OpenSpecimen is built using the latest versions of all the technology platforms used internally. This includes Tomcat, Apache, MySQL (or MySQL), Java, VueJS, etc.
OpenSpecimen use an SSL-enabled webserver to encrypt data over the network.
User account security
Organizational Single Sign On (SSO)
This enables users to login into OpenSpecimen using their organizational credentials. It also ensures only active organizational users can access OpenSpecimen. You can configure one or more Identity Providers (IdP) to authenticate users in OpenSpecimen.
Currently, we support LDAP and SAML-based authentication, apart from the in-built user module of OpenSpecimen.
Two-factor Authentication enables OpenSpecimen customers to implement an additional security layer to protect user accounts. When 2FA is configured, users must enter an additional One Time Password (OTP) along with the username and password.
This system-level configuration applies only to local accounts (i.e., non-SAML/LDAP accounts).
User passwords for local accounts are stored in the MySQL database. To protect the user passwords, OpenSpecimen uses bcrypt to hash the passwords before storing them in the database.
Note: This does not apply if user accounts are integrated with the Customer's Identity Providers (IdP).
Password should be of length N characters (default 8)
Password complexity defined via RegEx as per customer needs (default: one capital, one number, special character)
Cannot be the same as the last N passwords
Password expiry every N days
Passwords are never emailed in free text
Passwords are stored in a one-way encrypted format
Accounts are locked after N failed attempts
Accounts are locked after N days of inactivity
Where N is configured as per the Customer's needs.
Every login and logout session is recorded, including failed login attempts. Refer to Other Audit Reports for more details.
Data manipulation audit
Every action resulting in changed data is audited (i.e., create, edit, delete). The audit information contains the following:
Across the globe, the security of PHI data is a matter of concern. There are many strict rules (e.g. HIPAA in the USA, GDPR rules in Europe, etc.). OpenSpecimen provides features to make clients compliant with these rules.
Restricted access to PHI
You can restrict users from viewing PHI data by giving the “Participant (DeID)” privilege.
Data shared via emails
PHI data is not included in any emails. To download any data, the user is provided a link, and he/she has to log in to OpenSpecimen to download the data.