Project Plan Hillcrest Day Treatment Project Plan Hillcrest Day Treatment Network Consulting Services by: Blake Fell Kevin George Amirhossein Moussavinejad Rommel Pitel Faculty Advisor: Chuck Bane Confidential and Proprietary Information This document contains information that is proprietary to Hillcrest Day Treatment. Transmittal, receipt, or possession of this document does not express license, or imply rights to use, sell, design, manufacture, or to have manufactured, any product, concept, or service from this information. No reproduction, publication, or disclosure of this information, in whole or in part, electronic or otherwise, shall be made without prior written authorization of an officer of Hillcrest Day Treatment. Authorized transfer of this document from the custody and control of Hillcrest Day Treatment constitutes a loan for limited purpose(s), and this document must be returned to Hillcrest Day Treatment upon request, and in all events, upon completion of the purpose(s) of the loan. Page 1 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment Document Change Log Prepared By Title Date Version Revisions Modified By Reason Date Version Page 2 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment Table of Contents 1. Introduction ........................................................................................................................................6 2. Project Definition Overview ................................................................................................................7 3. Changes Since Project Definition Was Approved ...............................................................................9 4. Staffing Plan ........................................................................................................................................9 5. High‐Level Schedule ..........................................................................................................................10 6. Deliverables and Milestones .............................................................................................................11 7. Functional Requirements ..................................................................................................................12 8. Technical Requirements....................................................................................................................13 9. Communications Plan .......................................................................................................................14 10. Deployment Plan ...........................................................................................................................14 11. Operations Plan.............................................................................................................................15 12. Training Plan .................................................................................................................................16 13. Risk Management Plan .................................................................................................................17 14. Client Acceptance Criteria .............................................................................................................18 15. Project Pricing ............................................................................................................................... 20 16. Project Plan Approval....................................................................................................................21 Appendix A – Project Team Staffing Chart................................................................................................22 Appendix B – Hillcrest Day Treatment Staffing Chart ...............................................................................23 Appendix C – Functional Requirements Plan............................................................................................24 1. Introduction ......................................................................................................................................28 2. Features ............................................................................................................................................28 3. Performance & Speed .......................................................................................................................30 4. Ease of Use ........................................................................................................................................31 5. Use Cases ..........................................................................................................................................31 5.1. Define Different Types of Users ................................................................................................31 5.2. Use Case Scenario .........................................................................................................................31 6. Usability ............................................................................................................................................32 6.1. User Interface................................................................................................................................32 6.2. Look and Feel ................................................................................................................................33 7. Legal Requirements ..........................................................................................................................33 7.1. Regulatory Requirements, Security & Privacy ..............................................................................33 8. Backup Requirements .......................................................................................................................34 Appendix D – Technical Requirements Plan .............................................................................................35 1. Introduction ......................................................................................................................................39 2. Network Requirements .....................................................................................................................40 2.1. Hardware ..................................................................................................................................40 2.2. Software ....................................................................................................................................48 3. Server Requirements ........................................................................................................................51 3.1. Hardware ..................................................................................................................................51 4. Workstation Requirements ...............................................................................................................51 4.1. Hardware ..................................................................................................................................51 4.2. Software ....................................................................................................................................51 5. Error Logging, Reporting, Monitoring ...............................................................................................52 6. Capacity & Reliability ........................................................................................................................52 7. Security .............................................................................................................................................53 Page 3 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment 7.1. Authentication ..........................................................................................................................53 7.2. Permissions ............................................................................................................................... 53 7.3. Group Policies ...........................................................................................................................53 7.4. Monitoring ................................................................................................................................54 8. Backup Technical Requirements .......................................................................................................54 Appendix E – Deployment Plan.................................................................................................................56 1. Introduction ......................................................................................................................................60 2. Network Deployment........................................................................................................................61 2.1. Network Setup ..........................................................................................................................61 3. Server Deployment ...........................................................................................................................65 3.1. Deployment Steps & Directory Structure .................................................................................65 4. Workstation Deployment......................................................................................................................69 4.1. Directory Structure ........................................................................................................................69 4.2 Deployment Steps...........................................................................................................................69 5. Security .................................................................................................................................................70 6. Roles and Responsibilities.....................................................................................................................71 7. Verification and Test .............................................................................................................................72 8. Acceptance Criteria ............................................................................................................................... 