Which server is secure and Hipaa com

shahedul wrote on Monday, February 20, 2006:

Hello I’m trying to give openEmr to 2 doctors who do not want to spend too much money but they want hosted solution so they can access from home. Now should we get a dedicated server for this? Can I use Verio VPS account? Can anyone help me on this.

sunsetsystems wrote on Monday, February 20, 2006:

You could either go with a hosted server, or else use an in-house server that’s shared out over a broadband connection.  I have a couple of clients who do the latter, which works well because normal operation does not suffer from any performance or reliability problems associated with the Internet.

In either case it’s wise to create (and require) a custom SSL certificate for the web browsers, so they will authenticate to the server and keep the black hats away.

I don’t know anything about Verio.

– Rod
www.sunsetsystems.com

andres_paglayan wrote on Monday, February 20, 2006:

I second Rod’s comment,

You just can’t host on a shared web server,
(it’s not HIPAAish).

The cheapest a dedicated one will cost is $50/month.

The downsides of having a server outside premises is dealing with backup when data gets huge, and dealing with big upload/download of documents.

Implementing the fax client for prescriptions is also a little bit more complicated if you are using a hosted solution.

By far, the in house server is the better approach, provided that you know how to make it secure enough to keep away scripty kids.
(I get several attempts every day).

They will use the same DSL/Cable connection they would if connecting to the hosted one, and it might be a good idea spending an extra $5 a month for a fixed ip.

As he said, be sure you have a certificate and that the only port open is 433/tcp.

shahedul wrote on Thursday, February 23, 2006:

Thanks for your feedback guys. I do understand some user I can install this on a server in their office but we are dealing doctors who are part time and they do not have anyting beside a laptop. So I was thinking about getting a server(dedicated) and install SSL and provide them access. Now I do have 6-7 servers from ev1.net and these are for my other clients(mainly web based application) all my support stuff are in india. is it just a good idea to get another dedicated server(I know I can get this for $100 or more) and set it up properly and install each doctor an application from that? Also is it better to get a server from professional hosting company who has reputation because I cant trust these godaddy type hosting company.

justintx wrote on Monday, February 27, 2006:

Can someone tell me where I can find all information about HIPAA compliance.
I am also facing the same dilemna concerning where to host OPENMED, I am testing it now on a shared server and was thinking that a dedicated server may be necessary once the practice project starts.
The main problem with a server in the office is that maintenance will be an issue in the long run. I guessed that a dedicated server has the advantage that a serious hosting company will maintain it as part of their service.
I would please like to know what your experiences are and what other solutions exist to improve security on a web server whether shared or dedicated.
Thanks