- Who created PopMedNet™?
- What problem does PopMedNet™ address?
- What is PopMedNet™?
- What is a typical use case?
- How secure is the portal and network?
- Has the system been audited?
- Are there other security features?
- Does PopMedNet™ support APIs and how are they secured?
- Is there an activity auditing system and log?
- How does PopMedNet™ accommodate local, state and federal regulatory issues?
- Are system communications encrypted?
Setting up the PopMedNet™ system
- Who created PopMedNet? PopMedNet™ was developed under Contract No. 290-05-0033 from the Agency for Healthcare Research and Quality (AHRQ), US Department of Health and Human Services as part of the Developing Evidence to Inform Decisions about Effectiveness (DEcIDE) program, awarded to the DEcIDE centers at the HMO Research Network Center for Education and Research on Therapeutics (HMORN CERT) and the University of Pennsylvania. Additional development is funded by AHRQ under contract No. Grant Number R01 HS19912-01 for the Scalable PArtnering Network for CER: Across Lifespan, Conditions, and Settings (SPAN) project. The Food and Drug Administration’s Mini-Sentinel project (Contract No. HHSF223200910006I) provided additional support. The Harvard Pilgrim Health Care Institute and the Harvard Medical School, Department of Population Medicine serve as product and program management for PopMedNet.
- What problem does PopMedNet address? In health care and other fields there is often a need for institutions to collaborate by sharing specific information, but a strong reluctance to share large volumes of sensitive or otherwise protected data. Querying data held and secured by different, sometimes competing, institutions greatly complicates distributed querying of those sources. PopMedNet overcomes these distributed querying barriers through use of flexible governance mechanisms and a simple architecture that keeps the power in the hands of the data holders.
- What is PopMedNet? PopMedNet™ is a set of software tools that facilitates the creation, management, and operation of distributed networks that allow partners to maintain physical and operational control over their data while allowing others to send queries to the data. PopMedNet enables networks to send questions to the data, obviating the need for creation of a central data repository. The software consists of a web-based “network portal” and a DataMart Client application that is installed at each site. Each network has 1 portal and any number of participating institutions, each with any number of data sources available for querying. PopMedNet is not a specific network and does not adhere to a specific data model or governance structure. Rather, PopMedNet enables creation of collaborative networks, allowing each implementation to modify the implementation and governance for its own needs.
- What is a typical use case? PopMedNet™ was designed to allow healthcare institutions to collaborate on important public health and research questions while maintaining control of their protected and confidential information. Examples include public health surveillance using data from multiple medical group practices or comparative effectiveness research across multiple health insurers. See current projects for more information.
- What data models are currently supported by PopMedNet™ software? PopMedNet™ is data model agnostic; each network that uses PopMedNet can develop and implement its own data model, or use one of the currently supported data models. PopMedNet supports the HMO Research Network’s (HMORN) Virtual Data Warehouse, the Mini-Sentinel Common Data Model, and the ESP data model. The software supports any data source that uses an ODBC connection or a connection to a Postgres database in the pgAdmin application. Networks can chose to create a data model specific query interface to facilitate distributed querying or use PopMedNet to securely distribute executable code to network partners for local execution and response.
- How is a Data Model implemented within PopMedNet™? Typically, network data partners agree to a single schema and the semantic definition for each data element. This allows a single query to execute identically without modification at all network sites and facilitates creation of a simple querying interface (e.g., a query builder). In most cases, data partners are responsible for their own transformations, although derivative data models can be developed using distributed code to allow standardization. This derivative approach is used for the Mini-Sentinel summary tables.
- What data vocabularies or ontology standards does PopMedNet™ accommodate? Vocabularies are network specific; each network implementation should select an approach that best meets the needs of the data partners. A network of health insurers will likely use standard coding systems such as ICD, HCPCS, CPT, and NDCs whereas a network of medical group practices may use SNOMED, RXNORM, and LOINC. Networks should use standards based on how the data is captured.
Licensing and Community
- What type of license is PopMedNet using? PopMedNetTM source code (Copyright 2012, Harvard Pilgrim Health Care Institute) is licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.or/licenses/LICENSE-2.0. Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
- How can I receive a copy of the code? The source code and documentation can be found on the PopMedNet Community Wiki. The source code is available here.
- What limitations do I have in using the code? None. The license was selected to encourage broad use. We encourage others to use and improve the code, and strongly encourage modifications to be provided back to the community for all to benefit from. To share any contributions, feedback, and bug reports, please contact the PopMedNet Support Service Desk
- Are demonstration licenses available? The software is free to try. DPM staff can assist with demonstrations of the application and provide guidance on use. Access to a demonstration network is possible, as are proof-of-concept projects.
- How secure is the portal and network? Networks using PopMedNet can choose a range of options regarding the security of the implementation. As a web-based system it must be hosted somewhere, and that hosting architecture is determined by the network. All current implementations using PopMedNet are NIST 800-53 REVE 2 / FISMA compliant and have successfully passed a full audit of the hosting facility, application and operations procedures. The Application Portal is hosted in a two server configuration, one server (Portal web Server) to run the application and to service all applications requests that come in via the Web. This server runs the Portal application under IIS and ASP .NET. The second server (Portal Database server) houses the Portal Database in a MS SQL Server 2008 instance. Note that there will be no connection from the Portal Database server to the web. All requests will be made via the Portal Web server. Refer to the System Security documentation on the PopMedNet Wiki for more details.