73 9. Project Hand‐Off ...................................................................................................................................74 10. Deployment Schedule of Events and timeline ...................................................................................74 Appendix F – Operations Plan...................................................................................................................76 1. Introduction ......................................................................................................................................80 2. Operations Document .......................................................................................................................80 2.1. Technical Specifications for Hardware and Software Components..........................................80 2.2. Network and System Diagrams .................................................................................................83 2.3. File and Folder Monitoring and Error Logging ..........................................................................84 3. System Administrator Guide .............................................................................................................87 3.1. Network and System Diagrams .................................................................................................87 3.2. Server Installation and Setup Guide .........................................................................................87 3.3. Troubleshooting ........................................................................................................................97 3.4. Backup and Restore Procedures ...............................................................................................98 3.5. Group Policies and Scripts.......................................................................................................104 4. User Guide...........................................................................................................................................106 4.1. Using the NAIDT Network ............................................................................................................106 4.2. Navigating the Start Menu...........................................................................................................107 4.3. How to Use Help ..........................................................................................................................108 4.4. The My Documents Folder...........................................................................................................109 Appendix G – Training Plan .....................................................................................................................110 1. Introduction ........................................................................................................................................114 1.1. General Information ....................................................................................................................114 2. Purpose / Goal ....................................................................................................................................114 3. Objectives........................................................................................................................................115 4. Scope ...............................................................................................................................................115 5. Assumptions ....................................................................................................................................115 6. Training Requirements ....................................................................................................................116 7. Training Strategy .............................................................................................................................117 7.1. Training Resources .......................................................................................................................117 8. Hardware Environment......................................................................................................................134 Page 4 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment 9. Software Environment .......................................................................................................................134 10. Types of Training Manuals Required and Number of Each...............................................................134 11. Course Description (For Each Course Define): ..................................................................................134 11.1. Course Outline ...........................................................................................................................134 11.2. Target Audience .........................................................................................................................135 11.3. Learning Methods and Activities ...............................................................................................136 11.4. Training Environment.................................................................................................................136 12. Roles and Responsibilities................................................................................................................137 13. Training Log.......................................................................................................................................138 Appendix H – Risk Management Plan .....................................................................................................139 1. Introduction ....................................................................................................................................142 2. Risks Identified During Planning Phase ...........................................................................................143 3. The Risk Identification and Evaluation Process ..............................................................................144 4. Prioritization Process ......................................................................................................................147 5. Management of Risks......................................................................................................................149 5.1. Risk Log ...................................................................................................................................149 5.2. Risk Status Reporting ..............................................................................................................150 Appendix I ‐ Project Definition................................................................................................................151 1. Introduction ........................................................................................................................................155 2. Project Name ......................................................................................................................................155 3. Client Name.........................................................................................................................................155 4. Decision Makers..................................................................................................................................155 5. Project Description and Goals.............................................................................................................156 6. Business Case ......................................................................................................................................156 7. Key Business Requirements ................................................................................................................156 8. Project Objectives ............................................................................................................................... 157 9. Benefits ...............................................................................................................................................157 10. Target Audience ................................................................................................................................157 11. The Problem......................................................................................................................................157 12. The Solution ......................................................................................................................................158 13. Project Scope ....................................................................................................................................158 14. Pre‐requisites ....................................................................................................................................159 15. Assumptions......................................................................................................................................159 16. Project Constraints............................................................................................................................159 17. Project Risks ......................................................................................................................................160 18. Time and Costs..................................................................................................................................160 19. Project Organization .........................................................................................................................160 20. Organization Chart ............................................................................................................................160 21. Project Definition Approval...............................................................................................................161 References ..............................................................................................................................................162 Page 5 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment 1. Introduction This document will furnish information on the Hillcrest Day Treatment Network project. The Hillcrest Day Treatment Network project is a Senior Capstone project for National University, ITM 490A and ITM 490B, sponsored by Hillcrest Day Treatment, part of New Alternatives Inc, Hillcrest. The Senior Capstone project is the culmination of the ITM program and is supposed to highlight the knowledge gained through the curriculum. Hillcrest Day Treatment is a residential treatment center specializing in therapeutic services for minors. It is a Non-profit, private organization which receives funding from the County of San Diego. They also belong to a larger non-profit organization called New Alternatives Inc. New Alternatives Inc. provides a variety of social and mental health services with locations that spread across San Diego and Orange County (Health, 2008). Hillcrest Day Treatment offers Psychiatric services, Therapy services, Domestic Violence Safety Plans, Juvenile Forensic Services-Community Mental Health Services (CMHS) and San Diego County Domestic Violence Hotline services at their site. As a residential treatment center for minors, part of their operation involves managing medical records, as well as other records with privileged patient information which fall under the Health Insurance Portability and Accountability Act (HIPAA). In their present operation and configuration, Hillcrest Day Treatment has 24 stand-alone PCs that are not networked together with a mixed environment of operating systems ranging from Windows 2000 Professional to Windows XP Home and Windows XP Professional. The current configuration makes file security difficult to implement and enforce since there is no network and no centralized administration. The effect of the lack of central storage and no file sharing in place is the possible duplication of patient records on users PCs. Effectively, file security is minimal and in some cases non-existent. The lack of file security puts Hillcrest Day Treatment at risk of not being compliant with HIPAA’s rules and regulations. Public Law 104 – 191, August 21, 1996 refers to the Health Insurance Portability and Accountability Act of 1996. The act is supposed to “amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.” (www.hipaa.org). Section 1173(d) of the Health Insurance Portability and Accounting Act of 1996 addresses security standards for health information. It delineates that security standards need to be adopted which take into account the technical capabilities of record systems used to maintain health information; the cost of security measures; the need for training persons who have access to health information; the value of audit trails in computerized record systems; and the needs and capabilities of small health care providers and rural health care providers. Section 1173(d) (2) entitled “Safeguards” stipulates that any person who maintains or transmits health information shall maintain reasonable and appropriate administrative, technical, and physical safeguards. In particular, Section 1173(d)(2) aims to ensure the integrity and confidentiality of the information; to protect against any reasonably anticipated threats or hazards to the security or integrity of the information and unauthorized uses or disclosures of the information and to ensure compliance with the Act. (ww.hipaa.org) Page 6 