RHIOnet Security

Security Model

We designed the RHIOnet security model from the ground up to deliver a robust, secure environment for delivering information from the source to the desktop. RHIOnet’s security model can be partitioned into five distinct areas:

 

Authentication

RHIOnet’s interchangeable authentication modules allow you to customize level of authentication security desired. Simple passwords, complex passwords, token/smart cards or biometrics can be employed to meet security needs. RHIOnet always transmits authentication tokens over encrypted connections to prevent password snooping.

 

Authorization

Authenticated users have an Access Control List built from RHIOnet’s internal security database. This Access Control List determines the menu of permitted actions. Only allowed actions are shown to the user, precluding any possibility of executing an unauthorized action. User permissions can be specified on both an organizational and transaction level, allowing, for example, a user to have member eligibility permission at all institutions on the network while having only formulary and referral permissions at selected institutions.

 

Provider privileges

Another important authorization component is the ability to give users substitution rights for approved providers. We know that today’s busy providers rarely have time to access systems directly, and must rely on office managers and other personnel to retrieve health plan information. RHIOnet allows authorized users to submit requests, authorizations, referrals, etc. on behalf of these providers. RHIOnet considers these requests as those of the underlying provider and submits the request on their behalf, without giving the submitter any additional privileges. RHIOnet includes an administration GUI, including group/role models to ease system administration.

RHIOnet Group Administration Interface

 

Sensitive Requests

RHIOnet provides additional levels of security for requests, such as claims status and referral inquiry, which may contain sensitive patient information. These requests can only be viewed if they involve the submitting provider. For example, providers can only see referrals where they are the primary care or referral provider. This prevents personnel from “surfing” and viewing unauthorized sensitive information.

 

Encryption

RHIOnet provides several levels of encryption to prevent unauthorized persons and outsiders from viewing sensitive information.
 
RHIOnet provides Secure Sockets Layer v3 encryption between the central server and the user’s web browser. This encryption ensures that confidential information cannot be “snooped” in transit. This also verifies that RHIOnet has not been “spoofed” by intruders attempting to steal authentication credentials.
 
If confidential information is being received from outside the central server data center, from, for example, an on-line clinic or laboratory, RHIOnet can also encrypt this data stream. In fact, RHIOnet can encrypt any of the data streams between its services allowing them to be dispersed securely over a wide area network, if desired.