Get documents about "DOH EPHTN IMPLEMENTATION CERTIFICATION
Shared by: HC12100103282
-
Stats
- views:
- 0
- posted:
- 9/30/2012
- language:
- Unknown
- pages:
- 6
Document Sample
Implementation
Request for Certification and Release of Funds Form
ALL CERTIFIED PROJECTS MUST FOLLOW NM STATE POLICIES AND PROCUREMENT CODE
PROJECT NAME Environmental Public Health Tracking Network
PROJECT NUMBER DATE 8/27/08
LEAD AGENCY Department of Health AGENCY CODE 665
OTHER AGENCIES (1) New Mexico Environment PROJECT PHASE Implementation
Department, and (2) Centers for
Disease Control and Prevention
EXECUTIVE SPONSOR Mack Sewell
PROJECT MANAGER John Bacon
AGENCY HEAD Alfredo Vigil, MD
AGENCY CIO/IT LEAD Bob Mayer
PROJECT DESCRIPTION (PROVIDE A BRIEF DESCRIPTION AND PURPOSE FOR THIS PROJECT)
This project is the result of a New Mexico Department of Health (NMDOH) cooperative
agreement with the Centers for Disease Control and Prevention (CDC) to plan an environmental
public health surveillance system for New Mexico capable of geo-coding, analyzing, and reporting
both health and environmental data.
Linking environmental and public health systems is currently very complex and time-consuming
due to a lack of coordination, communication, and standards. The Environmental Public Health
Tracking (EPHT) Program has been established to address the issues of environmental public
health tracking. The Environmental Public Health Tracking Network (EPHTN) will make data and
tools available to support the EPHT Program and other public health and environmental health
programs. It will be a distributed, secure, web-based network that will provide access to
environmental and health data that are collected by a wide variety of sources.
The primary feature of the EPHTN is its capability to provide access to a variety of widely
dispersed environmental and public health data and to support the two-way exchange of data
between partners. Various levels of access will be provided to users depending on their role and
purpose. Another feature is its capability to enable the systematic linking of health effects,
exposures, and/or hazard datasets on an ad-hoc or ongoing basis, depending on the user’s data
access rights. The Network will also provide a toolset for data analysis, visualization, reporting,
and monitoring and will provide the necessary security and protection to sensitive or critical data
and systems.
Prior to the initiation of this project, a prototype of a New Mexico EPHT System had been
completed. As an extension of the previous design and modeling effort, work has continued to
enhance the software and migrate it to a production EPHT environment. Now, we are ready to
implement the system by interfacing it with four disparate sets of data: (1) myocardial
infarction hospitalizations (secure); (2) myocardial infarction hospitalizations (public); (3)
drinking water (water); and (4) asthma. Development of deliverables for both the preceding
front-end work and the work set forth by this request is funded by a grant from the CDC.
This is a controlled document, refer to the document control index for the latest revision
Revision: 2/14/08 Page 1
Implementation
Request for Certification and Release of Funds Form
ALL CERTIFIED PROJECTS MUST FOLLOW NM STATE POLICIES AND PROCUREMENT CODE
Planned Start Date September 1, 2006 Planned End Date September 30, 2008
Amount Requested this Certification $55,500
Amount Previously Certified $275,400
Remaining Appropriation not Certified $0
Total Appropriated Amount (include any new funds) $330,900
CERTIFICATION HISTORY (INCLUDE ANY PREVIOUS PROJECT OR PHASE CERTIFICATIONS)
Date Amount Funding Source(s) (use specific citations to laws, grants, etc.)
8/14/2006 $275,400 National Centers for Disease Control and Prevention Grant –
National Environmental Public Health Tracking Program
(CDC Cooperative Agreement # 1 U38 EH000183-01)
4/23/2008 $0 Not applicable
PROPOSED CERTIFICATION SCHEDULE FOR CURRENT FISCAL YEAR (AGENCY TO COMPLETE FOR ALL
PHASES)
Phases Amount Major Deliverable(s) / Performance Due Dates
Requested Measure(s)
Initiation $275,400 Project Charter, Project Management Plan April 2008
(FY07): (PMP), System Requirements & Specifications
Planning: 0 Project Schedule, IV&V Report, Updated PMP, May 2008
Training, Production EPHT, Hosting
Environment, Negotiated Independent
Verification and Validation (IV&V) Contract
Implementation 55,500 Public Access to four Provider Data sets, IV&V August 2008
(FY09): Report
Closeout: 0 DoIT Closeout Report, Lessons Learned, Final October 2008
IV&V Report
Total $330,900
APPROPRIATION HISTORY (INCLUDE ALL FUNDING SOURCES, E.G. FEDERAL, STATE, COUNTY, MUNICIPAL LAWS OR GRANTS)
Fiscal Year Amount Funding Source(s)
FY07 $275,400 National Centers for Disease Control and Prevention Grant –
National Environmental Public Health Tracking Program
(CDC Cooperative Agreement # 1 U38 EH000183-01)
FY08 $55,500 National Centers for Disease Control and Prevention Grant –
National Environmental Public Health Tracking Program
This is a controlled document, refer to the document control index for the latest revision
Revision: 2/14/08 Page 2
Implementation
Request for Certification and Release of Funds Form
ALL CERTIFIED PROJECTS MUST FOLLOW NM STATE POLICIES AND PROCUREMENT CODE
APPROPRIATION HISTORY (INCLUDE ALL FUNDING SOURCES, E.G. FEDERAL, STATE, COUNTY, MUNICIPAL LAWS OR GRANTS)
Fiscal Year Amount Funding Source(s)
(CDC Cooperative Agreement # 1 U38 EH000183-01)
Total $330,900
BUDGET
Description FY07 & Prior FY08 FY09 FY10 FY11
Staff - Project $0 $13,000 $13,000
Internal Management
Consulting Technical $111,060 $136,972 $54,868
Services services,
project
management,
& IV&V
services
Hardware Servers -0- -0- -0-
Software Windows -0- $2,000 -0-
Server
TOTAL $111,060 $151,972 $67,868
TOTAL PROJECT $330,900
IT SYSTEM ANALYSIS
This system will be hosted at the University of New Mexico (UNM) Earth Data Analysis Center
(EDAC). Access to the public will be provided via web technology. There are no plans at this time to
host the system on the State infrastructure. Therefore, there will be no impact on the Enterprise/
Department of Information Technology (DoIT) infrastructure.
This is a controlled document, refer to the document control index for the latest revision
Revision: 2/14/08 Page 3
Implementation
Request for Certification and Release of Funds Form
ALL CERTIFIED PROJECTS MUST FOLLOW NM STATE POLICIES AND PROCUREMENT CODE
Level I Level II Level III
Future Enhancements
Users
National
Internet/Intranet EPHTN
UNM - EDAC
RGIS
New Mexico
EPHT
“Water”
Data Providers Others Future Data Sources
SERVICES: “Cancer” “Asthma”
Registration
Discovery “MI”
Retrieval
Extraction
Delivery
Broker?
INTERFACES:
CACHE:
BUSINESS CONTINUITY STRATEGY
o Emergency and Disaster Management:
The Earth Data Analysis Center has based its server enclosure systems upon wheeled 43U racks
for removal to an off-site location if necessary. Integrated into each computing rack is power
distribution and network connectivity capacity sufficient to provide connectivity and power to
each rack's servers at a new location, given network connectivity and power availability. An IT
support person is on-site or available in the local area 24-7 to provide necessary system shutdown
and management in the event of an emergency. Conditioned power and battery backup is provided
to all critical servers, and in the event of an emergency, best efforts are made to smoothly shut
down all systems. The server room in which the servers are housed is continuously monitored for
temperature, and any exceedences result in email and text message notification to key EDAC staff
and EDAC's on- site IT contractor.
o Business Resumption:
Both operational servers hosted by EDAC for the EPHT project will be virtual machines that may
be rapidly deployed onto new hardware platforms with minimal reconfiguration. These virtual
machines will be regularly backed up to tape, with the backups stored off-site for recovery from
loss of the physical systems hosting the virtual machines. The use of host virtualization will
provide maximum flexibility in the resumption of operations in the event of a forced relocation of
EDAC's hosting services in the event of an emergency or disaster.