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment The penalties for failure to comply with HIPAA’s requirements and standards are severe and costly. The general penalty starts with $100 for each violation, but is not to exceed $25,000 during a calendar year for all violations of an identical requirement. Additionally, wrongful disclosure of individually identifiable health information carries an even heavier penalty. According to Section 1177, any person who knowingly violates the act and discloses individually identifiable health information to another person can be punished by being fined for up to $50,000, imprisoned for one (1) year or both. It further goes on to state that if the offense is committed under false pretenses, the individual can be fined up to $100,000, imprisoned for five (5) years or both. Even worse penalties can be imposed for more serious breaches of the act. Section 1177(b)(3) goes onto state that if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, the fine can be up to $250,000, imprisonment for up to ten (10) years or both. (www.hipaa.org) HIPAA has strict regulations for the handling of patient information and patient records. HIPAA’s rules can be broken down into two broad categories: privacy and security. Both regulations for privacy and security have similar requirements, which can be appropriately condensed and listed as follows: i. Identify possible threats ii. Access specific vulnerabilities iii. Determine appropriate and possible safeguards iv. Implement the necessary defense mechanisms and policies The instructions and guidelines set forth by HIPAA are voluminous, but with regards to the security of electronic medical records, it can be further broken down to four other areas: a) Physical security – can your computers with patient information be stolen? b) User security – can unauthorized persons login to patient records? c) System security – what happens when a hard drive crashes? d) Network security – can unauthenticated users outside the facility access patient data? The Hillcrest Day Treatment Network project will propose a solution to implement a network of computers for Hillcrest Day Treatment. This network will allow Internet access on all PC’s; provide file and resource sharing, and the ability to implement various levels of security. Part of the aim of implementing various levels of security is to ensure that Hillcrest Day Treatment maintains compliance with HIPAA regulations. Along with the implementation of this network, there are many benefits that will help the organization in the future. These benefits include, but are not limited to, the implementation of collaboration software, which will help provide better tools for the organization’s collaborative efforts. The use of Microsoft Exchange and Microsoft SharePoint services will be the primary collaborative tools suggested for Hillcrest Day Treatment. The use of Microsoft Exchange as the primary email medium is also a method of providing an audit trail and record keeping, which is in keeping with HIPAA’s regulations as well. 2. Project Definition Overview The Hillcrest Day Treatment Network is a proposed solution being offered to Hillcrest Day Treatment in response to their technical requirements. The project aims to provide Internet access on all PCs, enable the facility to share files over the network as well as enable security Page 7 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment to protect access to files in keeping with HIPAA regulations. Additionally, the Hillcrest Day Treatment Network project will provide the facility to backup files, store files and increase internal communication and collaboration. As a Non-Profit organization, Hillcrest Day Treatment does not operate with the intent of maximizing revenues. They are currently funded by the County of San Diego and as such receive only enough money to cover their base operating expenses. Unlike most organizations, Hillcrest Day Treatment does not have sections of its budget apportioned for IT projects, network upgrades or user applications. Many of their current PCs are either refurbished systems or systems that have been donated by the County of San Diego. Armed with this information, one of the requirements for the Hillcrest Day Treatment project was to find a functional, yet lowest-cost solution. Currently there is no network in place to allow computers to communicate with each other. There is no security in the form of network authentication and electronic file security is minimal and in some cases non-existent. Additionally, Internet connectivity is limited to two (2) PCs via two separate DSL lines; users are unable to share files with each other and there is no electronic mechanism for internal communication. In its current configuration, there are twenty-four (24) stand-alone PCs which make file security difficult to implement since there is no network or centralized network management to enforce group policies. In its present structure, Hillcrest Day Treatment is not fully compliant with HIPAA’s regulations for the security of Electronic Medical Records. In the future, the County of San Diego Health and Human Services dept, plans on implementing a County Wide MIS program named “ANASAZY.” ANASAZY requires case workers to enter all information regarding patients to an online database. Although Internet access is not a critical component of Hillcrest’s current operation, in the near future it will become a more integral part of their practice. As a result, Internet access is critical for case workers and clinicians. The proposed solution from Team FGMP is a transition from the current stand-alone environment in Hillcrest Day Treatment, to a networked, client/server environment. The networked environment, above all, will provide Hillcrest Day Treatment with the level of electronic security that is currently lacking. Additionally, the design on the network will enable centralized administration and centralized network management. One of the benefits of this type of client/server architecture is the enforcement and standardization of group policies, which provide another layer of electronic security. Furthermore, the networked, client/server environment will enable file and resource sharing and limit any file duplication (which is not only a waste of resources, but can lead to inaccurate information being disseminated). Employing a network in Hillcrest Day Treatment will also address the fundamental need for Internet access, which will further facilitate a future process when the County Wide MIS program called ANASAZY comes online. One of the resources that will be shared through the network is Internet access and by providing all users with this resource, it will enable Hillcrest Day Treatment to utilize the online database when the County implements it. The following diagram shows the proposed layout of the network. Page 8 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment Image 1- Hillcrest Network Design 3. Changes Since Project Definition Was Approved None 4. Staffing Plan The Hillcrest Day Treatment Network project team consists of the following four members: Blake Fell, Kevin George, Amir Moussavinejad and Rommel Pitel. Appendix A depicts the staffing plan for the Hillcrest Day Treatment project team (Team FGMP). Appendix B depicts the staffing structure for Hillcrest Day Treatment Center. Each staff member of Hillcrest Day Treatment is regarded as an end-user and will be impacted by the project and its outcome. Each member of Team FGMP is responsible for key areas of the project. Blake Fell (Subject Matter Expert, Asst. Project Manager) – Configuration & Interoperability. Configuration and Interoperability focuses on areas such as Active Directory setup, Email, Collaboration Software and Network structure/setup. This phase of the project is effectively similar to putting together the pieces of a puzzle. The various elements of the project, both hardware and software, are integrated and tested to make sure that they are interoperable. If they are found to be incompatible and not interoperable, then another solution has to be found. Once the software and hardware solutions are fully interoperable, they need to be properly configured to provide the services they were intended for. Also as the Asst. Project Manager, Blake is responsible for helping to keep the project on track and all members on task. Page 9 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment Kevin George (Subject Matter Expert, Project Manager) – Software Solutions. The software aspect of the project is responsible for finding software that will fulfill the needs of Hillcrest Day Treatment. Among the requirements of Hillcrest Day Treatment are better security, which is addressed by the use user IDs, and logins and auditing software. Additionally, the software solutions required in the Hillcrest Day Treatment network project include Server Operating System, Desktop Operating System, User Applications, Security in the form of group policies, auditing and network authentication and backup software. The solution suggested for the Hillcrest Day Treatment is a shift from the stand-alone environment they are currently using, to a client/server based environment. The shift from one environment to the other means different software will be utilized. Additionally, as the Project Manager the overall direction, success or failure and outcome of the project fall under his purview. Amirhossein Moussavinejad (System Engineer) – Hardware. The hardware aspect of the project includes Servers, desktops, racks (for rack mounted servers) network drops, power requirements for the servers and/or the server room. Similar to the software solution, the shift from a stand-alone environment to a client/server based environment has different requirements for hardware. Among the requirements is the addition of a Server or servers. The hardware chosen has to be powerful enough to run the software required by Hillcrest Day Treatment, as well as work well within a networked environment. In the case of Hillcrest Day Treatment, the hardware solution also has to be economical. Rommel Pitel (Systems Engineer) – Infrastructure/Networking. This aspect of the project is particularly important because it focuses on the networked environment that Hillcrest Day Treatment would be implementing. In the case of Hillcrest Day Treatment, because of the limitations placed on wiring the building, a significant portion of their network will be wireless. To this end, Access points, Wireless cards, Cabling, RF Survey/Wireless Survey, are all included in this portion of the project. The infrastructure used in a stand-alone environment is significantly different to the infrastructure needed in a networked environment. As the System Engineer, he is responsible for ensuring the right infrastructure is in place to facilitate a networked environment. 