In order to respond to a top priority need - assuring the information provided on line by a patient is submitted and stored securely, HCA sponsored the development of what is called the "Secure Form" plugin.
This plugin, based on the dotCMS Form Handler functionality, adds the capability to encrypt the information submitted by a end user over a SSH connection and then transfer that information from a public dotCMS instance available for internet users to a private dotCMS instance accessed only from a private network.
From left to right and bottom to top in the picture: Yun Huang, Allison Page, Sasha Pickett, Diane Tomlins, Brian Traughber, and Aaron Clifford. They are part of the team that designed, installed, and tested the Secure Form Platform at HCA.
The process to submit forms securely works like this:
On those dotCMS instances where the Secure Form plugin has been installed, a set of default fields, additional to those created by dotCMS, will be automatically added to a form structure:
The form is added to the page in the public instance using the "Add Form" link in dotCMS Page Editor.
The information submitted by the user will be stored encrypted in the public instance.
A Quartz job is executed by the private instance to request the transfer of the information from the public server. The frequency to execute this job can be configured at your convenience in the configuration file of the Secure Form plugin.
The example shown below executes the Qartz job every minute:
quartz.job.name=Secure Forms Job quartz.job.group=Secure Forms Job quartz.job.description=Secure Forms Job quartz.job.java.classname=com.dotcms.plugins.secureform.client.business.SecureFormsJob quartz.job.cron.expression=0 0/1 * * * ?
Once the information has been transferred to the private instance, it is decrypted and stored to be accessed by users from a secure network.
The same Quartz job in charge of transferring the information also makes sure that the information is deleted from the public instance once it has been stored in the private instance.
In conclusion, the Secure Form plugin extends the Form Handler functionality to allow encryption and storage of the information submitted from any device in the internet to a dotCMS secure instance.