The OnePacs System
Page tree

Versions Compared

Old Version 2

changes.mady.by.user onepacs

Saved on

compared with

New Version Current

changes.mady.by.user Damien Evans

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In brief, DICOM studies are first transmitted from your PACS system(s) and/or modalities to a “Gateway” PC, which you supply and place on your local hospital network. When received at the Gateway PC, the studies are compressed, encrypted, and uploaded over the internet (via TLS/AES encrypted DICOM and HTTPS) to the OnePacs central server. On the central server, these received studies will be organized into a worklist which will be accessible to authorized users from any location on the internet. The Gateway PC will require a static local IP address on your local facility network such that studies can be pushed to it.

Please refer to the system diagram for an overview of the architecture of the OnePacs system.

...

  • You should already have a designated AE title for facility that the Gateway will be installed at.  If not, please create a new facility or contact your group administrator to do so.  Do not proceed with the Gateway installation unless you have an AE title for the facility.
  • Ensure that the technical requirements and networking requirements described above are met.  In particular, the PC must have a static local IP address on the local network. 
  • Verify that the Windows user account you're using is an administrator account on the local machine (not a domain user).  The installation of the PostgreSQL service may fail otherwise. 
  • Create a system restore point before install if there is any doubt regarding conflicts caused by the prerequisite installations (Microsoft Visual C++ 2015-2019 x86 14.22.27821, PostgreSQL 1217)
  • If anti-virus is installed, it is a good idea to temporarily disable it before the install.

...

Should you experience any problem with the above setup, free support is available on the OnePacs user forums located at www.onepacsforums.com. Paid support options are also available, please contact sales@onepacs.com for further details.please contact OnePacs customer support for further assistance.


Summary of OnePacs Gateway Best Practices

The server/server environment on which the OnePacs Gateway software package runs is chosen by, configured, and maintained by the OnePacs client. Accordingly, it is the responsibility of the client to ensure the reliable and secure operation of the server.

OnePacs recommends the following as Best Practices in management of the server/server environment:

Function and reliability

• It is recommended that the OnePacs Gateway server be used solely for the purpose of transmitting studies to OnePacs, and facilitating OnePacs EMR integration. Installing any unrelated software packages increases the risk of issues and may impact performance.

• Adjust the power settings of the OS to never sleep (always on).

• Disable hibernation

• The gateway must have a static internal IP address set from a router DHCP reservation

• For performance purposes, it is best to add anti-virus exclusions for:

⁃ c:\onepacs

⁃ c:\Program Files\PostgreSQL

For physical machines (rather than virtual machines):

• Configure the BIOS to restart automatically after a power failure and to automatically power on shortly before normal usage begins

• An uninterruptible power supply (UPS) is recommended.

General security

The OnePacs Gateway stores sensitive information on the local server storage device(s), including Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA). Accordingly it should be treated with the same degree of security vigilance that would be appropriate for any other server at your facility containing similar information. The specific security measures and management procedures are at the discretion of the OnePacs client, however, OnePacs offers the following suggested best practices for consideration:

• Careful attention to physical security is important. Access to the room where the server is located (either a physical server, or the host machine in a VM setting) should be controlled, preferably by a method with user-specific tracking such as keycard access

• It is useful to engage physical lock devices on the hardware itself when available, in order to avoid theft of the device, and also to prevent opening of the device for the purpose of removing storage devices

• Bitlocker drive encryption with a Trusted Platform Module (TPM) is suggested for physical (non-VM) servers

• For physical (non-VM) devices, it may be useful to secure BIOS settings with a password, and disable booting from alternate media

• A Windows Server Core install is recommended. Unnecessary Windows services should be disabled

• Application of a Windows Security Baseline should be considered as a useful means of maintaining consistent security policies across various Windows installs within an organization

• Configure Windows Updates to run automatically during off-hours

• Disable automatic administrator login to the recovery console

• Windows Firewall should be configured to disallow incoming connections, other than for ports specifically opened by the installer(s) for the OnePacs software system components

• Provision logon accounts only to individuals with a genuine need to access the system

• For each user who needs access to the system, provision accounts with only the necessary privilege levels needed for that user to execute their responsibilities

• Regularly disable or delete accounts that are no longer needed, and regularly review and reduce privilege/permission levels that are no longer needed

• Mandate appropriate password complexity, and set other password related policies as considered best by your organization

• It is useful to check security and other logs regularly to screen for unauthorized or inappropriate access, including screening for authentication events, privilege escalation and usage, and other user access activity

• Regular system scans should be scheduled with the security software solution(s) of your choice

• Your network firewall and monitoring software will be of utility in monitoring for and blocking unauthorized access, as well as screening for anomalies such as spikes in traffic that could reflect data exfiltration

• Regular system backups will be useful in a recovery situation

Uninstalling and reinstalling the Gateway software

...