Security

Hosting is in Maidenhead and Moorgate London. (IOMART Data Centre) one of the UKs largest and most secure sites. IOMART hosts many other NHS services and Trust applications on private and hybrid clouds they provide. These can be on N3 (an aggregator connection) or not. Cimar’s entire server-system runs on Linux Ubuntu 14.04 with its considerable in-built security capability, hosted on our own Private cloud.
From the server side, Ubuntu IPtables creates one tier of Firewall. This is inside a Cisco ASA 5512 Firewall environment. All ports are closed, and all unused system services are disabled by default. Each connecting organisation then has its own firewall architecture as well.
Yes – Cisco ASA 5512 Firewall with Proactive Monitoring and Alerting. In addition Ubuntu 14.04 IPtables.
Yes. The system is robustly firewalled, and only enables essential/restricted direct encrypted access. All ports are closed/blocked unless specifically required. All unessential services are disabled.
Nessus Vulnerability Scanner and Metasploit are running.
The ability to transfer/share or even request data is dependent on the user’s rights and permissions according to their role onthe system, and its permitted functions. This is called Role Based Access Control (RBAC). This is mandatory access control (MAC) managed by your Org’s admin. The application captures, records, and makes available to permitted users, any and all user activity. This is captured and logged for each study (everything that happens to it), and in addition, per user (everything a user sees or does – and when).
This is a clustered server instance, load balanced and mirrored enabling HA 99% uptime.
Several thousand. The UK instance is a clone of the US cloud which concurrently serves over 1000 hospitals and their users. Scalability is not an issue. It’s dynamically expandable in advance of demand.
The Host system runs Linux Ubuntu 14.04 as the core web platform OS. There is no client side software. Only a Browser (any) is required. Client OS can be Apple, MS, or Android. The systems DICOM Viewer is HTML 5, compliant with multiple versions of IE, Chrome, Firefox, Safari and Opera. For older browsers a simple viewer loads automatically. User access from all mobile platforms (responsive) is also supported.
Substantial and ongoing schedule. Each month new feature releases are deployed platform wide involving thorough preliminary testbed system testing before deployment.
Please see above and Cimar Security Brief V3.30 - Web Application Security Policy – 2. Tests are run monthly. Should an issue be identified this is escalated to developer services to rectify according to the SLA provided.
eSet NOD32 Linux runs across our host systems. The entire platform runs on Ubuntu 14.04 Anti-Virus/Anti-Maul-ware with Ubuntu IPtables firewall. For clients that run our DICOM Automation Gateway, (a Windows application) we require our client’s to run their own standard/approved anti-virus software on their provided hardware and locally administered policies.
Nagios and Sumo Logic monitoring software is in place which in combination, looks for patterns and provides robust intrusion defence.
Yes, using AES256. And more importantly: For each image record, the database contains only prime PHI, and no image data. Conversely, all corresponding stored images contain no PHI data. The two are split in RAM for doubled security and stored separately, then coalesced in real-time when accessed.
All imaging data hosted on the system is a copy of the clients original at source. And since most data will be held for a few days max before system record purge rules run, data volume at risk is extremely low. For long term archives, backups are stored near-line on disc.
No - However, if DICOM automation is to be implemented, the Trust/Hospital will need to provide a virtual or physical server/PC running Win7 or later. Cimar provides the DICOM Gateway for this routing host which may or may not have a cost implication depending on study volume/traffic. In essence this is a SaaS service, pay per use.
Yes – to PACS/Modalities – (DICOM node communication via AET). And to RIS/PAS – HL7 – (document interchange) however HL7 is an infrequent implementation since associated study documents can be embedded within DICOM studies by the system to minimise the need for multiple system integration.
Yes if full automation is required – Cimar provides a DICOM Gateway for this. A small software installation that brokers communication between PACS and Cimar – bi-directional. Your organisation provides a virtual or physical host server/PC on which Cimar installs this small app. We require an AET connection to PACS to enable DICOM comms.