Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 141
  • Last Modified:

What server operating system should I use on EMR server?

Hello Experts,

I am setting up a new EMR server for the company I work at and I want to know what a good operating system would be to use on it.  Would Linux be better since it is going to be hosting medical records?  The EMR software they are using now is "vision" and it is web based.  I believe they are going to be using the server to backup information and to use it as a network gateway.  Any reccommendations would be greatly appreciated.  Thanks.
0
Brent Johnson
Asked:
Brent Johnson
  • 3
  • 2
1 Solution
 
klodefactorCommented:
Particularly in the medical industry with all of its regulations, the choice of OS should be driven by the vendor.  If they support e.g. RedHat Enterprise Linux 6 and MS Windows Server 2008 R2, those are your two choices.  Otherwise your system can be deemed non-compliant.

From that point your OS decision is based on the skill sets available to manage the server, any site-specific policies, business requirements, or security requirements.

I also don't think you should use an EMR system for anything except EMR.  Again, medical records are supposed to be protected fairly well, so it's easiest to demonstrate e.g. HIPAA compliance if the records are on a single-purpose system.

--klodefactor
0
 
nociSoftware EngineerCommented:
You probably also need to pay attention to hardening the system, moving it into a secure place and restrict the methods & places where it can be reached from.

f.e. anly access using 2 factor authentication, from outside an office only using encrypted tunnels from presetup laptops etc. (No unencrypted local data on the laptop though).
0
 
klodefactorCommented:
Noci: a higher level of security is always nice, but for medical data it might be overkill to go to the lengths you describe.  Access via HTTPS generally suffices; no need to mess around with user VPN connections.  Two-factor authentication is nice but may not be required.

johnsonbrentw: My best advice is that you not take our word for specific implementation guidelines, because non-compliance can have severe repercussions for your company and possibly for you personally.  Review your organization's policies for managing patient data; create them if they don't yet exist.

Work closely with your business leaders and consult your software vendor, rather than creating policies and implementing systems on your own.

If you're in the US, start with an unofficial introduction (http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act), then continue with the U.S. Department of Health & Human Services WWW site http://www.hhs.gov/ocr/privacy/.  Canada and the EU have similar requirements.

--klodefactor
0
 
nociSoftware EngineerCommented:
Depends how well the application is built I guess.
There's a lot of breaking in using sql-injection based attacks through web interfaces. to guard against it you need at least a very well written application, but extra shielding can help.
And VPN tunnels don't need to that big a burden. IPSEC has means to have additional authentication through radius f.e. ==> it's not that hard to use smartcard based access control.

You are talking about (very?) personal data of real people here... no need to get sloppy.
0
 
klodefactorCommented:
Sloppiness isn't the issue.

Of course one would wish to build the most secure system one can, given the available time/money.  However, not all businesses will spend significantly more time or money than required by the due diligence "bar" for their industry and regulatory environment.

The key point is that tech people should never make such decisions on their own, *especially* where government regulations exist.  Yes, tech people should design, recommend, advocate, and defend strong technical solutions.  But business decisions should be made by the business, regardless of the industry.

--klodefactor
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now