HP Enterprise Services - DHHR

More documents

Recommendations

Info

HPES Response to West Virginia MMIS Re-procurement RFP 4.1.10 Solution Alignment with BMS’ Business and Technical Needs identify the users and control access rights and authenticate whether the user has access to a PC, a network, or an application. At the application level, the ID and password are used to identify the user and authenticate what data the user can access and what level of access is granted, such as read-only, or if the user can change or delete data. We will meet access performance standards 100 percent of the time 24 hours a day, seven days a week for web portal, AVRS, and pharmacy POS–except during negotiated downtime for system maintenance during off-peak hours. Operate Technical Support Desk (Req. 3) HPES will share our Information Technology Infrastructure Library (ITIL) expertise and capabilities to deliver a technical support desk to BMS. The IT services industry considers the ITIL framework a best practice. It promotes that services, processes, tools, and support activities be integrated so that services can be reliably provided while delivering higher value to the business. HPES has built our best practice processes during 40-plus years of integrating large-scale customer IT environments. The HPES team will perform first-level support though our web portal, email, and telephone and be available at least for 100 percent of the time during BMS working hours. Submit System Maintenance Schedule (Req. 4) HPES will routinely perform system maintenance on WV-iC during times least disruptive to system users. HPES will work with BMS to develop an approved system maintenance schedule at least 30 days before the event. Schedule Maintenance Window (Req. 5) To minimize service disruptions, HPES will schedule and complete maintenance between the hours of 1 a.m. and 6 a.m. If event maintenance cannot be performed during that window, HPES will seek approval from BMS or provide justification to request a different time frame. Make a Daily System Availability Schedule (Req. 6) HPES carefully monitors system availability and follows a predefined availability schedule that takes into consideration scheduled maintenance. We will distribute the system availability schedule to MMIS users and staff members through email. As the schedule changes, updates also will be distributed. Provide a Failover Environment (Req. 7) The HPES solution includes numerous capabilities that enable failover at our primary and backup data center. A dedicated failover environment at our backup data center in Colorado Springs provides the ultimate recovery to support continuous flow of operations so business is not affected by natural disaster or random events such as loss of power at the primary site. The HPES solution also includes high-availability features such as Tier 3 data centers, multipath network links, redundant compute and storage components, application clustering, and virtualization. The primary and backup data centers are linked with redundant, high-speed MPLS network circuits that enable continuous replication of data using storage area network (SAN) and application-based replication technologies. For example, HPES uses Oracle Database Enterprise Edition with Data Guard to keep both data center’s databases synchronized. This is a allows near real time, asynchronous updates of transactions to the backup data centers failover environment for 24 hour a day, seven day a week access to data. This approach verifies that critical systems are available 24 hours per day, seven days a week, except for scheduled downtime. Our recovery time objective (RTO) is 24 hours to completely transfer production operations to the backup system, redirect associated network traffic, and return to regular production volumes. Security and Privacy Security, privacy, and confidentially are critical elements of the MMIS Re-procurement Project’s success. The HPES team will preserve the security, confidentiality, privacy, availability, and integrity for the sensitive information we will manage for BMS. HPES brings our best practices and expertise from around the globe to deliver the right security and policies, requirements, control standards, and implementation procedures for BMS. BMS will experience an outstanding level of security and confidentiality service. HIPAA readiness is fully integrated in the system. We use our security, privacy, and confidentiality plan—which will serve as a living document for the life of the project— to support every facet of the MMIS program. HPES will develop a comprehensive set of policies, procedures, and standards for WV-iC that will be documented in the HPES West Virginia MMIS Security, Privacy, and Confidentiality Plan. Please see the “Comprehensive, Initial Security, Privacy, and Confidentiality Plan” subsection of our response to RFP section “3.2.6 Phase 1: MMIS Replacement DDI & CMS Certification Planning” for our detailed responses to security and privacy. In this section, we address the Appendix F Security and Privacy requirements that the HPES team will meet during the Operations Phase. Page 298 RFP # MED11014
