Hardening Medical Office Computer Systems - Security Product Recommendations

Don't let hackers penetrate your EHR network or expose you to HIPAA liability. Protect your patient's confidential clinical records and financial information (and your practice from legal actions) by using these quality products, any of which can be accessed by clicking on the links provided below:

• Against Spyware - No one product will protect you. You need to use two or three together. Products we recommend include: Uniblue's SpyEraser, and Spybot Search and Destroy and Counterspy by Sunbelt Software and AntiSpy by Paretologic. None of these are sufficient by themselves. Used in combination however, they are quite comprehensive and effective. Two of these offer memory resident versions to protect the system continuously. If you have enough RAM and a fast processor, running both is recommended.
• Against Viruses - Depend upon Eset's NOD32 Antivirus
• Against All Intruders - Depend upon Sunbelt Software's Personal Firewall
• Against Accidential File Deletion on your file server from any workstation on the network - use Executive Software's Undelete Server Edition
• Against Hard Disk Failures - EMCInsignia's Retrospect Server Edition
backup software. Be sure to specify the backup open database option (at extra cost).

Having encrypted, off-site backups of all records is also essential, even if you are using a web-based, application provider solution (that is doing backups for you).

In Addition, to keep your system running at peak proficiency, install and regularly run:

• To Prevent Disk Fragmentation - Depend upon Raxco's PerfectDisk Rx Suite
• To Remove Registry Errors as part of periodic maintenance - PC Tools' Registry Mechanic
• For Inventory and Documentation of Existing Systems - Lavalys' Everest Corporate Edition
• For LAN and Network Documentation & Management - Neon Software's LAN Surveyor

The above applications are used by MSP on our own systems and we have found them to be effective, consume minimal CPU overhead (compared to their competitors) and be compatible with a wide range of application software. We cannot of course guarantee you will have the same experience because you don't have exactly the same software applications we tested against. Ask your EHR vendor about which products work best with their particular EHRs. Be forewarned however, many EHR developers have not tested many security products with their systems.

Be sure to download and install only the latest versions and to set update modes to automatic, so you are running the most current versions. We suggest you load these, starting with the firewall and antivirus products. Scan your system before installing any EHR software to make sure it is virus free. Next add the antispyware programs and the undelete program. Scan for keyboard loggers and Trojan probrams using all three anitspyware programs. Once you are sure your system is stable with these utilities loaded, then load your EHR application software. If the system then becomes unstable, you will know there is a conflict between your EHR and one or more of the recommended utility programs. You can remove them one at a time to isolate which program is creating the conflict. Normally, you will have not problems.

Click to return to EHR Selector Home page (or simply close this page).

Addressing Other Security 'Weak' Links

Simply having these products installed is no guarantee of protection. They must be properly configured, have their various databases updated regularly and be set to run when your system boots. Remember, the two weakest links in making your practice 'hacker-proof' are tightening your Windows administrative "Policies" and in your personnel knowledge of computer systems, both of which are beyone the scope of these simple help screens. Two books that may be helpful to you include: Windows Server Hacks by Mitch Tulloch (O'Reilly ISBN 0-596-00647-0 and Windows Server 2003, The Complete Reference by Ivens, et. al. (Osborne ISBN 219484-7)

Windows Version Suitable for Medical Applications

We do NOT yet recommend using either Windows Vista or Windows Vista Server. Neither are stable platforms for medical applications in our opinion. We will reassess Vista after SP1 becomes available in spring 2008, but until then we recommend using Windows XP Professional or Windows Small Business Server 2003, both with Service Pack 2 and the latest patches. Using any earlier version of Windows is NOT recommended either, as these versions are easy to penetrate and generally unstable. Also, workstations/computers using wireless LANs in your office create special additional security issues. Be sure to use 802.11i encryption with these networks, not WEP or even WPA encryption. Do not broadcast the SSID codes either. Set your router to allow only nodes with known hardward addresses onto your wireless network. We suggest 802.11g or 802.11A networks to assure the fastest possible network speeds.

Click to return to EHR Selector Home page (or simply close this page)