Security Overview
Application security overview
To ensure security in the Healthcare Data Repository application, carefully configure all system components:
- Firewalls
- Load balancers
- Virtual Private Networks (VPNs)
General security principles
Require complex and secure passwords
Any user who is configured in the WebLogic server where HDR application is deployed can access its APIs. It is recommended that strong password is used for the WebLogic user account that will be used to access HDR APIs.
Keep passwords private and secure
Tell users never to share passwords, write down passwords, or store passwords in files on their computers.
Lock computers to protect data
Encourage users to lock computers that are left unattended.
Provide only the necessary rights to perform an operation
Create necessary user roles for users accessing the application developed using HDR APIs to provide necessary access control to access different types of clinical data stored in HDR.