|
Describe the possible configurations into which AEMS can be implemented.
|
AEMS will run on all Windows operating systems capable of running Internet Explorer 5.5 or later.
The Web server and database will run on NT sp4/2000/2003 operating systems – no special setup is required.
AEMS is intended for use by staff inside and possibly even outside the facility, and as such is accessible only through a browser interface. The setup utility is intended for key individuals only, and as such, operates more central to the network.
|
|
Does AEMS support thin-client access architecture such as Citrix or Terminal Services?
|
All end-user access is done through a web browser, and as such, may be performed using any architecture that permits the use of Internet Explorer 5.5 or later.
Administrative maintenance is done through a Win32 application. None of our existing clients use Citrix or Terminal Services, but as our applications are fully Microsoft compatible, we do not foresee any problems with this.
|
|
What operating systems are supported by the application?
|
AEMS will run on all Windows operating systems capable of running Internet Explorer 5.5 or later.
The Web server and database will run on NT 4 /2000/2003 operating systems – no special setup is required.
|
|
Does AEMS support the Windows environment at the client level?
|
AEMS will run on all Windows operating systems capable of running Internet Explorer 5.5 or later.
|
|
Describe the process or methodology used to maintain your operating system’s versions and service packs released.
|
New versions are made available to supported clients approximately 4 times a year. Updating involves ‘drag & drop’ file transfer along with running SQL scripts using the SQL Server Enterprise Manager utility.
Where clients grant remote access to CCD’s support team, CCD will perform the version update into the testing and production environments at no additional cost.
|
|
Is AEMS adaptable to emerging hardware and software standards?
|
Our system will continue to run without any problems using Internet Explorer compatible browsers and any version of SQL Server after version 2000.
CCD Systems is a Microsoft Partner and will continue to ensure that AEMS runs on the Microsoft platform. We maintain AEMS on various versions of operating systems today.
Layered products such as IIS and SQL Server also undergo compatibility checks as new versions are released. If compatibility issues were to be discovered, supported clients would receive immediate notification.
|
|
Describe how AEMS can be configured to allow movement of components with minimal configuration changes.
|
AEMS runs as a web service, and is fully configurable within IIS. The Administration utility is accessed using desktop shortcuts, which are easily modified to redirect to new locations. Other utilities that are shipped with the suite are similarly modifiable to adjust to relocation.
Changing the database location simply requires a field update in the Setup utility to provide a new Connection String. Likewise when the Email or Active Directory Servers are re-assigned.
Hardware, directories and file structures can all be re-assigned with minimal to no impact on AEMS.
|
|
Does AEMS have special printing requirements? (Impact versus laser, labels, etc)
|
AEMS has no special printing requirements. All printing options are configurable within the software, to accomodate printing devices available.
Prior to printing reports the workstation’s Print Dialog box is displayed in order to facilitate selecting a printer or set printing options.
|
|
Does the application require a dedicated server(s)?
|
The servers may be shared with other processes requiring server resources.
AEMS requires IIS and SQL Server. These may be hosted on single server, or may be on separate servers. For security reasons, we strongly recommend running 2 separate servers networked to allow Web access to the database.
|
|
Provide the minimum server requirements.
|
Each server should have a 1 GHz minimum CPU, 40 GB minimum disk space, 2 MB minimum memory, 100 Ethernet capability and a dedicated UPS.
|
|
Provide the minimum workstation requirements.
|
Windows 2000 minimum / XP preferred – workstation must be able to run Internet Explorer 5.5 or later. The amount of memory, speed of the CPU and network bandwidth will only affect the user-response time not the functionality of the product.
More information on the Technical Specifications of AEMS can be found elsewhere in this proposal.
|
|
How do the following affect system response time: number of real time interfaces, number of workstations, number of concurrent users, etc?
|
Performance of all Web-site is determined by a host of factors:
Configuration of the IIS and Database Servers are the primary consideration. All servers should have sufficient disk space and memory to carry out their required tasks. Processing speed and the number of simultaneous users will also affect the User response speed.
