blogheader-bg.jpg

Epiphany Healthcare Blog

Common Practices and Security Risks

Posted by Russ DeRemer on July 14, 2017 at 10:01 AM

The following is a discussion of three common system configurations and the corresponding security risks.  Epiphany’s best-practice recommendations are included.

Web API 

coding.jpgThe optional Epiphany Web API (application programming interface) supports the ability of another program or application to request information from Cardio Server that is then displayed in a browser window.  

A common use case is to display a link within the patient's EMR record or cardiology PACS application to access diagnostic test results (from ECG, stress, Holter, PFT, etc.).  The user can simply click a link within the EMR or PACS application and the results will appear in a new window.   

When a user clicks on the link, the requesting application (EMR/PACS) creates a request with specific parameters that identify the information needed (i.e., MRN, type of study, date and time of service).  That request, or Web API call, is sent to Cardio Server.  Cardio Server processes the request and provides diagnostic test results in a new browser window.  The request to Cardio Server must follow certain syntax and content as defined by the Cardio Server Web API specifications.

The unencrypted Web API has been made available as an option for use in Cardio Server as a concession to legacy systems and third-party systems that cannot support a properly encrypted API. It is inherently unsecure as it allows any user with access to the system to authenticate with only a known good username.  It is not recommended by Epiphany Healthcare, but will be enabled if requested by the customer.  Exploitation risk: Entity’s staff who have been granted privileges to Cardio Server and have an affirmative duty to safeguard protected health information can access patient records inappropriately.

HL7 PDF link

Many Epiphany customers use Cardio Server as the official image archive for cardiology and pulmonary diagnostic test results.  In order to support customer requests for easy retrieval, some customers prefer to include a static URL link to Cardio Server in HL7 Results messages.  The link displays a specific diagnostic test result.   

The use of a PDF link in HL7 Result messages has been made available as an option for use in Cardio Server as a concession to legacy systems and third-party systems that cannot support a properly encrypted Web API.  It is inherently unsecure as it allows any user with access to the system to possibly access PDF files, given certain information.  It is not recommended by Epiphany Healthcare but will be enabled if requested by the customer.  Exploitation risk: Entity’s staff who have been granted privileges to Cardio Server and have an affirmative duty to safeguard protected health information can access patient records inappropriately.

Server Access Outside of Secure Network

Cardio Server can be configured to permit internet-facing login and access.   

Making the server available outside the hospital network, without additional security access controls (e.g., VPN or portal), is STRONGLY DISCOURAGED as the entity’s security exposure/risk is greatly enhanced.  Exploitation risk: Substantial risk of third–party, malicious penetration.   

In addition, the use of Active Directory password integration is recommended for Cardio Server installations.

Contact an Epiphany representative if you have any questions or would like to discuss this matter.