How Pa. secures data on the Web

When the Office of Mental Retardation in Pennsylvania’s Public Welfare Department began work on the Home and Community Services Information System in 1999, the idea of building a Web-based application was “still very new,” said Gary Rossman, division chief of DPW’s Bureau of Information Systems and HCSIS project manager.

Rossman and his team conducted a series of regional forums around the state, trying to acquaint people with the idea. “Banks were just beginning to use the Internet,” Rossman said. HCSIS borrowed some security tools from online banking.

“We were also one of the early Web-based systems that worked to become ADA-compliant with Bobby certification,” and used screen readers, he said. Bobby is an online tool that analyzes Web pages for their accessibility to people with disabilities. In addition to complying with Americans with Disabilities Act standards, HCSIS also complies with Health Insurance Portability and Accountability Act requirements.

The HCSIS application resides on a Unisys server running Windows 2000 Datacenter SP2 for the Web application servers and database server. It also utilizes Microsoft .Net technology.

Data is stored in an Oracle9i database, and the HCSIS infrastructure is housed at the Bureau of Information Systems in Harrisburg.

Because so much sensitive data runs on HCSIS, the system has some special security features. For example, its technical architecture uses Oracle’s Fine Grained Access Controls to limit access to data. FGA ensures that a Cumberland County user can only access data specific to Cumberland County.

HCSIS has performed so well for Pennsylvania that other states are borrowing it. “We’ve transferred the code for the quality management module to Massachusetts,” Rossman said. “Because it’s federally funded from the Health and Human Services Department, the code is in the public domain for other states.” As a result, Massachusetts now has a version of HCSIS in operation.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.