HP Enterprise Services - DHHR
HP Enterprise Services - DHHR
HP Enterprise Services - DHHR
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>HP</strong>ES Response to West Virginia MMIS Re-procurement RFP<br />
4.1.10 Solution Alignment with BMS’ Business and Technical Needs<br />
Each user will have a unique ID for accessing the system. The individual user will be allowed to access applications on the<br />
system only after entry of a password with the correct user ID. User IDs are set up with role-based security, with the ability to<br />
assign multiple roles to a user ID, which means users are limited to the functions they are allowed to perform. Our solution<br />
meets Appendix D Requirement SP1.3 to support a user security profile to control user access rights to appropriate levels of<br />
functions. For example, some providers may have inquiry access only while others will have the update capability necessary to<br />
submit claims. Stakeholders are not provided access to a system they are not required to use. The logon process provides a<br />
list of applications that are available. The only applications that are listed on this screen are those the stakeholder has been<br />
granted access to use.<br />
Provide Secure Email (Req. 8)<br />
Email has become a cornerstone of electronic communication that delivers a range of operational benefits and efficiencies. We<br />
use a careful selection process to make sure the COTS products—including email—and hardware specific to our security solution<br />
integrate with the overall architecture and solution. The following table includes the secure email products <strong>HP</strong>ES will use to<br />
manage daily email demands, and those that require security encryption.<br />
Email Software Products<br />
Purpose Vendor COTS or Hardware<br />
Account-Based Email<br />
Gateway<br />
Microsoft<br />
Account (or healthcare-based) exchange email gateway (to<br />
help route account based email by server for DLP)<br />
Secure Encrypted Email <strong>HP</strong> Secure/Multipurpose Internet Mail Extensions (S/MIME)<br />
Provide New MMIS User Access (Req. 9)<br />
<strong>HP</strong>ES will implement a comprehensive security management function across each application to provide authorized, rolebased<br />
user access to systems and applications. <strong>HP</strong>ES’ solution proposes implementing robust identity management controls—<br />
including password management controls— designed to prevent wrongful use, access, and disclosure of sensitive information.<br />
This extends to providing appropriate role-based MMIS access to new, authorized users.<br />
We will follow established <strong>HP</strong>ES procedures that include conducting required security checks and protocols for new staff<br />
members. Access is granted using a security request form approved and sent to a security team for execution. <strong>HP</strong>ES will<br />
develop security request form procedures that provide detailed explanations for the access types listed on the form. Security<br />
access will be provided within one workday of employment or notification. Users receive their IDs after <strong>HP</strong>ES receives<br />
appropriate authorization.<br />
Terminate BMS User Access (Req. 10)<br />
<strong>HP</strong>ES will use our user access procedures and security request form to revoke access of terminated BMS users. The form will<br />
be approved by an individual listed on an authorized submitter list and sent to a security team for execution. To protect the<br />
integrity of MMIS confidential data, <strong>HP</strong>ES will swiftly terminate access for terminated BMS users by the end of their last<br />
business day and within one hour of notification by BMS.<br />
Identify Email and Internet Spam and Scams (Req. 11)<br />
Antivirus and anti-spam software and support will filter infected or “junk” email from the email server before posting to the email<br />
users. The <strong>HP</strong>ES team uses proven McAfee Endpoint Antivirus software for virus detection and control. The software is<br />
configured to notify recipients on detection of an infected email. Our support teams will use features in McAfee to allow<br />
administrators to authorize or block website access, promoting compliance.<br />
Detect and Prevent Hacking and Intrusion (Req. 12)<br />
<strong>HP</strong>ES best practices dictate a multilevel security regime that provides high-speed firewall and intrusion detection capabilities<br />
within each security zone. The policies governing the type of traffic that passes between the networks through the firewalls are<br />
normally strict to increase performance and decrease the possibility of misconfiguration—which could inadvertently leave an<br />
avenue for hackers and unauthorized users.<br />
Intrusion detection sensors complement the firewalls at various points in each security zone by looking for specific profiles that<br />
indicate suspicious activity. They can alert or respond to such events. In this way, Internet server farms are secured from<br />
intranet and extranet server farms, external access gateways, and internal networks.<br />
RFP # MED11014 Page 299