- Has the system been audited? The PopMedNet™ software system has undergone 3rd-party secure audit and passed several additional security audits and penetration tests. Refer to the System Security documentation on the PopMedNet Wiki for more details.
- Are there other security features? The following list contains major system security governance specifications of the system.
- Enhanced system procedures:
- Securely store credentials as Salted Hashes
- Use cryptographically secure random values for session IDs (.Net Type 4 GUID)
- Cookies marked as ‘SECURE’, ‘SESSION’ & ‘HTTPONLY’ and the cookie domain
- Require/force Secure Socket layer (SSL) for all communications
- Enable strongest cipher suites and Transport Layer Security (TLS) versions
- Web Service and Portal Authorization
- Ensure all submissions are performed via POST method
- Do not publish WSDL
- Limit the number and size of file submissions
- Enhanced system procedures:
- Does PopMedNet™ support APIs? How are they secured? The DataMarts communicate with the Portal via a secure Web Services API. That communication is entirely one way, from the DataMart to the Portal, never in the other direction.
- Is there an activity auditing system and log? Yes. All system activity is logged and available for audit. Site-specific audit reports can be generated on the portal.
- How does PopMedNet™ accommodate local, state and federal regulatory issues? Each network is responsible for addressing and adhering to the regulations that apply to them. Network governance can address network-wide regulatory issues. The nature of the network and each specific query will determine what procedures should be followed. The system architecture – by allowing manual review of all queries and responses – allows data partners to maintain their existing procedures for adhering to all relevant regulations and local rules related to release of information.
- Are system communications encrypted? Yes. All data are encrypted during transfer between the portal and the individual sites (secure HTTPS connection).
Setting Up The PopMedNet System
- How is a network established? Any group of institutions can choose to create a network. Most networks develop an organizational structure to address network governance and operations. A network coordinating center that includes the Network Administrator (a role in the network) is often implemented to handle day-to-day operation. Once the system is established and hosted, the Network Administrator can set-up the network based on the governance rules that specify which organizations should be included, which users get login credentials, and the roles for all users.
- Once a network is established by the Network Administrator, how long does it take for partners to join and participate? Participation requires partners to 1) install the DataMart Client, 2) establish settings within the local DataMart Client, and 3) creation of the necessary connections to local databases. The user settings take about 30 minutes to set-up.
- Can governance rules be incorporated on a network-by-network basis? Yes. The software allows establishment of governance rules related to role-based access control, permissions, and query features. Rules can include who gets which roles, how long data remains on the portal before deletion, who can query who, and what query types are available. Governance rules are the joint responsibility of the Network Administrator and the individual partners who must give authorized users permission to send them queries. Refer to the PopMedNet System Administrator’s Guide on the PopMedNet Wiki for a complete list and more details.
- Does the system have any notification capabilities? Yes. The software includes extensive and flexible notification options for users. Notifications are based on changes in status within the system. Users can choose to receive notifications for a range of activities, including when query result are available, when query status changes, when queries have been sent to your DataMart for execution, when users are added or removed, etc. Query reminders are also available.
Distributing Queries and Getting Results
- How does the DataMart Client handle a query? The DataMart Client polls the portal for queries awaiting execution, downloads the query, executes the query, and manages the workflows associated with query execution (Administrator in box, notifications, workflow processing, etc.). The DataMart executes the query directly; it is not passed off to another service. Queries can be reviewed before local execution, and results reviewed before release. The system does not require an open port and is not designed to be fully synchronous – although all query fulfillment steps can be automated.
- What metadata is included when a query is distributed? Each query allows the requester to describe the nature of the query. System metadata include the requester name and contact information, his/her role in the system, the query description, and which other sites also received the query. The DataMart Administrator can see the query parameters and its results before uploading to the portal.
- It seems like the queries are asynchronous. Are there any synchronous queries? Technically, no. Though queries may “appear” to be synchronous (i.e. really fast) if there are few or no workflow steps associated with the query. The data partner must pull queries through its firewall before being executed. However, there are optional workflow review steps. Optional review and approval steps can range from fully automated to fully manual.
- How does a partner return query results? Query results are returned securely to the portal using the DataMart Client. The query result is stored on the portal for review by the requester.
- How does a user view query results? Query results are viewed on the portal by the requester. Each query has a unique system identifier and name provided by the requester. A user can only view results of their own queries. Depending on the type of query, results can be viewed in tabular form on the portal, aggregated on the portal, or downloaded in several different formats. Some query types generate responses that are simply files for to be downloaded by the requester.
Workflow / Rights
- How does Role-based access control work? The system has several roles that manage what a user with that role can do within the system. A role is a collection of rights. New roles can be created by grouping a different set of rights. A user always provides individual credentials when logging in, and the rights that user has once logged in come from the rights assigned to the user directly, as well as the rights inherited from the Organization and Projects to which that user belongs. Refer to the PopMedNet User Guide for details.
- What workflow does PopMedNet™ facilitate prior to sending the query? A query of a specific type can only be sent by a user who has been given the right to send a query of that type to the specific partner. A data partner will only receive queries from users who they have given permission to query them, and will only receive queries from the list of query types it has agreed to receive. Data partners can adjust permissions at any time. This means that system users can only send queries that they have permission to send.
- How does workflow work across different data partners? The software allows data partners to maintain their local workflow. Network partners give other partners permission to query them, but they maintain responsibility for query response. This allows each partner to maintain their local workflow, especially related to the release of information.