HPES Response to West Virginia MMIS Re-procurement RFP 4.1.10 Solution Alignment with BMS’ Business and Technical Needs Each user will have a unique ID for accessing the system. The individual user will be allowed to access applications on the system only after entry of a password with the correct user ID. User IDs are set up with role-based security, with the ability to assign multiple roles to a user ID, which means users are limited to the functions they are allowed to perform. Our solution meets Appendix D Requirement SP1.3 to support a user security profile to control user access rights to appropriate levels of functions. For example, some providers may have inquiry access only while others will have the update capability necessary to submit claims. Stakeholders are not provided access to a system they are not required to use. The logon process provides a list of applications that are available. The only applications that are listed on this screen are those the stakeholder has been granted access to use. Provide Secure Email (Req. 8) Email has become a cornerstone of electronic communication that delivers a range of operational benefits and efficiencies. We use a careful selection process to make sure the COTS products—including email—and hardware specific to our security solution integrate with the overall architecture and solution. The following table includes the secure email products HPES will use to manage daily email demands, and those that require security encryption. Email Software Products Purpose Vendor COTS or Hardware Account-Based Email Gateway Microsoft Account (or healthcare-based) exchange email gateway (to help route account based email by server for DLP) Secure Encrypted Email HP Secure/Multipurpose Internet Mail Extensions (S/MIME) Provide New MMIS User Access (Req. 9) HPES will implement a comprehensive security management function across each application to provide authorized, rolebased user access to systems and applications. HPES’ solution proposes implementing robust identity management controls— including password management controls— designed to prevent wrongful use, access, and disclosure of sensitive information. This extends to providing appropriate role-based MMIS access to new, authorized users. We will follow established HPES procedures that include conducting required security checks and protocols for new staff members. Access is granted using a security request form approved and sent to a security team for execution. HPES will develop security request form procedures that provide detailed explanations for the access types listed on the form. Security access will be provided within one workday of employment or notification. Users receive their IDs after HPES receives appropriate authorization. Terminate BMS User Access (Req. 10) HPES will use our user access procedures and security request form to revoke access of terminated BMS users. The form will be approved by an individual listed on an authorized submitter list and sent to a security team for execution. To protect the integrity of MMIS confidential data, HPES will swiftly terminate access for terminated BMS users by the end of their last business day and within one hour of notification by BMS. Identify Email and Internet Spam and Scams (Req. 11) Antivirus and anti-spam software and support will filter infected or “junk” email from the email server before posting to the email users. The HPES team uses proven McAfee Endpoint Antivirus software for virus detection and control. The software is configured to notify recipients on detection of an infected email. Our support teams will use features in McAfee to allow administrators to authorize or block website access, promoting compliance. Detect and Prevent Hacking and Intrusion (Req. 12) HPES best practices dictate a multilevel security regime that provides high-speed firewall and intrusion detection capabilities within each security zone. The policies governing the type of traffic that passes between the networks through the firewalls are normally strict to increase performance and decrease the possibility of misconfiguration—which could inadvertently leave an avenue for hackers and unauthorized users. Intrusion detection sensors complement the firewalls at various points in each security zone by looking for specific profiles that indicate suspicious activity. They can alert or respond to such events. In this way, Internet server farms are secured from intranet and extranet server farms, external access gateways, and internal networks. RFP # MED11014 Page 299
Page 6 and 7:
HPES Response to West Virginia MMIS
Page 8 and 9:
Page 10 and 11:
Page 12 and 13:
Page 14 and 15:
Page 16 and 17:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
Page 26 and 27:
Page 28 and 29:
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69: HPES Response to West Virginia MMIS
Page 82 and 83: • The National Technical Informat
Page 96 and 97: Suspended claims resolution involve
Page 106 and 107: Meet BMS and CMS Requirements (Req.
Page 134: HPES Response to West Virginia MMIS
show all

HP Enterprise Services - DHHR

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?