Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 624
  • Last Modified:

HIPAA and OWA

I have a physicians office who want to be able to get their email via OWA. Their set up is (starting from the wild side)

Internet-DSL- Sonic Wall Appliance TZ170-Server (Win 2003,Exchange, Patient Data all on one server).

I am concerned about exposing the patient data by opening OWA since all of it is on one server. I have recommended they put an ISA server between the Sonic Wall and Server. The Administrator of the practice has asked other Doctors (the worst place to get security information) about what they are doing and of course the answers are all over the place. So I came to the experts to see what their opinion is. Can I get some ideas about this and I am too cautious? If there is a HIPAA patient data violation, I dont want fingers pointed at me as being too lax in my security.
0
signaltracker
Asked:
signaltracker
  • 3
  • 2
1 Solution
 
Kevin HaysIT AnalystCommented:
Well first I would probably do something to the effect.

-exchange server on your lan
-non member server in a dmz that relays mail to the exchange
- get spam and anti virus such as GFI products for the dmz machine.
- Use SSL for OWA so it's got some encryption there.  I would buy a ssl cert from rapidSSL or you could create your own if you wish.

I would for sure use SSL with OWA for starters though.

kshays
0
 
signaltrackerAuthor Commented:
Sounds good, I may try it. Thanks for your expertise in this. This is an SBS machine (I should have listed that) so I was thinking of the upgrade to get the ISA 2004 server and use it with the Sonic Wall as a firewall. I am trying to do this with a small budget. I just sold them a new file server and a fax server. They will run me out of town if they think I am trying to sell them more equipment....lol   I was hoping to get a few more opinions.

Thanks.

Joe
0
 
Kevin HaysIT AnalystCommented:
Ahhh, yeah a lot of people actually use SBS.  I'm running all windows 2000 2003 enterprise machines here though.

Anytime, yeah I know where you are coming from about the selling them on new servers, *wheh*

That would probably be the cheapest route, but i'm sure others will have other suggestions probably though.  Can't never hurt to get more opinions for sure :)

regards,

kshays
0
 
signaltrackerAuthor Commented:
Thanks for all the info though, it would be helpful in a different configuration that I have with other customers so it is good advice.

Joe
0
 
Kevin HaysIT AnalystCommented:
You're welcome.  

Thanks for the points btw.

Good luck,

kshays :)
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now