Each of the current implementations of PopMedNet managed by Harvard Pilgrim Healthcare is hosted in a Federal Information Security Management Act (FISMA) compliant private cloud tier III data center. Security is maintained by a combination of technology and policy.

Check out the System Security documentation on the PopMedNet Wiki for full details.

Physical Security

  • Distributed infrastructure – partners maintain physical and operational control over electronic data in their existing environments
  • Hosting facility secured with mantrap entrances, photo identification validation, manned armed security tours, and video surveillance 24 hours per day, 7 days per week

Technical Security

  • Encrypted communications between the DataMart Client and Query Tool
  • Encryption of all data in the PopMedNet operational database
  • Automatic logoff after 30 minutes of Query Tool inactivity
  • FISMA compliant passwords which expire every 6 months and may not be reused
  • Encrypted password storage
  • Cryptographically secured random values for session IDs

Administrative Security

  • Role-based and monitored Query Tool access
  • Continuous audit of all system activity
  • Secure and controlled distribution of DataMart Client software
  • Annual security audits and regular penetration testing


Standard governance schemes and a common data model provide a straightforward path to partnership

Widely Adopted

Over 100 participating institutions, including the largest nationwide insurers, provide health data on over 223 million Americans

Proven Success

Over 150 studies, peer-reviewed publications, or ongoing projects have utilized PopMedNet