Patton-Fuller Request for Proposal

...

Figure 1- Proposed Patton-Fuller Physical Topology (Apollo Group, 2014)

Data Storage

Current Systems

PFCH has server hardware and network attached storage (NAS) capabilities for storage of digital records, such as those produced by x-rays, MRIs, CAT-scans, and other large file-size records is found in the radiology information system (RIS) and IT data centers (Apollo Group, 2014). Data centers are outlined as follows:

RIS Data Center (Apollo Group, 2014)

• Mac Pro server

 Mac Lion Server Operating System (OS)

 2-3 GHZ 6 core XEON processors

 64 GB Random Access Memory (RAM)

 4-2 TB HD in Redundant Array of Independent Disks (RAID) configuration

• Promise 48 TB

 4U 10 U RAID Disk Storage

IT Data Center (Apollo Group, 2014)

• IBM Series Z9EC Mainframe

 Linux OS

 DB2 database software

 18 processors

 32 GB RAM

 Advanced Encryption Standard (AES) security

• 10 TB NAS

The server and redundant array of independent disks (RAID) storage is what the Radiology viewing stations will access to view scan records, such as MRIs, x-ray, Radionuclide scans, and Sonography (Apollo Group, 2014). The RIS data server and IT data center’s NAS are the only existing systems capable of handling these types of digital records on the network.

Accessibility Requirements

The data storage methods selected for PFCH must support accessibility requirements for by ensuring reliable and comprehensive access to usable information (Laudon & Laudon, 2014). The accessibility requirements for various departments, as well as other hospitals and authorized entities, highlights the need for redundant connectivity and fail-safes to prevent interruption of vital data flows. Load balancing across multiple data servers would support accessibility by distributing traffic to prevent disruptions or reduced performance caused by system failures or increased demand (Microsoft, 2014). Network-accessible storage systems would also provide data sharing and coordination capabilities by consolidating information resources, which would ensure access to comprehensive, accurate, and usable information for authorized systems or personnel. Reliable and timely access to relevant and information is a critical aspect of effective performance. The data storage systems must include redundant connectivity, load balancing, and network integration to support the sharing and coordination of information resources.

Legal Requirements

Patients have a right to their health records, and PFCH has a legal responsibility to ensure the safety and privacy of their information. The Health Insurance Portability and Accountability Act (HIPAA) describes a wide range of regulations and standards addressing risk management strategies, security measures, and more (U.S. Department of Health and Human Services, n.d.). HIPAA requirements and safety standards allow patients control over their own Patient Health Information (PHI) records; this helps enforce restrictions on how the PHI will be used and who can access records. PFCH is legally obligated to ensure electronic health records (EHR) are protected from unauthorized access using organizational, administrative physical, and technical security processes (U.S. Department of Health and Human Services, n.d.). HIPAA introduced set of standards that health care providers had to follow or suffer the consequences of not following rules these standards (U.S. Department of Health and Human Services, n.d.). PFCH must appoint a security official, perform regular security audits, enforce physical and technical access control by monitoring and regulating access to PHI, and mandating the proper disposal of all computing equipment to ensure PHI is protected.

Security Requirements

The new IT auditing procedures will include a full software inventory and licensing, the implementation and monitoring of information security, controls over information systems, and controls of development and maintenance of systems (Sayana, 2014). The new security policy will include separation of duties, which is a security method for managing fraud by limiting the amount of control one individual has over the entire system. Physical access to IT equipment will be monitored and controlled with authentication systems and detailed access logs. Access control is another key component for securing network communications internally and externally. The system will include with network-based intrusion prevention and detection systems (IPS/IDS) to detect potentially malicious activity. Technical controls will be implemented on the layer two access switches by creating an access control list (ACL) based on Media Access Control (MAC) addresses. All wireless communication systems will implement WiFi Protected Access 2 (WPA2) enterprise (ENT) encryption that includes a remote authentication dial-in user service (RADIUS) server to authenticate users. The application and database servers communicate using Federal information processing standard (FIPS) 140, and all virtual private network (VPN) connections will use secure shell (SSH) tunnels for client/server communications (Microsoft Support, 2014).

Storage Recommendations

With PFCH’s current solution, some data is saved only on individual devices used by administration personnel, and only two major storage devices exist within the data center. The recommendation is to transition away from the two NAS devices in favor of a SAN. Although NAS devices are good for mass storage, they cannot provide the same performance capabilities as those facilitated by distributed data servers. A SAN provides a high level of performance through distributed servers and can use virtualization so multiple departments can use the same SAN despite logical separation. Virtualized instances can be sub-networked so that even though the departments use the same hardware to store and access data, they are still separated by networks to maintain security. RAID level 10 is recommended to ensure integrity and availability of data stored within the PFCH network. Utilizing RAID

...