openEMR Cloud Express Plus - Hipaa Eligible?

Am very interested to start using openemr in the cloud. Have not started an instance yet.

Are there any individuals in the US using the express plus service?
I think this service starts at $20 a month.

Also, does this setup qualify as Hipaa eligible? And any advice on documenting for hipaa compliance?

hi @oldsoul , yes, started a test site with the hopes of transitioning some practices there. Yes, it’s eligible.

Here’s the official guide to HIPAA :slight_smile: https://www.healthit.gov/topic/hipaa-providers

My current concern is I tried a test install and noticed that the instance ip is on port 80 communication only. Not 443 encrypted traffic.

should the cloudformation template configure apache/webserver to accept port 443 traffic only and turn off port 80 traffic?

From the test I did, my browser showed in the address bar that the transmission was not encrypted…

I know its a little bit harder to configure the webserver to do tls certs and encrypt the traffic between client and webserver…but my main thought is that this must be done first before even loading openemr onto the webserver.

think let’s encrypt requires port 80 to be open during the initial setup but then you can disable it through a few different options like turning it off on the ec2 dashboard for instance

I did ssh into the ec2 instance, but am a newb with docker… I assume that the webserver portion is in a container. I’ll just have to dig deeper into learning these new technologies. Thanks to all who have made this project into reality.

1 Like

Hello, Paul. Express Plus is based on our Lightsail deployment path – openemr-devops/packages/lightsail at master · openemr/openemr-devops · GitHub may have useful tips for you.