How Pa. secures data on the Web

When the Office of Mental Retardation in Pennsylvania’s Public Welfare Department began work on the Home and Community Services Information System in 1999, the idea of building a Web-based application was “still very new,” said Gary Rossman, division chief of DPW’s Bureau of Information Systems and HCSIS project manager.

Rossman and his team conducted a series of regional forums around the state, trying to acquaint people with the idea. “Banks were just beginning to use the Internet,” Rossman said. HCSIS borrowed some security tools from online banking.

“We were also one of the early Web-based systems that worked to become ADA-compliant with Bobby certification,” and used screen readers, he said. Bobby is an online tool that analyzes Web pages for their accessibility to people with disabilities. In addition to complying with Americans with Disabilities Act standards, HCSIS also complies with Health Insurance Portability and Accountability Act requirements.

The HCSIS application resides on a Unisys server running Windows 2000 Datacenter SP2 for the Web application servers and database server. It also utilizes Microsoft .Net technology.

Data is stored in an Oracle9i database, and the HCSIS infrastructure is housed at the Bureau of Information Systems in Harrisburg.

Because so much sensitive data runs on HCSIS, the system has some special security features. For example, its technical architecture uses Oracle’s Fine Grained Access Controls to limit access to data. FGA ensures that a Cumberland County user can only access data specific to Cumberland County.

HCSIS has performed so well for Pennsylvania that other states are borrowing it. “We’ve transferred the code for the quality management module to Massachusetts,” Rossman said. “Because it’s federally funded from the Health and Human Services Department, the code is in the public domain for other states.” As a result, Massachusetts now has a version of HCSIS in operation.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

  • Defense
    Dana Deasy, DOD Chief Information Officer, hosts a roundtable discussion on the enterprise cloud initiative with reporters, Aug. 9, 2019, at the Pentagon, Washington, D.C. (DoD photo by Air Force Staff Sgt. Andrew Carroll)

    DOD CIO 'very confident' that White House influence didn't guide JEDI award

    At his Senate confirmation hearing, Defense Department CIO Dana Deasy said the department's $10 billion cloud contract was awarded by a team of experts.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.