OpenSpecimen is a Java Spring and REST API based application. It is designed to handle highly sensitive data such as patient identifiers, demographics, clinical information, images, test results, etc. This document explains the security considerations used in OpenSpecimen to achieve this.
OpenSpecimen is built using the latest versions of all the technology platforms used internally. This includes Tomcat, Apache, Oracle, MySQL, Java, etc.
OpenSpecimen supports (and highly recommends) using SSL enabled webserver to ensure encrypting data over the network.
OpenSpecimen has an in-built user management module. For tighter security, adopters can consider integrating OpenSpecimen with their institution's LDAP (e.g., Active Directory). This will also avoid users having to remember multiple user names and passwords.
Where N is configured as per the Customer's needs.
Users can be restricted not to view PHI data using the roles and privileges module.
Every login and logout session is recorded, including failed login attempts.
Every action that results in data being changed is audited (i.e., create, edit, delete). The audit information contains:
Currently, audit reports will have to be generated either directly from the database or via REST API calls. There is no user interface for the same. Building a UI driven audit reporting module is present in our product roadmap.
Every time a user runs a report, a log is maintained, which includes information like: