Network

The Network Services provides and supports secure network infrastructure services into, out of, and within HCQIS processing environments.

We take pride in our ability to help troubleshoot issues that go beyond network or data. With a deep understanding of our ADO partners, the AWS environment and how it is a built, we are able to dig deep and find issues that elude others. 

Network Services supports the following:

• Telecom – Management of telecommunications circuits and services used to service HCQIS WAN, and fax needs.
• Internet Connectivity – Management of the AWS Internet edge network devices.
  • Manages external access to QualityNet applications and data.
  • Provides select HCQIS applications and users access to authorized Internet resources.
• WAN Connectivity – Management of WAN interconnections supporting connectivity between CMS and outside organizations.
  • PIP – This is the HCQIS WAN which provides connectivity between HCQIS and CDAC, and between HCQIS and the CMS Baltimore Data Center (BDC).
  • CMSNet – The CMSNet network connects healthcare providers and others to HCQIS for data submission and other needs.
• Virtual Private Network (VPN) Connections
  • Point-to-Point VPN for secure connectivity between HCQIS environments and cloud service providers (CSP) or software as a service providers (SaaS).
  • Remote Access VPN infrastructure to support secure connectivity for authorized users to HCQIS.  Note:  The HIDS End User Access team manages access for ADO users via Zscaler.
• Network Routing
  • IP Address Management – Assignment and recovery of address space within HCQIS environments.
  • Traffic Routing – Management of traffic routing within HCQIS; e.g., between VPCs; and between HCQIS and external resources; e.g., Internet, CMSNet.
• Network Security
  • Security perimeter infrastructure is deployed by the Network team. This infrastructure permits or denies traffic at the HCQIS perimeter based on HIDS security policies. Inbound and outbound traffic crossing the HCQIS boundary is presented to HCQIS security systems for inspection, treatment, and logging.
  • Security policies on perimeter, inline security devices, VPC security groups and other infrastructure is owned and managed by the HIDS Security Engineering team.
• AWS – Facilitates establishment and maintenance of security groups and access control lists within HCQIS Cloud.
  • ADOs do have self-managed security groups that fall outside the purview of HIDS network and security teams but are not replacements for HIDS managed security groups.
• Presentation Zone Services
  • Proxy - Full proxy, from basic load balancing to complex traffic management decisions based on client, server, or application status.
  • SSL Offloading and Acceleration – Termination of SSL to improve performance of web frontends.
  • Performance Optimization – Real-time protocol and traffic management decisions based on application and server conditions, and extensive connection management to increase speed and reliability of applications.