The OnePacs System
Page tree

Versions Compared

Old Version 3

changes.mady.by.user tom bryce

Saved on

compared with

New Version Current

changes.mady.by.user tom bryce

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Should you experience any problem with the above setup, please contact OnePacs customer support for further assistance.


Summary of OnePacs Gateway Best Practices

The server/server environment on which the OnePacs Gateway software package runs is chosen by, configured, and maintained by the OnePacs client. Accordingly, it is the responsibility of the client to ensure the reliable and secure operation of the server.

OnePacs recommends the following as Best Practices in management of the server/server environment:

Function and reliability

• It is recommended that the OnePacs Gateway server be used solely for the purpose of transmitting studies to OnePacs, and facilitating OnePacs EMR integration. Installing any unrelated software packages increases the risk of issues and may impact performance.

• Adjust the power settings of the OS to never sleep (always on).

• Disable hibernation

• The gateway must have a static internal IP address set from a router DHCP reservation

• For performance purposes, it is best to add anti-virus exclusions for:

⁃ c:\onepacs

⁃ c:\Program Files (x86)\PostgreSQL

(c:\Program Files\PostgreSQL on 32-bit systems)

For physical machines (rather than virtual machines):

• Configure the BIOS to restart automatically after a power failure and to automatically power on shortly before normal usage begins

• An uninterruptible power supply (UPS) is recommended.

General security

The OnePacs Gateway stores sensitive information on the local server storage device(s), including Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA). Accordingly it should be treated with the same degree of security vigilance that would be appropriate for any other server at your facility containing similar information. The specific security measures and management procedures are at the discretion of the OnePacs client, however, OnePacs offers the following suggested best practices for consideration:

• Careful attention to physical security is important. Access to the room where the server is located (either a physical server, or the host machine in a VM setting) should be controlled, preferably by a method with user-specific tracking such as keycard access

• It is useful to engage physical lock devices on the hardware itself when available, in order to avoid theft of the device, and also to prevent opening of the device for the purpose of removing storage devices

• Bitlocker drive encryption with a Trusted Platform Module (TPM) is suggested for physical (non-VM) servers

• For physical (non-VM) devices, it may be useful to secure BIOS settings with a password, and disable booting from alternate media

• A Windows Server Core install is recommended. Unnecessary Windows services should be disabled

• Application of a Windows Security Baseline should be considered as a useful means of maintaining consistent security policies across various Windows installs within an organization

• Configure Windows Updates to run automatically during off-hours

• Disable automatic administrator login to the recovery console

• Windows Firewall should be configured to disallow incoming connections, other than for ports specifically opened by the installer(s) for the OnePacs software system components

• Provision logon accounts only to individuals with a genuine need to access the system

• For each user who needs access to the system, provision accounts with only the necessary privilege levels needed for that user to execute their responsibilities

• Regularly disable or delete accounts that are no longer needed, and regularly review and reduce privilege/permission levels that are no longer needed

• Mandate appropriate password complexity, and set other password related policies as considered best by your organization

• It is useful to check security and other logs regularly to screen for unauthorized or inappropriate access, including screening for authentication events, privilege escalation and usage, and other user access activity

• Regular system scans should be scheduled with the security software solution(s) of your choice

• Your network firewall and monitoring software will be of utility in monitoring for and blocking unauthorized access, as well as screening for anomalies such as spikes in traffic that could reflect data exfiltration

• Regular system backups will be useful in a recovery situation

Uninstalling and reinstalling the Gateway software

...