5. High-Level Schedule The Hillcrest Day Treatment Network project will present a comprehensive solution to address the requirements of Hillcrest Day Treatment. The tasks to be completed in order to facilitate this are acceptance of project definition, research, testing, creation of written report and creation of the final presentation. The list below does not define or show the sub-tasks associated with each task. The high-level schedule is intended to provide an upper-level view of the tasks associated with the project and their due dates. The specific tasks are: 1. Project Definition – due January 30th, 2008 2. Project Plan – due February 25th, 2008 3. Functional requirements – due Mar 4th, 2008 4. Technical requirements – due Mar 4th, 2008 5. Deployment Plan – due Mar 8th, 2008 6. Risk Management Plan – due March 12th, 2008 7. Operations Plan – due March 12th, 2008 Page 10 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment 8. Training Plan – due March 15th, 2008 9. Written Report – due March 22nd, 2008 10. Final Presentation – due March 28th, 2008 The schedule below shows the Project team’s timeline for the Hillcrest Day Treatment project. ID Task Name 1 Total Project Length 2 Project Initiation Phase Duration ary 1/6 60 days? 1/13 1/20 2 days 1/18 0 days 1/18 3 Project Start 4 Sponsor/Group Meeting 1 day 5 Project Proposal Greenlight 1 day 1/21 6 Project Initiation Phase complete 0 days 1/21 7 Research & Brainstorming Phase 8 Project Definition Project Plan Functional Requirements 6 days? 11 Technical Requirements 6 days? 12 Deployment Plan 4 days? 13 Risk Management Plan 4 days? 14 Operations Plan 4 days? 15 Training Plan 17 Project Closure Phase 18 19 Final Presentation preparation Final Presentation 2/17 2/24 March 3/2 3/9 3/16 3/23 7 days? 9 Research & Brainstorming Phase com February 2/3 2/10 42 days? 10 16 1/27 19 days? 2 days 0 days 4 days? 4 days? 0 days 20 Project Closure Phase Complete 0 days 21 HDT Project Complete 0 days Figure 1 - Project Team Timeline 6. Deliverables and Milestones Deliverables: The following deliverables will be due at the completion of the Project: 1. Final Project Documentation: Project Definition, Project Plan, Functional Requirements, Technical Requirements, Deployment Plan, Risk Management Plan, Operations Plan and Training Plan. 2. Final Presentation: consists of a Power-point and oral presentation delivered at National University’s Spectrum campus to the Dean of School of Engineering and Technology, Faculty advisor for ITM 490A/B, Hillcrest Day Treatment Network Sponsor and select invited guests. Topics to be included during the presentation are: A. Introduction to Hillcrest Day Treatment case B. The factors that lead to Team FGMP’s suggested solution C. The suggested solution for Hillcrest Day Treatment Page 11 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel 3/22 Project Plan Hillcrest Day Treatment D. Technical specifications of suggested solution E. Deployment and Implementation Milestones: The first milestone is a completed Project Definition due on February 2nd, 2008. The Project Definition will include input from all members of Team FGMP. The completed Project Definition will be turned in via hardcopy by hand and electronically via email to the ITM 490B Faculty advisor. The second milestone is the completed Project Plan due on February 25th, 2008. Similar to the Project Definition, the Project Plan will include input from each member of Team FGMP. The completed Project Plan will be turned in via hardcopy by hand and electronically by email to the ITM 490B Faculty advisor. The last milestone will be the completed Project. This will encompass everything during the duration of the project and will include all documentation to be handed over to the Sponsor. 7. Functional Requirements The Hillcrest Day Treatment network will need to be a fully functional network that will allow users to operate more efficiently and perform their jobs. The Hillcrest Day Treatment network will also be a step towards preparing for the county wide MIS program “ANASAZY”, when it comes online. The functional requirements portion of this project will contain the functionalities of the new network. This will include network features, performance, speed, ease of use, use cases, usability, legal, access and backup requirements. The new network that will be implemented at Hillcrest Day Treatment will need to have certain functionality in order to address their requirements. The county wide MIS program will require them to have Internet access. Hillcrest Day Treatment will need to input patient information to an online database. As a result of this future requirement, Internet access for the users is critical. Another feature of the network includes network storage. This is important requirement due to the nature of their operation. Hillcrest Day Treatment needs to maintain hardcopies of all patient records for a period of seven (7) years, but would like to be able to maintain access to an electronic copy for two (2) years. Providing the facility to share files will also allow them the ability to store, organize, retrieve and access patient records in one place. A third feature of the network will be its security. The creation of a domain will force users to authenticate themselves to the network before any access to network resources is allowed. This includes access to patient information stored on the network. The majority of the network also needs to be wireless. The building is not owned by Hillcrest Day Treatment and cannot be wired. The computers are also dispersed across different buildings and trailers. An adequate wireless signal will need to extend to all PCs on the Hillcrest campus. The new network at Hillcrest Day Treatment will have all these features making it a much more productive environment to work in. The performance of the network must also be taken into consideration. Since the network will be wireless, a strong signal must be available on all the workstations. The signal cannot drop to levels that will disconnect user’s workstations when the weather conditions are unfavorable. Page 12 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment The case workers at Hillcrest Day Treatment need to be able to retrieve documents from the network and in some cases upload them to the Internet. The speed of the network will affect their computing experience. If the time it takes to upload, download or access files is extensively time consuming then productivity can drop to an undesirable level and can become quite frustrating for users. Another aspect that can affect productivity is the ease of use of the network. If the network is not easy to use, there will be a steep learning curve. In general, change is not always easy to adapt to, especially if there are many changes in short period of time. This project will require many changes in a short period of time. If the network and the new job processes are easy for the users, they will adapt and embrace the change making them more productive and shortening the learning curve. The intended users of the network are all the workers at Hillcrest Day Treatment. There are four departments of users. The first and highest up is the Clinical Program Director. The other departments of users are the Mental Health Workers, followed by the Clinicians. The Clinicians are further divided into two groups. There are Lead Clinicians and Program Clinicians. All of these users need to access the Internet and the files stored on the network. The usability of the network will be very similar to what they are using now. They will all be using Windows XP with Microsoft Office 2003. Most of the users should be familiar with these interfaces, but for those that are not, there will be training provided explaining the basics. When dealing with patient and medical records, legality and confidentiality come into play. The network will be storing medical records so HIPAA requirements will definitely have an effect on the security of the network. After implementation, the network will be fully compliant with HIPAA requirements. The last section of the functional requirements is the backup requirements. The second server will have a storage medium attached and will be the server used to run backups from. Backups will be run on a scheduled basis and will back up the servers, files on the network, and emails. This will help protect the organization from any unforeseen mishaps and/or failures. The network that will be implemented in the Hillcrest Day Treatment will have many functions. These functions will increase internal collaboration, which will allow the users to be more productive. In addition, these functions will help make the transition to a client/server environment a more positive one. For further details please reference Appendix C 8. Technical Requirements The Hillcrest Day Treatment Network will, among other things, provide Internet access to caseworkers and clinicians. Additionally, it will also provide a more secure, structured and efficient computing environment. The goal of providing Internet access is to allow case workers and clinicians the ability to enter and retrieve data from a Web-based database supported by The County of San Diego called ANASAZY, when it eventually comes online. Internet access is limited at Hillcrest. Installing wireless adapter cards on the PCs as well as installing access points strategically throughout the building will make network and Internet access available to all the caseworkers. Dynamic Host Configuration Protocol (DHCP) is an Internet protocol that automates computer configuration that use TCP/IP. DHCP is used to automatically assign IP addresses and other tasks such as configuration of printer addresses. The Domain Name System (DNS) is related with domain names so it acts like a phone book for the Internet by translating readable hostnames into computer language. Page 13 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment The two servers chosen for the Hillcrest Day Treatment project will be utilized for file sharing and storage. Windows Small Business Server 2003 R2 Standard Edition will be used as the primary server that will enable case workers to share files. Hillcrest Day Treatment center currently has no networked way of sharing files. As a result of moving from a stand-alone environment to client/server environment caseworkers will have the ability to share files and have access to files and resources. The secondary server, with Windows Server 2003 R2 Standard Edition installed, will be used for storage and backups. The router in the Hillcrest Day Treatment center will act as gate between Hillcrest and the Internet, directing intended traffic to the network while keeping relevant traffic in the network. The router also has a strong firewall which will help filter unwanted data and packets. Hillcrest Day Treatment network will utilize auditing software that will monitor file access attempts for specified files and folders for the purpose of security. Any attempts to access specified files and folders will be monitored and recorded in an attempt to ensure that only authenticated users have access, as well as track which users are attempting to gain access to unauthorized files. For further details please reference Appendix D 9. Communications Plan As with any well planned project, proper communication is essential for the success of the project. Effective communication during the Hillcrest Day Treatment project will be the primary responsibility of the Project Manager. The Project Manager will ensure all team members are accurately briefed and information is openly shared and disseminated among team members. The Project Manager will also ensure that all stakeholders involved in the Hillcrest Day Treatment project are provided timely and accurate updates on the status of the project. Communication with stakeholders and team members can be initiated and conducted via e-mail, phone conversations, informal and formal meetings, direct and Faxes. 