I just installed OpenEMR on my web host which is also where I have my web site hosted. Before the installation I created the subdomain and database. I had no problem getting it uploaded and installed.
My question is this, is it considered safe and secure to run the software this way? I mean it seems to have installed OK. I have never worked with OpenEMR before and I have not attempted to do anything further with it so I don’t know if this will present any problems.
Also another thing of note is that my chiropractic practice is located in Greece so HIPAA doesn’t apply here. With that said I’d still want to ensure a reasonable amount of security regarding this.
I installed my first setup that way, and was informed that it was not safe to do so. Presently I run mine off of a Ubuntu server thru a VMware machine (virtual OS) on my office laptop.
I’m familiar with VMWare and have used it extensively myself in the past. I spoke with my Web Host and they informed me that they have several layers of security as well as some in house security features they developed. Also, as an added layer of protection, since they use cpanel I password protected the directory/subdomain where the software is installed.
My reason for doing this is because I want to be able to access it when I’m not at the office. If it’s only on the office computer it wouldn’t be possible unless I left it online and remoted in to it in some fashion.
Unless there is something particular as to why it shouldn’t be installed this way, such as a security flaw with the software, I believe it should be reasonably safe to use it in this fashion.
Also, as I mentioned before, while I’m concerned with patient information confidentiality I’m not bound by HIPAA requirements. I also won’t be using this for insurance billing or coding so no payment information will be stored online. Mainly it will be for scheduling and tracking patient visits and documentation.
Think there is one more option to think about. In OpeEMR you can make use of easy never change password AND Passwords that can be very difficult due to more characters and more difficult build into the password that needs to be renewed more often. (I am in a NON strickt HIPAA compliant zone also, but I like to keep the medical information as save as possible)