Recommended configuration guidelines

Posted by Thomas Davon on

The HIPAA Security regulations for systems certification and accreditation require the following hardware:


Routers: These are the first layers of a multiple-layer defense against any unauthorized access from outside the internal network. What a router does is to provide security by allowing or denying traffic to or from a source or destination IP address and port, as found in the layer 3 IP header.


Firewalls: These are the second layer of a multiple-layer defense against unauthorized access from outside the internal network. A Firewall provides “packet-level” security and inspection and can also allow or deny traffic through specific ports. It does this by ingress or egress filtering, almost the same way a Router does.


VPN: This is known as “Virtual Private Network.” It can be used by any remote user to safely gain access to the internal servers at work. Information Systems support staff, transcriptionists, physicians and their staffs are examples of remote users working for a medical center. What a VPN does is to create a secure “tunnel” through a public network- the Internet, by using encryption and authentication.


Windows-based Web Servers: These types of web servers are not safe, they are subject to hacking and they can also be used to attack other servers.


Windows-based Mail Servers: Windows-based Email Servers, such as Microsoft Exchange Server are based on the same Operating System as the Window-bass web servers, thus, making the recommended security configurations pretty much the same.


Wireless Access Points: The use of wireless network communications in a medical center environment is one way of allowing clinical staff and physicians, while visiting patients in their rooms or exam rooms, to have instant access to medical records, radiology images, and treatment history on PDA’s, wireless PCs or other medical devices.


Modems: Although modems have currently been replaced by high-speed network connections to the internet, it was once the standard for Internet connectivity. If your health care facility still uses the old main frame computer system, then a modem would be the best option for the capacity of the computer system.


Leave a comment

Please note, comments must be approved before they are published