10. Deployment Plan In order to complete a successful implementation an effective deployment plan must be drafted and executed. The Hillcrest Day Treatment deployment plan is not only a blue-print for the proposed execution of the network, but it also helps provide a clearer picture of the steps involved in executing and managing the implementation of the network. The deployment phase of the project is one of the last phases before the project is handed-off to the client or, in this case, the Sponsor. The proposed solution for Hillcrest Day Treatment by Team FGMP recommends networking all computers and transitioning from a stand-alone environment to a networked, client/server architecture. This network will provide Internet access on all PC’s, file and resource sharing, and the ability to implement various levels of security. Part of the aim of implementing various levels of security is to ensure that Hillcrest Day Treatment maintains compliance with HIPAA regulations. HIPAA has very stringent guidelines that must be followed. The penalty for not adhering to the guidelines set forth by HIPAA come with very costly fines, imprisonment or both. For example, the general penalty starts with $100 for each violation, but is not to exceed $25,000 during a calendar year for all violations of an identical requirement. Additionally, wrongful disclosure of individually identifiable health information carries an even heavier penalty. Any Page 14 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment person who knowingly violates the act and discloses individually identifiable health information to another person can be punished by being fined for up to $50,000, imprisoned for one (1) year or both. If the offense is committed under false pretenses, the individual can be fined up to $100,000, imprisoned for five (5) years or both. (www.hipaa.org) The Deployment Plan breaks down the tasks and subtasks associated with the implementation of the network, from the deployment of the servers, the setup of the network (both hardware and software), the setup of the workstations and the deployment steps to be followed. A high-level project implementation plan for the Hillcrest Day Treatment Network has been developed and included in the Deployment plan. The following rolled-up schedule shows the anticipated duration of the project as well as some of the major tasks associated with it. ID Task Name Duration 1 Total Project Length 12 days 2 Order equipment & services 4 days 19 Wireless NIC installation Apr 6, '08 Apr 13, '08 Apr 20, '08 Apr 27, '08 May 4, '08 May 11, '08 May S T T S M W F S T T S M W F S T T S M W F S A.Moussavinejad,B.Fell,K.George,R.Pitel 2 days 20 Upgrade desktop OS to WinXP Pro 2 days? 21 Prepare training manuals 2 days? 22 Inventory and Test equipment received 0 days 23 Begin hardware setup 2 days 27 Hardware Setup Complete 0 days 28 Server software installation and configuratio 3 days 36 Server Software installation and configuration c 0 days 37 Testing and verification 2 days 43 Testing and verification complete 0 days 44 User setup 1 day 45 User Rollout 1 day A.Moussavinejad,B.Fell,K.George,R.Pitel B.Fell,K.George 4/14 4/19 4/26 4/30 B.Fell,K.George B.Fell,K.George,A.Moussa 46 User setup and rollout complete 0 days 5/5 47 Project Conclusion 0 days 5/5 Please further details please reference Appendix E. 11. Operations Plan The Hillcrest Day Treatment Operations Plan will provide a basic overview of a few functions of the network. For the purpose of this implementation, the Operations Plan will not be an indepth breakdown of the technical functions and specifications of the equipment used, but it will provide the necessary instructions to assist anyone providing IT support a firm grasp on the operation of the network. The Hillcrest Day Treatment Operations Plan will address user connectivity to include some basic troubleshooting questions to ask and methods to employ to address user connectivity issues. It will advise the reader of steps to follow to help resolve simple connectivity problems. It is not intended to be a technical guide to resolve problems, but rather an operational guide to maintain functionality and keep the users connected. This information is included under the User’s Guide. Page 15 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment The Hillcrest Day Treatment Operations Plan will also include an Administrator’s guide which will list a few administrative steps to be performed on the servers, such as adding users, deleting users, managing accounts and creating group policies. The administrator’s guide is intended to provide a working manual to perform basic tasks to provide users with access to the network. Also included in the Operations Plan is will be a network diagram, which will provide a visual layout of the network. It is anticipated that the network diagram will help when performing troubleshooting, and it will also help with planning and scalability. Simple Backup and recovery procedures will also be covered under the Operations Plan. Windows Small Business Server provides “on the fly” recovery for files saved in the user My Documents folder, but for files outside of the users My Documents folder, data recovery will be performed from the storage media. The Backup and Recovery procedures section of the Operations plan will go into further detail about the type of Backup used and how it works. The Operation Plan will also provide information on network specifications, security and system monitoring, to name a few. For further details please reference Appendix F. 12. Training Plan After the implementation of the network at Hillcrest Day Treatment, the work is not over. Users here have not had internet access, file security, email, or sometimes even a working computer. With the network in place, all the new services will require a new work process. Daily jobs will change requiring more technical input from the users and computers will be a more integral part of the organization. As a result of this, the users will need to be trained in proper and efficient use of the network. The suggested solution for Hillcrest Day Treatment will be a departure from the stand-alone environment to a client/server based environment. The training plan will reflect the change in environment, focusing on authenticated logins, the use of the My Documents folder for file storage and minor Internet training. First, users need to log into the network to gain access to the new resources. Everyone will be assigned a username and generic password. Upon their first login, they will be required to change their password to a password of their choosing, which fits the password requirements for strong passwords. We will have screenshots with a document telling the users precisely how to do this. Once logged in with a personalized password, the users will then need to know how to access, edit and organize patient records. Users will be trained on how to get to their network drive. Once in the network drive, user will be shown the standard for storing patient records. As of this writing, there is no standard way of storing the records on their local computer. After the implementation of the network, there will be an organizational standard in keeping patient information. Next, users will need to know the basics of how to use their email program, Microsoft Outlook. This includes sending and receiving emails as well as calendaring and sharing. Since Outlook is such a robust program that can be used for many things, just the basics will be covered and a document going into more detail will be provided for their reading. Besides the basics of how to use the new network, the more complex and technical documentation will also be provided. This includes documentation on the network and administration. These will include how to create and delete a user, adding and removing permissions on the network, documentation on backups and documentation on using the administration software such as the auditing software. Page 16 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment Without the proper training, the project can quickly take a turn for the worse. Users will have powerful tools to help them with their everyday tasks but will not know how to take full advantage of them. The organization will have proficient technical solutions for everyday business tasks but will not be able to utilize it. This training plan will give the organization as a whole the power to take full advantage of the technology provided to them. For further details please reference Appendix G. 13. Risk Management Plan Many projects are haunted with the risk of failure. The term failure can be used to describe the project if it hits certain criteria. The three main criteria that can cause a project to be deemed as a failure include running behind schedule, over budget and under quality. This usually happens when unforeseen circumstances take place that do not allow the team to complete the project successfully. This is why it is important to plan ahead and to take a look at all the possible risks that can stand in the way of a successful completion. To do this, a good risk management plan can help to better prepare for the things can go wrong (Gorton & McCulloch, 2006, p. 245). In the risk management plan, the first part is to identify the possible risks. This will allow for the recognition of possible setbacks and give ample time to properly prepare in the event the risk takes place. To identify possible risks, the risk identification and evaluation process is used. The first step of this process is to document possible risks along with how they can arise and when and where they can come into play. The second step is to evaluate the risk. Here we take a look at the risk and see how critical it is or how likely it is to happen. With our results, we will move to the next step and analyze the risks to put them in order of priority. This allows the risks to be ranked on how important it is. After the risks are laid out and ranked, the last step is to create a risk action plan. The risk action plan will have actions to take to control or even diminish the risk. After that is done, the risks of this project have been completely identified (Gorton & McCulloch, 2006, p. 254). The second part is to prioritize the risks. Here we will compare the risks to other risks and determine which one is more critical. The term critical will be used as a defining characteristic of a risk that will have a high possibility to make the project unsuccessful. During the prioritization phase, we will break down which risks are most critical and which is less (Gorton & McCulloch, 2006, p. 126). After identifying and prioritizing the risks of the project, we will need to manage them. There will be two parts to this section. The first will be a risk log. This is one of the easier ways to manage risk. This consists of a table with various columns assigned to different attributes of a risk. By listing the risks in this table, it makes them much easier to read and organize. The last part of the management of risks is risk status reporting. This section will have updated status information on the risks identified (Gorton & McCulloch, 2006, p. 127). The final section of the risk management section is the roles and responsibilities. The roles and responsibilities section will have information on who will be in charge of what aspect of any given risk. This will lay out various red flags to look out for each risk. It will also help the team understand what to look out for in what stage of the project. The roles and responsibilities section is vital to help all the team members understand their roles in eliminating risk and will help them play their part in making the project successful (Gorton & McCulloch, 2006, p. 127). The risk management plan is a vital part of the project. It will help to identify, prioritize, manage and eliminate risk. From the risk identification and evaluation process to the roles and Page 17 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment responsibilities, the risk management plan will allow Team FGMP to be prepared for any road blocks that will prevent them from a successful network implementation for Hillcrest Day treatment. For further details please reference Appendix H. 14. Client Acceptance Criteria The Hillcrest Day Treatment Network includes key mandates by the project’s Sponsor that have to be met in order for the project to be acceptable and considered “complete.” The following requirements are: 1) Provide internet access on all PCs – In their current configuration, Hillcrest Day Treatment has two DSL lines that supply Internet access to only two PCs. Any employee of Hillcrest Day Treatment that needs to utilize the Internet has to use of the two PCs, which is neither always possible nor convenient. Additionally, the County of San Diego plans on implementing an online database which will allow facilities like Hillcrest Day Treatment the ability to enter and retrieve patient information online. This effort is a County-wide MIS program referred to as ANASAZY. While Internet access is not mandatory for Hillcrest Day Treatment to operate effectively, once ANASAZY is implemented, Internet access will be a more integral component of Hillcrest’s operations. 