Considering turning the patient portal on, but…
- For security, want to limit network exposure as much as possible for main EMR interface.
- Portal is tightly coupled to main EMR and by default shares the same network exposure.
- Portal has features (self-registration et. al.) that seem to make the most sense only with unlimited network exposure.
These considerations have been discussed over the years on this forum, and at times has catalyzed efforts for “offsite” portal implementations and other mitigating solutions.
I would like to know how people are dealing with this in 2022. How are people utilizing the excellent v6/v7 patient portal?
- Main EMR and portal exposed to entire Internet?
- Local network exposure only for both, with kiosk/tablet/workstation in clinic lobby?
- Main EMR restricted by client certificates (as espoused by @brady.miller at one time)
- Dual EMR instances with one used only for portal and living in a DMZ (as espoused by @mdsupport at one time. How does this work?)
- Whitelisting IPs for non-portal directories in Apache config? Does this work?
- Whitelisted separate custom app replicating portal functions via API?
- Other?
Appreciate any information, feel free to PM if not comfortable sharing publicly.
Thanks!