OpenSpecimen Security

OpenSpecimen resides in a HIPAA compliant protected space within the University of Utah Center for High Performance Computing (CHPC).  The production and development servers use encrypted drives for data at rest.  Data access between the database and the web server is encrypted and restricted to a monitored port.  All OpenSpecimen data, which is displayed or captured by the user interface, is encrypted using Secure Socket Layer (SSL) technology.  Within OpenSpecimen all data transactions including inserts, updates, deletions, import/export and reporting are logged.

Administrative Access to OpenSpecimen data

The operations and practices of the Biomedical Informatics Core (BMIC) and other University staff with regard to operational and research data are subject to Federal, State and University regulations, guidelines, policies and procedures.  The BMIC is in compliance with regards to privacy, confidentiality, intellectual property and related legal requirements.

OpenSpecimen Server Access

The hardware that the OpenSpecimen application is installed is owned and maintained by the University of Utah CHPC ( Center for High Performance Computing ). https://chpc.utah.edu/

Physical hardware is secured in a locked and guarded facility at the University of Utah Data Center. Physical access to the systems is limited to data center staff and limits CHPC staff.  Login access to the servers is restricted to CHPC and CCTS IT personnel only and only accessible after first logging into a limited VPN.

OpenSpecimen Data Backup Storage

Application Data is backed up to disk every 3 hours, and backed up to tape every night.