Implementing a system in accordance with CCD’s minimum hardware specifications (found elsewhere in this proposal) will support 25-50 concurrent users.
Real-time interfaces to Employee, Patient and formulary databases will also vary based on the connecting systems response. Typically, connections to 3rd-party systems (with the exception of HL7) will return results in less than 1 second –with no impact on other users. HL7 is somewhat slower due to the 2-step hand-shaking that is required to obtain data. Typical HL7 responses range from 2 to 6 seconds to view results. Dedicated HL7 interchange systems should improve this performance.
|
|
What components of the application are required on each tier (e.g. client, network, file server, licensing)?
|
AEMS requires no manual installation of components on the client (any required components, such as the CrystalReports Viewer, are deployed by IIS as needed).
Server applications include:
· The SQL database - hosted on the database tier
· Web pages, which need to be hosted from the Web server tier
· The Setup utility may be hosted on any server (database, IIS or other) that can connect to the database server over a network connection.
· The AEMS Notification Utility may be hosted on any server (database, IIS or other) that can connect to the database server over a network connection.
These applications may be run on one or more servers, so long as the above noted dependencies are met.
|
|
Does AEMS support data storage on a Storage Area Network (SAN)?
|
SQL Server 2000 includes support for System Area Network (SAN) protocols built using the Giganet Virtual Interface Architecture (VIA) SAN (or compatible) implementation.
|
|
Does AEMS support 24/ 7 operations? Describe.
|
Theoretically, AEMS will operate in a 24X365 environment; however the necessity to require re-boots after applying Microsoft updates does mean that the practicality of 100% uptime is remote.
Updates can be applied to AEMS without having to reboot any servers, however to prevent confusion to Users, managing Events should be prevented during the AEMS updates. Given the simplicity of AEMS updates, the typical amount of time required is less than 30 minutes.
|
|
Describe the additional hardware requirements for the testing and training environment(s).
|
Installation of the AEMS application includes a Testing and Production environment.
This includes separate databases, separate Web page folders and individual Email Notification services for each environment.
No additional hardware is required for these separate environments.
|
|
Does AEMS comply with legislated protection of employee and patient personal information?
|
Following the successful entry of a logon name and password, the user is presented with all menus that correspond to their assigned permissions. Access to information is based on the user’s role along with their rights. Roles give users the ability to perform menu tasks while Rights give users permissions to view, edit and administer specific events. Rights are assigned based on facility, department, event category, phase, confidentiality and severity.
Auditing can be enabled to record all User activity.
|
|
Does AEMS have the ability to electronically record and keep an electronic record of every successful or unsuccessful attempt to gain access to personal health information maintained in electronic form?
|
Complete audit trails are maintained to support privacy protection and data integrity by recording all actions performed by users. Since Users are not presented with menu options that they are not authorized to perform, recording failed attempts is not required.
Failed login attempts are recorded and the Users receive an alert notifying them of any incorrect logon attempts.
Database access is made through an encrypted connection string that is not tied to any individual User accounts.
Audit logs are protected at the database level. No database users have permission to edit or delete records in these tables.
|
|
Does AEMS electronically record and keep an audit trail of every addition to, deletion of, modification or transmission of personal health information?
|
When enabled, all user activity is logged, including when they logged on and what menu selections were performed. Details about who saw or edited each event are also stored and can be reported on using one of several audit reports.
In order to conform to HIPAA legislation in the USA, AEMS also tracks which Users saw personal information about patients participating in the event –collecting the specific patient demographic information that was viewed or edited.
AEMS also tracks changes made to previously entered incident data by saving a snapshot of the old data into an audit log where privileged users can analyze it.
|
|
Does AEMS provide the ability to regularly review the electronic records to detect any security breaches?
|
CCD provides a number of security related reports that can be reviewed by users with sufficient access rights. We understand that protecting Patient & Employee data is paramount and that different facilities may require additional reporting capabilities in this area.
|
|
Does AEMS use Active Directory Authentication?
|
AEMS Users may be authenticated using Microsoft’s Active Directory (AD) Service.
