HIPPA Compliance


(David Johnson) #1

My aunt is looking to open her own practice and is wanting me to set up IT things for her. We both stumbled upon Open EMR and really like the demos… but we are wondering if Open EMR can be HIPPA-compliant without the added subscriptions listed on this page. She would really like to use the patient portal for its scheduling features, and I am thinking that SSL and HTTPS would be sufficient if the server (on-site) has a firewall (USG ?) in front of it and is locked down as listed in this article.

The second question is will HIPPA compliance be achieved if onsite computers are connected with ethernet, Bitlocker enabled, 30second lock time, and use MFA on Open EMR.

Please feel free to poke any holes in my ideas and thanks for the feedback/response,

(Stephen Waite) #2

hi @DAVID_JOHNSON, hipaa compliance is a moving target and some versions of openemr are hipaa eligible, https://www.open-emr.org/wiki/index.php/AWS_Cloud_Packages_Comparison

if you document your approach and use the security risk assessment tool you’ll be well on your way

(David Johnson) #3

Could you send a few HIPAA compliant versions?

Thanks a lot,