The overall security of a PopMedNet network is determined by a combination of the PopMedNet software, the hosting environment, and the procedures and processes of the network's administrators and users.
PopMedNet is open-source software that may be implemented by anyone and for any purpose. Networks using PopMedNet may choose a range of options regarding the security of the implementation. The security features of the PopMedNet software are available to any network implementation, while hosting architecture and administration practices are determined by each network.
The PopMedNet software is designed to be highly secure and suitable for transferring sensitive data. The software has passed detailed independent security audits and passed several additional security audits and penetration tests.
The following pages details the major system security specifications of the software:
HPHCI contracts with Microsoft Azure to provide a highly secure, FISMA-compliant hosting environment and have successfully passed a full audit of the hosting facility, application, and operations procedures.
See the following pages for detailed information about the hosting environment and architecture for HPHCI-supported PMN environments:
For information on the hosting environment of a network not listed above, please contact the PopMedNet Network Administrator for that network.
Network Administration Practices
A PopMedNet network implementation must be administered by one or more users designated as a Network Administrator. Network Administrators are responsible for the overall access control configuration of a network. Access controls determine the permissions that specified users may have within a network, including permissions to submit requests, respond to requests, manage network entities, view activity, and authenticate users. PopMedNet access controls are highly granular, allowing each network implementation to have its own custom configuration.