SECURITY STRATEGY (APPLICATION AND DATA SECURITY PROCESS, PLAN, OR STANDARD)
The implemented security strategy consists of two components, physical security for the room in which
the servers are housed, and application and data security implemented through a variety of software
means. In reference to physical security, the room in which the servers are housed is locked at all
times, and alarmed outside of regular EDAC business hours. UNM Police respond to any alarm
This is a controlled document, refer to the document control index for the latest revision
Revision: 2/14/08 Page 4
Implementation
Request for Certification and Release of Funds Form
ALL CERTIFIED PROJECTS MUST FOLLOW NM STATE POLICIES AND PROCUREMENT CODE
SECURITY STRATEGY (APPLICATION AND DATA SECURITY PROCESS, PLAN, OR STANDARD)
condition. The only personnel that have keys to the server room are regular EDAC staff and the IT
Contractor that EDAC has hired to maintain EDAC's systems. All physical interaction with the systems
housed in the server room must be performed from within the room.
Application and data security are maintained through standard methods appropriate for different
components of the implemented system. Interaction with the servers from remote workstations
(firewall limited to those systems physically within EDAC's building) is accomplished via Windows
Remote Desktop, with all connections authenticated against the local set of users and groups on the
host servers. Command-line interactions with the linux-based data provider servers hosted by EDAC
are accomplished through Secure Shell (SSH) connections, while file transfers are performed through
similarly encrypted Service Control Point and SSH file transfer protocol, a network protocol
connection. Database connections are maintained through authenticated requests to local databases on
the application server and through Simple Object Access Protocol (SOAP) requests to remote data
providers, with those remote data providers maintaining their own security protocols for protecting
their systems from unauthorized access. The data providers that EDAC will host will use authenticated
database connections for interaction with local databases. All incoming requests to the application
server are checked against the authentication service running on the application server, with
unauthorized requests generating an error code and being returned as the only output. All
authentications include both user and role- based components, with access to functions and specific
data limited by role. Network security is provided through a Gigabyte (GB)-speed hardware firewall
maintained by UNM, with EDAC Information Technology (IT) staff having administrative access to
the firewall for configuration of access rules. All EPHT servers are housed in EDAC's designated De-
Militarized Zone (DMZ), with requests originating outside the firewall only being allowed for
Transmission Control Protocol Port 80 (TCP Port 80) to the operational EPHT web server. Attempted
connections from outside EDAC's firewall to the operational application server will be dropped.
INDEPENDENT VERIFICATION & VALIDATION (INCLUDE STATUS OF IV & V PROCESS)
The IV&V contract has been negotiated with a State Price Agreement vendor. The first report will be
submitted for review and approval simultaneously with the Certification Request. Services to be
provided by the vendor include:
1. IV&V Project Management Plan
2. IV&V Initial Review
3. Periodic Review
4. IV&V System Review – Requirements versus Delivered
This is a controlled document, refer to the document control index for the latest revision
Revision: 2/14/08 Page 5
Implementation
Request for Certification and Release of Funds Form
ALL CERTIFIED PROJECTS MUST FOLLOW NM STATE POLICIES AND PROCUREMENT CODE
SIGNIFICANT RISKS AND MITIGATION STRATEGY
Risk 1: Procurement hindered by State process.
Mitigation 1: Track contracts and purchase documents.
Risk 2: Inadequate support from data providers.
Mitigation 2: Transfer technical tasks from data providers to EDAC.
RECORD RETENTION POLICY (DESCRIBE THE AGENCY’S RECORDS RETENTION REQUIREMENTS FOR THIS PROJECT)
The system provides data sets for access by public users. The data sets are aggregated from other
production data maintained by data providers. Record retention policies do not apply to this
system.
MAINTENANCE STRATEGY (DESCRIBE HOW THE AGENCY PLANS TO MAINTAIN THIS PROJECT AFTER DEPLOYMENT)
The EPHTN will be maintained by EDAC after the initial deployment.
INTEROPERABILITY (DESCRIBE HOW THIS PROJECT INTERFACES WITH EXISTING SYSTEMS/APPLICATIONS WITHIN THE AGENCY)
There is no interoperability with existing systems/applications within DOH.
This is a controlled document, refer to the document control index for the latest revision
Revision: 2/14/08 Page 6
