OpenSpecimen is a Java Spring and REST API-based application. It is designed to handle highly sensitive data such as patient identifiers, demographics, clinical information, images, test results, etc. This document explains the security considerations used in OpenSpecimen to achieve this.
OpenSpecimen is built using the latest versions of all the technology platforms used internally. This includes Tomcat, Apache, Oracle, MySQL, Java, etc.
OpenSpecimen uses TLS2/3 SSL-enabled webserver to encrypt data over the network.
OpenSpecimen has an in-built user management module. Customers can integrate OpenSpecimen with their institution's identity provider (e.g., Active Directory) via SAML or LDAP for tighter security. This will also avoid users having to remember multiple user names and passwords.
Note: This does not apply if user accounts are integrated with the Customer's Identity Providers (IdP).
Where N is configured as per the Customer's needs.
Where N is configured as per the Customer's needs.
PHI data is displayed only to users who have specific privileges.
Every login and logout session is recorded, including failed login attempts.
Every action resulting in changed data is audited (i.e., create, edit, delete). The audit information contains:
Audit reports can be generated via UI.
Reporting Audit
Every time a user runs a report, a log is maintained, which includes information like: