I just install OpenEMR on the web and it is running fine so far. I need to know if it is safe to start loading patients data now or I need to install additional features to make it more secure. i will appreciate any comments or suggestions. Thanks!
That depends entirely on how you installed it and where. “the web” is a very broad term. If you don’t know how secure it is, then it’s like to be VERY VERY insecure. HIPAA compliance is not easy.
-Tony
IMHO, the only way to totally secure anything is to lock it up and never allow access to it from anywhere, especially the internet. However, even the gov understands that is really about risk assessment. We can reduce the risk of compromise with firewalls, limited access, encryption,etc.; but, nothing is ever really secure that is attached to the internet. Hackers break into government installations, banks, and other “secure” sites quite frequently. There is a conflict (I think) between HIPAA rules and the government mandated EHR access. I could be wrong, what do you think?
As Brady suggests, HTTPS should be pretty good IF used in conjunction with client-side certificates. OpenEMR’s security is not adequately tested to trust anything less.
HTTPS encrypt data only from the Host to the Client but not from MySQL server to the the Host or from MySQL to a remote Client, am I right? I saw an option to enable SSL on MySQL for remote connections (I do access remotely my DB), If I enable SSL on MySQL, do I have to change some setting in OpenEMR? Thanks!
It looks like this feature needs to be compiled within mysql (so would ensure that your instance of mysql supports it). This mysql feature is independent of OpenEMR(ie. no settings should need to be modified within OpenEMR).
I requested a MySQL SSL install to my hosting company, looks like the MySQL version needs to be changed:
The current version of MySQL (5.0.92) on your system does not support SSL encryption and we would not be able to install the certificate at this time. In order to do the install, we would need to upgrade the version to the latest version supported by cPanel (which is currently 5.1.56) which does support SSL connections.
My question now is, if OpenEMR will work with the version 5.1.56? Thanks in advance!