I have a physicians office who want to be able to get their email via OWA. Their set up is (starting from the wild side)
Internet-DSL- Sonic Wall Appliance TZ170-Server (Win 2003,Exchange, Patient Data all on one server).
I am concerned about exposing the patient data by opening OWA since all of it is on one server. I have recommended they put an ISA server between the Sonic Wall and Server. The Administrator of the practice has asked other Doctors (the worst place to get security information) about what they are doing and of course the answers are all over the place. So I came to the experts to see what their opinion is. Can I get some ideas about this and I am too cautious? If there is a HIPAA patient data violation, I dont want fingers pointed at me as being too lax in my security.