The overall security of a PopMedNet network is determined by a combination of the PopMedNet software, the hosting environment, and the procedures and processes of the network's administrators and users.
PopMedNet is open-source software that may be implemented by anyone and for any purpose. Networks using PopMedNet may choose a range of options regarding the security of the implementation. The security features of the PopMedNet software are available to any network implementation, while hosting architecture and administration practices are determined by each network.
The PopMedNet software is designed to be highly secure and suitable for transferring sensitive data. The software has passed detailed independent security audits and passed several additional security audits and penetration tests.
The following pages details the major system security specifications of the software:
As a web-based system, the PopMedNet software must be hosted somewhere. The hosting environment and architecture is determined by each network implementation.
The following networks are hosted by Harvard Pilgrim Health Care Institute (HPHCI):
HPHCI contracts with QTS to Microsoft Azure to provide a highly secure, FISMA-compliant hosting environment and have successfully passed a full audit of the hosting facility, application, and operations procedures.
See the following pages for detailed information about the hosting environment and architecture for HPHCI-supported PMN environments:
For information on the hosting environment of a network not listed above, please contact the PopMedNet Network Administrator for that network.
Network Administration Practices
A PopMedNet network implementation must be administered by one or more users designated as a Network Administrator. Network Administrators are responsible for the overall access control configuration of a network. Access controls determine the permissions that specified users may have within a network, including permissions to submit requests, respond to requests, manage network entities, view activity, and authenticate users. PopMedNet access controls are highly granular, allowing each network implementation to have its own custom configuration.
The following PopMedNet networks are administered by the PopMedNet Team at the Harvard Pilgrim Health Care Institute Department of Population Medicine.
See HPHCI Network Administration Practices for information on the PopMedNet Team's network administration practices.
For information on the network administration practices of a network not listed above, please contact the PopMedNet Network Administrator for that network.