About NHSN Security
Neither. The NHSN was developed using Java J2EE on the server side and HTML and Java Script on the client browser. The NHSN does not use Active-X or Java Controls.
At least 500 MB of disk space is recommend in order to save user files such as reports, exported data, PDF files, etc. We also envision in the future the development of multimedia training materials that may be downloaded.
HTTP port 80
CDC Secure Data Network (SDN) requires use of a secure 128-bit encryption digital certificate for authentication into the National Healthcare Safety Network.
No. Patient name is only included for the healthcare facility’s benefit. It allows a facility to identify individual patients. This information is stored in the database at CDC but not used in any CDC analysis. The only required patient identity fields are Patient ID #, Gender, and Date of Birth.
Currently, the NHSN only accepts comma separated value (CSV) files for the importation of procedure data, surgeon data, and patient demographic data. Healthcare worker demographic data will be imported in the same manner in future releases. Electronic messaging using HL7 3.x messages is under construction for antimicrobial use and resistance data, but is not yet available.
Are all processor-intensive functions handled on the server side vs. the client side (data analysis, reporting, etc.)?
Yes, all data analysis and reporting is handled on the server side by SAS Intranetware.
Will there be audit logs generated for each log in? (i.e., who logged in, when, how many times, etc.)
Yes, CDC Secure Data Network logs user authentication into the NHSN system.
Will the Facility Administrator have access to the audit logs for the purposes of monitoring login activity?
No, but if a security breach is suspected we can request access to the audit logs from the CDC Secure Data Network group.
The NHSN has undergone and passed an extensive Certification and Accreditation (C&A) security risk assessment required for federal IT systems. The NHSN software has been scanned for software vulnerabilities and has passed. New releases of the software will be scanned if new content affects the security posture of the system.
Data manually entered or imported into the NHSN can be downloaded at any time by the facility. A variety of popular file formats are available for storage of these data (e.g., Excel, dbase).
Yes. Data from the NHSN are stored in SQL databases and an incremental nightly back up is performed, at minimum, each night. The back ups, log, incremental and full are stored on a separate disk/server. The back up files are in turn backed up to tape on a nightly basis and ultimately stored off site. Weeks worth of back ups are maintained. We have a number of SQL servers available to use should one fail.
Get email updates
To receive email updates about this page, enter your email address:
Centers for Disease Control and Prevention
National Healthcare Safety Network
1600 Clifton Rd
Atlanta, GA 30333
- Contact NHSN@cdc.gov