rev. 20221110
  
 ;#; ;#;
pdotd/rn-30.1655135874.txt.gz · Last modified: 2022/06/13 15:57 by kerhart