Opening openemr off-site patient portal secur

vambati wrote on Sunday, March 17, 2013:

All,

We are running openemr 4.1.1 with in the internal network not opened from out side firewall. but we want to use off-site patient portal and it looks like that require us to open openemr to outside world. We are bit concerned about the security. Is any one hosting openemr in their own hosting env and using offsite patient portal? If so can you tell us what measure have you taken to secure your openemr?

we are running openemr 4.1.1 on ubuntu and apache. We have a physical cisco firewall but what do we do to secure apache asnd openemr?

bradymiller wrote on Sunday, March 17, 2013:

Hi vambati,

There was a good discussion that began to discuss this issue awhile back:
http://sourceforge.net/projects/openemr/forums/forum/202505/topic/4769926

I’d suggest approaching ZHHealthcare to set up a secure network (basically allows you and other to appear to be on their “local” network via vpn/ssh tunneling). With the secure network, then you would not be exposed to the internet. Having this option/feature would be very useful since there will be many users in the future whom also won’t be comfortable with exposing OpenEMR to the internet. I am guessing the added costs to run/maintain it will no longer make it free for that option, but I will leave that to ZH Healthcare.

Also, if you haven’t seen this yet, here’s a wiki page that discusses security issues:
http://www.open-emr.org/wiki/index.php/Securing_OpenEMR

-brady
OpenEMR