2) Ensure Compliance with HIPAA’s regulations – The Health Insurance Portability and Accountability Act stipulate numerous regulations that must be followed when dealing with patient records, both electronic and paper records. There are more specific regulations when dealing with patient information in electronic form. These regulations all aim at protecting patient information and privacy. Patient records are private and need to be secured and protected in accordance with HIPAA’s regulations. Also included in the client’s acceptance criteria, although not deemed to be critical according to the Sponsor are: a) Network security – Hillcrest Day Treatment is currently configured as a stand-alone environment. There are no networked PCs, no shared resources, no file sharing and no central administration. Similar to other stand-alone environments, Hillcrest Day Treatment has no security policies implemented in a standardized manner across the organization. Part of the solution proposed by Team FGMP recommends implementing a client/server architecture, which provides multiple layers of network security for both users and files. b) File security – Currently, file security is the responsibility of the individual user at Hillcrest Day Treatment. Understandably, the level of file security at Hillcrest Day Treatment will be dependent on the user’s level of computer literacy and savvy. Needless to say, this manner of implementing security usually results in minimal and in some cases no file security implemented at all. As stated by the project’s Sponsor, some users have utilized login passwords as a means of protecting both their PC as well as the files that reside on it; unfortunately, many of the other users have not, so unrestricted access to their PC is as simple as booting it up. In an organization that deals with confidential patient records and information, this practice is not only insecure, but is not in keeping with HIPAA’s regulations. c) File backups and storage – The State legislation stipulates that hard copies of patient records are to be maintained onsite for a period of seven years. Hillcrest Day Page 18 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment Treatment adheres to this stipulation but would also like the facility to maintain patient records in electronic form for two years. The change in network structure from a stand-alone environment to client/server architecture will help make this requirement possible. Additionally, the client/server network will allow for centralized storage and file sharing, which will make file backups much simpler to implement. Page 19 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment 15. Project Pricing The following spreadsheet provides a projection of the project pricing for the Hillcrest Day Treatment network. The pricing below is an estimation of the project, excluding the cost of labor and implementation. The total price of the project is subject to change, based on further discounts given to non-profit organizations and the possibility that some services and/or software may be changed. Some of the discounts that would be offered to non-profit organizations could not be effectively factored into the pricing because the prices were subject to change based on availability. Most of the prices used were based on the manufacturer suggested retail price (MSRP) in order to present a more accurate projection of costs. Hillcrest Day Treatment Project Pricing Services Software Hardware Component Quantity Net Cost ($) Total Cost Servers 2 $1,600.00 $3,200.00 Wireless Adapters 21 $71.00 $1,491.00 Wireless Access Point 5 $135.00 $675.00 Wireless Access Point Antennas 5 $135.00 $675.00 Router 1 $215.00 $215.00 Switch 1 $150.00 $150.00 UPS 1 $900.00 $900.00 Rack 1 $600.00 $600.00 Keyboard 1 $20.00 $20.00 Mouse 1 $15.00 $15.00 Monitor 1 $250.00 $250.00 Network Attached Storage (NAS) 1 $1,240.00 $1,240.00 KVM switch 1 $120.00 $120.00 Ethernet cables 10 $20.00 $200.00 Windows XP Professional 12 $150.00 $1,800.00 Windows SBS 2003 20 Pack CAL 1 $1,851.00 $1,851.00 Windows Server 2003 R2 Std 0 $0.00 $0.00 Microsoft Office 2003 21 $200.00 $4,200.00 Vision Backup 1 $400.00 $400.00 File System Auditor 2 $830.00 $1,660.00 TrendMicro (25 licences /2yrs) 1 $1,010.00 $1,010.00 Domain Registration 1 $8.99 $8.99 Cox Business Internet 1 $79.00 $79.00 Total Project cost (excluding labor & installation) Table 1 - Hillcrest Day Treatment Project pricing Page 20 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel $20,759.99 Project Plan Hillcrest Day Treatment 16. Project Plan Approval Signature: Sponsor: Print Name: Title: Sarah Penteriani Clinical Program Director Date: Signature: Faculty Advisor: Print Name: Title: Chuck Bane Faculty Advisor Date: Signature: Print Name: Project Manager: Title: Kevin George Project Manager Date: Page 21 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment Appendix A – Project Team Staffing Chart Page 22 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment Appendix B – Hillcrest Day Treatment Staffing Chart Page 23 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment Appendix C – Functional Requirements Plan Page 24 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Functional Requirements Plan Hillcrest Day Treatment Appendix C Functional Requirements Hillcrest Day Treatment Network Consulting Services by: Blake Fell Kevin George Amirhossein Moussavinejad Rommel Pitel Faculty Advisor: Chuck Bane Confidential and Proprietary Information This document contains information that is proprietary to Hillcrest Day Treatment. Transmittal, receipt, or possession of this document does not express license, or imply rights to use, sell, design, manufacture, or to have manufactured, any product, concept, or service from this information. No reproduction, publication, or disclosure of this information, in whole or in part, electronic or otherwise, shall be made without prior written authorization of an officer of Hillcrest Day Treatment. Authorized transfer of this document from the custody and control of Hillcrest Day Treatment constitutes a loan for limited purpose(s), and this document must be returned to Hillcrest Day Treatment upon request, and in all events, upon completion of the purpose(s) of the loan. Page 25 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Functional Requirements Plan Hillcrest Day Treatment Appendix C Document Change Log Prepared By Title Date Version Revisions Modified By Reason Date Version Page 26 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Functional Requirements Plan Hillcrest Day Treatment Appendix C Table of Contents 1.Introduction............................................................................................................................ 28 2.Features ................................................................................................................................ 28 3.Performance & Speed ........................................................................................................... 30 4.Ease of Use........................................................................................................................... 31 5.Use Cases............................................................................................................................. 31 5.1. Define Different Types of Users ................................................................................. 31 6.Usability................................................................................................................................. 32 6.1. User Interface ............................................................................................................ 32 6.2. Look and Feel ............................................................................................................ 33 7.Legal Requirements .............................................................................................................. 33 7.1. Regulatory Requirements, Security & Privacy ........................................................... 33 8.Backup Requirements ........................................................................................................... 34 Page 27 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Functional Requirements Plan Hillcrest Day Treatment Appendix C 1. Introduction This document will furnish information on the functional requirements of the Hillcrest Day Treatment Network project. Hillcrest Day Treatment Network project is a Senior Capstone project for National University, ITM 490A and ITM 490B, sponsored by Hillcrest Day Treatment, part of New Alternatives Inc. The functional requirements document will delineate the functional requisites of the proposed network for Hillcrest Day Treatment. As a Non-Profit organization, Hillcrest House does not operate with the intent of maximizing revenues. They are currently funded by the County of San Diego and as such receive only enough money to cover their base operating expenses. Unlike most organizations, Hillcrest House does not have sections of its budget apportioned for IT projects, network upgrades or user applications. Many of their current PCs are either refurbished systems or systems that have been donated by the County of San Diego. Currently there is no network in place to allow computers to communicate with each other. There is no security in the form of network authentication and internet connectivity is limited to two (2) PCs via two separate DSL lines. The goal of providing Internet access is to allow case workers and clinicians the ability to enter and retrieve data from a Web-based database supported by The County of San Diego, when the program is instituted. This web-based database will be implemented through a countywide MIS program called “ANASAZY.” The countywide MIS program will require them to have Internet access because the patient information will be entered to an online database. Internet access will become an integral component of Hillcrest’s operations in future with the implementation of ANASAZY. In their current configuration, Hillcrest Day Treatment has 24 stand-alone PCs. File security is difficult to implement since there is no network or centralized management to enforce added security like group policies. In its present structure, Hillcrest House is not fully compliant with HIPAA’s regulations for the security of Electronic Medical Records. One of the implicit aims of the project is not only to ensure that files are secured electronically, but also to assist Hillcrest Day Treatment establish and maintain HIPAA compliance. Hillcrest Day Treatment network will allow the case workers of Hillcrest Day Treatment Center to access the Internet and share files through their network. One of the immediate benefits of the network will be increased security for electronic patient records. Another benefit of the network is increased internal collaboration which will help increase the level on interaction within Hillcrest Day Treatment. 