9400 West Higgins Road, Suite 210 Rosemont, IL 60018-4975
Improving Orthopaedic Care Through Data 847-292-0530 | fax 847-292-0531 | www.ajrr.net
AJRR Secure Upload Methods
Overview The AJRR secure transfer site implements both a SFTP and a HTTPS service for Registry Participating Institutions or “sites” choosing to submit data directly to the AJRR. Both services present AJRR extended validation certificates and automatically encrypt all data upon landing. An overview of each is presented below along with a description of the user information required for us to create a login for you on our website. It is recommended that sites use the file naming conventions listed below for all data files uploaded to the AJRR.
SFTP Service The SFTP service is configured to allow upload and directory listing of information submitted to the AJRR using an automated batch process or manual upload via SFTP client method. The data file format should have already been shared during the AJRR onboarding process. Please contact AJRR support if you have not received the proper format for the upload files. The AJRR upload server uses local authentication and Verisign EV-certificates to enable secure login and data transmission. Optionally, the AJRR supports public key authentication for the following key formats: SSH format (as defined in RFC 4716), OpenSSH v2 format, or from a PEM or DER encoded certificate. Each hospital/submitting site is configured with a unique directory for the upload. Data encryption in flight is protected using FIPS 140-2 validated ciphers. Upon arrival, the data files are automatically encrypted using GNU privacy guard. The original file is deleted using a safe delete utility which conducts 3 write passes of random bit patterns over the data. The passphrase is only known to AJRR staff on a need-to-know basis and the file remains encrypted until the data is imported into the AJRR registry. Once the data is transferred to the AJRR registry, any encrypted files and all temporary files within the SFTP directory are deleted using the safe delete utility. The AJRR can also work with sites to encrypt data prior to uploading. Sites will be asked to use the AJRR provided certificate and GNU privacy guard utility. Please contact AJRR support if your policies require encryption prior to upload.
HTTPS Service The HTTPS service is intended to provide a method for AJRR participating sites to upload AJRR data using standard browser technology such as IE, Safari, Chrome, and Firefox. Please note that your browser must be a current release and support SSL/TLS 1.0 or greater. This method is also recommended for sites that have restrictive desktop policies or that prohibit end users from adding software such as an SFTP client to systems. User configuration, encryption methods and site specific directory constraints are equivalent to that of the SFTP service.
Frequency of Data Uploads The AJRR recommends a monthly upload of procedure data to the AJRR.
AJRR Secure Upload Methods | Page 1 of 3 | Version 02.02.2018 File Naming Conventions All file names should be formatted as follows: File naming convention:
PROC = Procedure Layout POSTOP= PostOp Comp Layout PROM = PROMs Layout
Example filename: UCSFPROC010116010216.csv UCS – University of California San Francisco PROC - Procedure Layout 010116 – Start date of records in file January 1, 2016 010216 – End date of records in file February 1, 2016
Obtaining a User Account and Password To obtain a user account, please submit the following information in the “SFTP User Information” tab on the Hospital Account Information document supplied during the onboarding process:
1. Method of transfer (SFTP or HTTPS) 2. Institution/Hospital name 3. Last Name of hospital technical contact 4. First Name of hospital technical contact 5. Email address 6. Phone number 7. IP Address of SFTP client system 8. EHR Vendor such as Epic, Cerner, etc.
Once the AJRR staff receives this information an account and temporary password will be created and sent to the email address specified. AJRR staff will work with you to upload a test file. It is the responsibility of the site to notify AJRR of any changes to contacts or site information.
Public Key Authentication If your institution’s policies specify public key encryption AJRR requires that you send your public key to AJRR staff for installation on our secure site. Once installed AJRR requests a test to ensure that the key was installed correctly. Supported formats: SSH format (as defined in RFC 4716), OpenSSH v2 format, or from a PEM or DER encoded key.
AJRR Secure Upload Methods | Page 2 of 3 | Version 02.02.2018 AJRR Upload Locations HTTPS: https://www.ajrr-registry.net SFTP: sftp.ajrr-registry.net (Default: Port 22)
Supported SFTP Clients The lastest versions of the following have been tested and supported by AJRR:
CuteFtp Ipswitch - MOVEit and WS_FTP Filezilla Winscp PuTTY
AJRR will make a best effort to support additional SFTP client applications if needed.
Security & File Permissions To maintain the highest level of security, all participant SFTP/HTTPS user accounts will have root directory file LIST and UPLOAD permissions ONLY. Users will not be able to view, download or modify existing files. Files will be removed by AJRR staff once they have been processed.
Test File Uploads To ensure that each site is successful and configured properly, AJRR will work with your staff to upload a test file to AJRR. Please remember to include the word “test” in the file name uploaded so AJRR can be notified of a new test file and also avoid accidental processing.
Additional Questions or Information Please contact your assigned AJRR Program Coordinator or AJRR Support if you have any additional questions.
AJRR Support E-mail: [email protected]
AJRR Secure Upload Methods | Page 3 of 3 | Version 02.02.2018