All users must be preloaded into AEMS, including the assignment of their roles and permissions.
When the user is authenticated using their Windows AD account, AEMS matches their AD Logon ID to an account in AEMS in order to obtain their AEMS permissions.
|
|
Does AEMS allow access by non-AD domain users?
|
The user authentication interface can be selected at the time of login, so non- Active Directory users can authenticate directly against the AEMS database, bypassing the need to be registered with AD.
|
|
Does AEMS permit each user to be uniquely identified?
|
Each user is given a unique user ID and password, which must be guarded to prevent against misuse. Users registered with Active Directory (AD) will need to have matching records preloaded within AEMS, but non-AD users can still be granted user accounts and access rights as determined by their need.
|
|
Does AEMS support granular security down to options within menus/fields (view, edit, delete, create)?
|
The User’s assigned role determines which menu choices will be presented to them.
All tasks within AEMS are assignable allowing only key staff to have certain buttons displayed.
The ability to View, Edit or Administer an Event is assigned as their “Rights”. Rights are based on the type of Event, where it occurred, the severity, confidential status and what phase the Event is in.
The field content displayed on the Web page is determined by the phase of the Event. All Event information can be enabled or removed for each phase. If a User is given permission to View or Edit an event in the current phase, then they will have access to all fields displayed on that page.
|
|
Does AEMS allow user access that is defined though user profiles using groups and roles to determine menu/field availability?
|
Access to information is based on the User’s Role along with their Access Rights.
Roles give users the ability to perform menu tasks while Rights give users permissions to view, edit and administer specific events. Roles are easily assigned to Users, and any User can have more than one Role assigned to them. Rights are easily copied between users.
|
|
Does AEMS provide for the ‘lock out’ of the user after X unsuccessful attempts at entering the application?
|
Each unsuccessful login is recorded to the audit trail, and a failed attempt limit can be set to lock out the account after the limit has been exceeded, at which time an administrator is required to remove the lock on the account.
If a user successfully logs in before the failed attempt limit is reached, the user is informed of the number of previous failed attempts.
|
|
Can AEMS’ level security assignments be performed on-site by the client?
|
Security assignments are defined by the Roles and Rights that are assigned to each user. Both Roles and Rights are fully definable by the end-user.
Roles determine which options are accessible by the user (limited to the options the client has installed), and Rights determine which events the user can access (set by Facility, Department, Category, Phase, Severity, and Confidentiality of each event).
|
|
Is AEMS browser-based SSL with a minimum of 128-bit encryption?
|
AEMS is compatible with 128-bit SSL encryption.
|
|
Does AEMS have the ability to deactivate a user ID without deleting the information entered by that user ID?
|
AEMS can lock out a user by setting an account expiry date, by clearing the User Active flag, or by deleting the user, which still retains most of the user information for easy recovery at a later time or in the case of a mistake.
|
|
Does AEMS automatically deactivate the user ID with preset expiry date?
|
An Expiry date can be set on any user’s account. Further access to that account after the expiry date is not allowed.
The Expiry Date can only be updated by the AEMS Administrator.
|
|
Does AEMS have the ability to provide data access based on user access to the facility level?
|
Security assignments are defined by the Roles and Rights that are assigned to each user. Rights determine which events the user can access (set by Facility, Department, Category, Phase, Severity, and Confidentiality of each event). These rights can be restricted to allow access to a specific facility, child-facilities within a facility, or all facilities, and also to a specific department, child-departments within a department, or all departments.
|
|
Does AEMS support enhanced password protection?
|
|
|
Does AEMS allow the user to change their password at any time?
|
Users can change their passwords from the “User Maintenance” menu on the Web page.