2. Features The Hillcrest Day Treatment Network is a proposed solution being offered to Hillcrest Day Treatment in response to their technical requirements. The project aims to provide Internet access on all PCs, enable the facility to share files over the network as well as enable security to protect access to files in keeping with HIPAA regulations. Additionally, the Hillcrest Day Treatment Network project will provide the facility to backup files, store files and increase internal communication and collaboration. In order to provide Hillcrest Day treatment center with the above mentioned functionalities, both hardware and software will be installed. As defined in the Hillcrest Day Treatment Project Definition, Hillcrest currently operates its computing environment as a stand-alone environment. There is no networking, no file sharing, no centralized administration, no centralized storage and no backups. Among the first tasks to be completed is the implementation of a network. The network has to be functional enough for Page 28 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Functional Requirements Plan Hillcrest Day Treatment Appendix C Hillcrest employees to perform the necessary daily tasks, robust enough to handle the demand that will be placed on it, and secure enough to protect patient information in keeping with HIPAA’s regulations. To address the inability of Hillcrest Day Treatment to wire the building they currently occupy, the proposed should be predominantly setup wireless. There is definitely a foreseeable benefit of implementing a predominantly wireless network. In the event that Hillcrest Day Treatment has to relocate, their network can be easily disassembled and reassembled quickly. Hillcrest’s network should be capable of handling the demand that will be placed on it by its users. The Wireless Network complies with IEEE 802.11b/g with transfer rate of up to 300Mbps. 802.11 are a set of standards for wireless local area network communication and these standards are set by the Institute of Electrical and Electronics Engineers (IEEE) committee. Additionally, the network is also compliant with draft 802.11n standards; 802.11n is the next generation wireless standard that can deliver great speed and frequency range. Although Hillcrest Day Treatment is not an organization that runs multiple applications like most businesses, the network should still be able to operate under some load. In light of this, the Hillcrest Day Treatment network should operate at 802.11g speeds and higher. 802.11g is the Institute of Electrical and Electronic Engineer’s wireless standard that allows for rated speeds up to 54Mbps on the 2.4GHz frequency using orthogonal frequency-division multiplexing (OFDM) as its modulation technique. Another requirement of the wireless network is a level of security. Undoubtedly, one of the most secure types of network is a wired network, however when configured correctly, wireless networks can provide a comparable amount of security. At the very minimum, the wireless security specification which Hillcrest Day Treatment network would be advised to utilize is Wi-Fi Protected Access 2 (WPA2). WPA2 provides strong protection for data and network access because of the encryption algorithm it utilizes called the Advanced Encryption Standard (AES). Taking into consideration the fact that Hillcrest Day Treatment deals with patient information, there should be various layers or levels of security. The security mechanisms utilized by Hillcrest Day Treatment should not only exist at the desktop level, but should be considered at every stage and level of network. Despite the tremendous resource that the Internet has become, it is also the breeding ground for Hackers and Crackers and is flooded with Spyware, Trojans, Adware, Viruses, Worms, Malware and other Badware. Security precautions for Internet access should begin at the point of Internet entrance into Hillcrest Day Treatment and continue all the way to the user’s desktop. The router chosen to police the Internet gate of Hillcrest Day Treatment should be robust and productive. The router will essentially perform two critical functions – keep unwanted elements out, while allowing authorized traffic in. The router will protect Hillcrest’s internal network, effectively hiding it from the prying eyes on the Internet. To effectively perform this function, the router used for Hillcrest Day Treatment should be both a router and firewall. Integrating both functions into one appliance is cheaper and easier to administer. Networking the computers at Hillcrest Day Treatment is only one step in providing centralized administration and management. The next step is to implement client/server architecture. Client/server architecture, also called two-tier architecture, is a network comprised of servers and workstations. The server will service requests from the workstation. A substantial benefit of employing client/server architecture is security. In a client/server environment, users have to authenticate themselves on the network before they have access to resources on the network or computer. Authentication is done by the use of an assigned username and password. When a user sits at a computer and attempts to login, they are in fact requesting permission from the server to start a session on the network. The server is the main authority responsible for granting or denying access to the network. When a user authenticates them self by using the correct username and password, the server grants them permission. If either of the two (username and/or password) are incorrect, the server denies access. Page 29 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Functional Requirements Plan Hillcrest Day Treatment Appendix C The server(s) in Hillcrest Day Treatment will be used to share files, provide secure authentication, host SharePoint services for calendaring and collaboration, perform backups, supply workstations with IP addresses, and host a number of other resources. In consideration of the demands that will be placed on the server, Team FGMP believes that Hillcrest Day Treatment should operate with at least two servers. Among the many reasons for recommending at least two servers are redundancy and load-balancing. Allowing at least two servers to service the requests from the workstations, results increased overall performance on the network as both servers will be providing the necessary services, rather than the entire load being placed on one server. Additionally, having at least two servers removes the likelihood of a single point of failure. Once properly configured, if one server goes down, the other server can still be used to authenticate users on the network, allowing them to login to their desktops. The servers that will be implemented in the Hillcrest Day Treatment Network need to be fast and robust as well as quiet and energy efficient. Currently, file security is the responsibility of the individual user at Hillcrest Day Treatment. Understandably, the level of file security at Hillcrest Day Treatment is dependent on the user’s level of computer literacy. Needless to say, this manner of implementing security usually results in minimal, and in some cases, to no file security implemented at all. As stated by the project’s Sponsor, some users have utilized login passwords as a means of protecting both their PC as well as the files that reside on it. Unfortunately, many of the other users have not. So, unrestricted access to their PC is as simple as booting it up. In an organization which deals with confidential patient records and information, this practice is not only insecure, but is not in keeping with HIPAA’s rules and regulations. State legislation requires that a hardcopy of patient records should be maintained onsite for a period of seven years. Hillcrest Day Treatment center currently adheres to this requirement, however they would like the facility to keep patient records in electronic format for two years. Having the facility to store files will give them the added benefit of not having to search through stacks of boxes for patient records that may only be a few weeks or months old. In addition to the time they will save by not having to manually sort through boxes of files, they will also benefit from the ability to quickly retrieve and update patient files. One of the last components that the network will need is an uninterruptible power supply (UPS). The UPS provides power in the event of a power outage and protects equipment from variances in voltage and power interruptions. Most UPS can provide enough power to allow machines to be shut down manually and safely. The UPS suggested for the Hillcrest Day Treatment will need to support the server for a minimum of 30 minutes. It is anticipated that within that time the power would have returned or an administrator would be able to shut down the servers safely. Hillcrest’s designation as a Non-Profit Organization means that their operation does not revolve around the pursuit of profit. They are funded by the County of San Diego, but their funding only covers their base operating expenses. Equipment at Hillcrest’s site has either been donated by the County of San Diego or purchased at a significantly lower price because it was refurbished. The budget for the Hillcrest Day Treatment was not explicitly stated, however, it is understood that the cost of the proposed solution will be a significant deterrent if it is not affordable. 3. Performance & Speed Most modern networks run on a gigabit backbone and run a myriad of applications which utilize numerous resources. On some of the more costly networks, the gigabit backbone is complimented by fiber connections to workstations. Hillcrest Day Treatment does not need that level of performance and/or speed and they do not foresee growing to the point where that level or performance and speed will be needed within the near future. Page 30 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Functional Requirements Plan Hillcrest Day Treatment Appendix C The network should be fast enough to add a level of productivity to Hillcrest users, and allow them to complete tasks efficiently. The suggested rated speed for the wireless network should be 54Mbps, using the 802.11g, however it should be able to support 802.11b if necessary, but also be scalable to 802.11n in the future. 4. Ease of Use The Hillcrest Day Treatment network will be as simple to use as other networks are. Since the proposed solution will be a change in the way Hillcrest users are used to doing things, some training may be required to familiarize them with the network. Although some training may be required, the network was not designed to be difficult to use. It is not anticipated that there will be a steep learning curve while users become more familiar with the network and what it is capable of. One of the changes which users will be forced to accept is the act of logging into the network and PC. This change will probably be the most obvious change for Hillcrest’s users as many of them are not used to authenticating in order to gain access to the PC. Adequate training will enforce the benefits of this measure security, not forgetting to mention that it is a requirement according to HIPAA’s regulations. The ease with which users will now be able to share files and use collaboration tools will make the transition much easier. Apart from Internet access, users will now have email access via Microsoft Outlook connected to a Microsoft Exchange backend. The Microsoft Exchange email server comes with the license for Windows Small Business Server. Users will be able to view a shared calendar which the entire Hillcrest Day Treatment office can interact with. This shared calendar will allow appointments to be set that all users can view. Additionally, reminders can be setup for appointments, patient visits, meetings, and a host of other things. 5. Use Cases 5.1. Define Different Types of Users Hillcrest Day Treatment has a total of 21 employees. Those employees can be subdivided into 3 groups. The groups are Directors, Mental Health Workers and Clinicians. The Clinician group can be further divided into two more groups; Lead Clinicians and Program Clinicians. Security groups will be created that will correspond to the five job titles. Access to files on the network will be based on the user’s security group and the group’s permissions. The Clinical Program Director will have access to all the files on the network and will belong to all other groups. However, the other group’s access will be segregated. 