Versions Compared

Old Version 2

changes.mady.by.user Toma Holtzer

Saved on

compared with

New Version Current

changes.mady.by.user Steffan Stringer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Formatting
Table of Contents

What is Session Replay?

Session Replay is a tool that records the ability to record user activity in ClinSpark and that allows the Foundry Heath support team to replay user sessions after the fact. This enables the team to diagnose user and application issues far more rapidly and effectively. Session Replay enables our support team to:

  • Understand the full context of a user issue when we receive a ticket. We can carefully review the user session around the time the issue occurred. This typically allows us to fully understand whether there is an application issue or a training issue, and offer rapid assistance.

  • Understand how to reproduce an issue, because we are able to see what the user sees and the steps leading to reported issues.

  • Provide a highly effective training review mechanism for students performing exercises. When a student indicates they have completed a task, or have an issue, the instructor can review the session to offer additional assistance if needed.

  • Provide an option to allow customers to review their own user sessions and gain the same benefits. Note that there are license charges for this.

Technical Details

Security Considerations

ClinSpark’s database already stores the full body of clinical and subject data, including Personal Health Information (PHI). Audit records show a record of all user actions. What Session Replay adds is a visual recording of the interactions a particular user made in the ClinSpark User Interface (UI). This recording is of course just as sensitive as the data itself, since it includes PHI and clinical data.

Because of this, our Session Replay tool is hosted fully “on prem” within Foundry Health AWS data centers. This data streams directly to the Foundry Health Session Replay tooling, where it is stored alongside of the data from clinical operations. As such, there is no additional exposure risk, as all of the protections guarding the core application resources of ClinSpark are also in place for Session Replay data. It is viewable only by Foundry Health support staff, and optionally by customers who wish to access their own user sessions.

SessionStack

The Session Replay tool that Foundry Health we currently uses use is called SessionStack. It is designed as a SaaS application support tool, and our support team has access to user sessions in customer instances where it is installed.

The SessionStack support vendor has no access to ClinSpark user sessions.

What we can see

For a given customer instance, in response to an issue we are able to see all user sessions. They are listed by username, time and duration.

...

  1. The user record being shown

  2. The timeline of the session

What we can NOT see

Session Replay only records the contents of the ClinSpark browser tab. There is no way for it to see anything outside of ClinSpark itself, such as desktop activity or other browser tabs that are not ClinSpark.

...

The scope of what can be seen is narrowly limited to ClinSpark interactions, by design.

Enabled/disabled through configurations

Session Replay is enabled or disabled through a system configuration that is managed by Foundry Health our ‘superadmin’ users.

Which instances are configured with Session Replay?

PROD Main instances are OPT-IN. That means we will only configure a PROD Main instance with Session Replay once we receive customer permission to do so via Service Desk ticket.

...

If customers do not want Session Replay enabled on a certain instance, they should reach out to the Foundry Health team us via standard project communication channels and/or service desk ticket and we will disable it accordingly.

Additionally, customers can work with Foundry Health us to ensure that it is only enabled only in certain environments, or only during certain critical times such as during onboarding and the first month after go-live.

Excluding Volunteer PHI

Customers who are concerned about PHI in recorded sessions can inform us that Session Replay should only be active for areas except for the Volunteer module. When configured accordingly, this implicitly excludes the volunteer PHI from the SessionStack database.

How long are sessions held?

Session recordings are accessible by the Foundry Health team for 30 days.