Users reset their password by providing their existing password and providing a new password, with a confirmation. The new password must meet requirements as set by the system administrator. The system administrator can also set a new password for the user.
|
|
Does AEMS allow the user to have more than one session active at any time?
|
Multiple sessions are allowed with some limitations. Only 1 Event can be created or edited at a time. (Multiple Events can be viewed)
The system ensures that all data saved is applied to the correct Event. Users will receive a message if they begin editing a second Event.
|
|
Can the user log off without closing the application?
|
Users can log out and return to the AEMS login screen to wait for a new user. No sensitive information is accessible without logging in, although anonymous reports (if configured to allow this) can be created without user authentication.
|
|
Does AEMS support proximity detection? Biometrics?
|
Advanced user authentication methods such as proximity detection and biometrics are not supported when logging into AEMS.
Third-party biometric hardware can be added to the workstation to authenticate the User during the initial logon to the operation system.
|
|
Describe the backup/recovery/disaster options available
|
SQL Server ships with an Enterprise Manager and an agent that co-ordinates the routine maintenance and backups of AEMS. Once the job is created, it runs with minimal user involvement. CCD will create the required backup processes as part of the implementation. Once the database has been exported using the above automated process, any industry-standard backup software solution will safeguard the data against loss. Backup software required will be determined by the client and supported by the client.
AEMS uses industry-standard recovery techniques. Recovery involves replacing the backup files from the backup device to the web folder, the program folder and the database folder. The Enterprise Manager is then used to restore the database image, and then the transaction logs need to be restored.
|
|
How is database maintenance/configuration performed?
|
CCD will configure the database during the product installation. Ongoing changes after installation should be minimal. Clients may contact CCD’s Help Desk if modifications are required.
Post-installation configuration is very easy & straight forward by using the AEMS Configuration Utility (intended for use by a select number of trained users).
|
|
Does CCD provide end-user application “How to” assistance? Is toll-free telephone support available?
|
AEMS ships with individual Web pages that provide field-level user help.
An online User’s Guide is also available to all users. Additional How-to help can be easily created by the client and linked with the application.
Calls may be logged with CCD during normal business hours using our toll free number – 1 800 862-9939. Extended support is also available for contacting CCD after hours.
|
|
How is AEMS licensed?
|
AEMS is licensed on a “per facility, per module” basis. A license key is generated that provides a fixed number of facilities access to a set of functionality within a deployed module, and the client determines which facilities are actually licensed. Volume pricing is available for multiple-facility regions.
Any number of users can be added to AEMS.
|
|
Describe how AEMS will alert appropriate staff of events and provide historical as well as real time performance statistics.
|
Errors detected within the Administration Utility optionally generate an e-mail which can be sent to CCD Support staff and/or your technical staff.
The AEMS Notification Service (used to send out email messages) will also monitor for database connection errors and send alerts to system administrators if any discrepancy is noted.
Industry standard monitoring tools can be used while AEMS is running in order to alert technical staff of potential problems. (i.e. Microsoft’s Performance Monitoring Utility)
|
|
Do upgrades to the application affect customization made by the user such as institution-defined values?
|
All upgrades to the AEMS system are deployed in a manner that requires no additional action on the part of the client to maintain the current configuration, unless it is absolutely unavoidable to do so.
Data entered into AEMS is not altered during updates. All new functionality is disabled by default and action must be taken by the administrator to utilize the new functionality.
|
|
Does CCD ensure that customized functionality is preserved and adapted?
|
Changes to the processing of the system are often shipped with an option that must be enabled to cause the new processing to come into effect. In the rare case that an upgrade to the system requires modifications to user-defined questions or table entries, as much advance notice as possible will be given to the client, and SQL scripts or resources will be available to implement the change.
|
|
Do AEMS upgrades consist of easy client and server procedures?
|
Updating involves ‘drag & drop’ file transfer along with running SQL scripts using the SQL Server Enterprise Manager utility.
Where clients grant remote access to CCD’s support team, CCD will perform the version update into the testing and production environments at no additional cost.
|
|
Is there any downtime associated with system upgrades?
|
AEMS requires minimal downtime which only occurs when updates are applied. This process usually does not exceed a period of 30 minutes every 4 months.
|