5.2. Use Case Scenario A typical use case scenario involving the intended use of the Hillcrest Day Treatment network and a Hillcrest Day Treatment user follows:– The Clinical Program Director arrives at work and wants to get a few tasks completed before attending a scheduled meeting at the Health and Human Services office later in the afternoon. As the Clinical Program Director boots up their PC, in the background there are a few processes taking place. Among the tasks occurring in the background, the wireless adapter is looking the Hillcrest Day Treatment network, the computer is requesting an IP address, and the DHCP server is checking the computer’s MAC address against the MAC addresses in its database to decide whether or not to provide the computer with an IP Page 31 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Functional Requirements Plan Hillcrest Day Treatment Appendix C address. After the computer establishes a connection with the network it begins to download policy settings and updates, from Windows updates to application updates to antivirus updates. The login screen appears when the computer is just about ready to be used. To access the computer and any resources on the network, the user has to provide a username and password, which will be authenticated by the domain controller running active directory services. If the username or password is incorrect, the user is not able to login. If both the username and password are correct, the user is allowed access to the network as well as the computer. One of the first things that the Clinical Program director does is check their email with Microsoft Outlook. They can read, reply, forward or compose a new email using Microsoft Outlook. While using Microsoft Outlook, the Clinical Director checks the shared calendar in Microsoft Outlook, which is powered by Microsoft Exchange, to see if there are any group meetings, appointments or scheduled activities they need to attend in the office. While checking the shared calendar, the Clinical Program Director decides to schedule a meeting through Microsoft Outlook, which then sends invitations to the invited participants. After reading and responding to the email in their inbox, the Clinical Program Director opens Internet Explorer. Internet Explorer’s homepage is set to the Hillcrest Day Treatment Intranet page. On the Intranet page, users can share files as well as post announcement that are visible to everyone who views the Intranet page. The Clinical Program Director quickly checks out the Intranet home page to see if any announcements have been posted or files have been shared. After reading the latest announcement posted by the Program Clinicians, the Clinical Program Director navigates away from the Intranet site and goes to the County’s ANASAZY website to retrieve patient information from the online database. The Clinical Program Director retrieves the patient information they were searching for, opens a word file, and then inputs the patient information to begin a new case file. After all the relevant information is entered in the word file, the Program Director saves the file to their designated home drive. After speaking with a few of the Mental Health workers and Clinicians about the new case, the Clinical Program Director realizes that the patient will have to see both the Mental Health workers and Program Clinicians. In an effort to keep the patient information consistent and controlled, the Clinical Program Director shares the file created earlier with the Mental Health workers and Program Clinicians by uploading it to the Intranet. The designated users can access the file and make changes to it, without each of them having to work on multiple copies of the file or duplicating it. 6. Usability 6.1. User Interface Windows XP Professional will be the recommended user operating system that is used on the Hillcrest Day Treatment network. The Hillcrest campus currently has a mix of operating systems ranging from Windows 2000 Professional to Windows XP Home to Windows XP Professional. It is recommended that all computers on the Hillcrest network are upgraded to Windows XP Professional. The standardization of the user’s operating system to Windows XP Professional helps ensure that group policies and security are implemented accurately and correctly. The user interface between Windows 2000 Professional and Windows XP Professional and Home are quite similar with little difference between them. Windows XP Professional can even be set to display in “classic” mode, which is similar to the look and feel of Windows 2000 Professional. Page 32 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Functional Requirements Plan Hillcrest Day Treatment Appendix C Image 1 – Windows 2000 Professional Image 2 – Windows XP Professional 6.2. Look and Feel The usability of the operating system will be very similar to what most users in the Hillcrest Day Treatment are using now. The desktop operating system will be standardized with Windows XP Professional with Microsoft Office 2003 as their major application. Most of the users should be familiar with these interfaces and should not encounter any problems using them within the networked environment. The familiarity of the Office 2003 and Windows XP Professional was one of the reasons why neither Office 2007 nor Windows Vista Business edition were suggested. 7. Legal Requirements 7.1. Regulatory Requirements, Security & Privacy As a residential treatment center specializing in therapeutic services for minors, Hillcrest Day Treatment has to follow HIPAA’s regulations with regards to the protection of patient’s information. These regulations are outlined in the Public Law 104 – 191, August 21, 1996, referred to as the Health Insurance Portability and Accountability Act of 1996. Section 1173(d) of the Health Insurance Portability and Accounting Act of 1996 addresses security standards for health information. The following excerpt was retrieved from www.hipaa.org, from Public Law 104 – 191, August 21, 1996, Section 1173 (d): (d) SECURITY STANDARDS FOR HEALTH INFORMATION.-"(1) SECURITY STANDARDS.--The Secretary shall adopt security standards that-"(A) take into account-"(i) the technical capabilities of record systems used to maintain health information; "(ii) the costs of security measures; "(iii) the need for training persons who have access to health information; "(iv) the value of audit trails in computerized record systems; and Page 33 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Functional Requirements Plan Hillcrest Day Treatment Appendix C "(v) the needs and capabilities of small health care providers and rural health care providers (as such providers are defined by the Secretary); and "(B) ensure that a health care clearinghouse, if it is part of a larger organization, has policies and security procedures which isolate the activities of the health care clearinghouse with respect to processing information in a manner that prevents unauthorized access to such information by such larger organization. "(2) SAFEGUARDS.--Each person described in section 1172(a) who maintains or transmits health information shall maintain reasonable and appropriate administrative, technical, and physical safeguards-"(A) to ensure the integrity and confidentiality of the information; "(B) to protect against any reasonably anticipated-"(i) threats or hazards to the security or integrity of the information; and "(ii) unauthorized uses or disclosures of the information; and "(C) otherwise to ensure compliance with this part by the officers and employees of such person. Security at Hillcrest Day Treatment will be a combined effort. It will include network security and user level security. Appropriate security measures will be put in place to protect the electronic patient records via the network, but these security measures are only as effective as the user allows. If users don’t practice due prudence and adhere to HIPAA’s regulations by not disclosing information indiscriminately, then the security measures implemented will be ineffective. The security measures taken from the way the network is implemented, to the group policies that control password strength are all an attempt to enhance the level of security. The layered approach to security that will be utilized will hopefully be an effective mechanism to protect patient’s information. 8. Backup Requirements An added benefit of implementing a network is the ease and convenience with which centralized backups can be performed. HIPAA regulations also stipulate that when dealing with electronic medical records, that an audit trail should be considered. Deploying an applicable backup system will help provide an audit trail as well as provide the organization with the ability to quickly recover from a disaster where data loss occurs. Backups are increasingly important as the world continues to transition from hard copies to a paperless system of information, and Hillcrest Day Treatment is no different. Apart from being mandated by the State to maintain hard copies of patient records for 7 years, Hillcrest would like the functionality to maintain at least 2 years worth of patient records electronically. The second server will be primarily used for file sharing. It will host the users H drive, which should also be included in the backup scheme. Backups will run on a daily, weekly or monthly scheduled basis and will back up the servers, files on the network, and emails. This will help protect the organization from any unforeseen mishaps and/or failures. The Backups will provide a degree of disaster recovery as well as protection for Hillcrest Day Treatment center. The Backup software should be easy to use, and be able to backup and restore to multiple media formats including CDR-RW/DVD-RW, Tape Drives, FTP/SFTP/FTPS, USB/Flash Drives, Hard Drives/NAS/ZIP/JAZZ and networked client/remote computers. Page 34 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Project Plan Hillcrest Day Treatment Appendix D – Technical Requirements Plan Page 35 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Technical Requirements Hillcrest Day Treatment Appendix D Technical Requirements Hillcrest Day Treatment Network Consulting Services by: Blake Fell Kevin George Amirhossein Moussavinejad Rommel Pitel Faculty Advisor: Chuck Bane Confidential and Proprietary Information This document contains information that is proprietary to Hillcrest Day Treatment. Transmittal, receipt, or possession of this document does not express license, or imply rights to use, sell, design, manufacture, or to have manufactured, any product, concept, or service from this information. No reproduction, publication, or disclosure of this information, in whole or in part, electronic or otherwise, shall be made without prior written authorization of an officer of Hillcrest Day Treatment. Authorized transfer of this document from the custody and control of Hillcrest Day Treatment constitutes a loan for limited purpose(s), and this document must be returned to Hillcrest Day Treatment upon request, and in all events, upon completion of the purpose(s) of the loan. Page 36 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Technical Requirements Hillcrest Day Treatment Appendix D Document Change Log Prepared By Title Date Version Revisions Modified By Reason Date Version Page 37 of 163 Created by Blake Fell, Kevin George, Amirhossein Moussavinejad, Rommel Pitel Technical Requirements Hillcrest Day Treatment Appendix D Table of Contents 1.Introduction............................................................................................................................ 39 2.Network Requirements.......................................................................................................... 40 2.1. Hardware ................................................................................................................... 40 2.2. Software ..................................................................................................................... 48 3.Server Requirements ............................................................................................................ 51 3.1. Hardware ................................................................................................................... 51 4.Workstation Requirements .................................................................................................... 51 4.1. Hardware ..........................................................................................
Purchase answer to see full attachment