Setting up a doctors office

Posted on 2014-08-21
Last Modified: 2014-10-08
We're an IT firm setting up an new doctors office. We've been lucky enough not to be asked to setup a doctors office. But as our office grows, so does our demand.

We have a doctors office that we will be setting up from scratch. New equipment, new computers (75), new everything. With HIPAA in mind, what are the basic requirements and supplies needed to consider for any network. (Servers, switches, routing, sonic walls, ect.) Any suggestions, tips will be welcomed.
Question by:itneedshelp
    LVL 25

    Accepted Solution

    One obvious item to me would be assessing the server room cooling requirements.
    Another would be a DVR security system, w/remote viewing capability.
    You may consider adding environment monitoring ..tempurature/humidity, with alerts.
    What type of phone system are you going to deploy?  VOIP?  If so, will the phones be POE? (power over ethernet), If so, make sure your switches support this.

    You're going to need network cable probably.. cable ends, etc.
    LVL 9

    Expert Comment

    A doctors office network isn't anything super special in terms of hardware.  You'll need the same basics that you'd have on any network:  a firewall, switches, some servers, etc.  The office may also require wireless access.

    In a doctors office, security is paramount.  Everything needs to be access controlled, with some kind of auditing enabled to know who's accessing what, when.  You'll need a robust backup system, which will also need to be access controlled.  There may be requirements for encryption as well.

    You'll also need to figure out what core software the office is running.  For example, many medical offices run a UniVerse database on Linux or AIX.  You need to be prepared to setup the servers with these databases and software, as well as configure the client devices for access (e.g. Hyperterm).

    You'll also want to investigate the idea of using thin-clients for access.  This may be more cost-effective for the office, and would allow them to use devices like tablets and still access all their software.  This is a common trend in the medical field today.

    With things like HIPAA, I would strongly recommend not trying to figure it on your own.  The security and reporting setup necessary for HIPAA compliance is not trivial.  There are companies out there that specialize in IT HIPAA compliance, and I would recommend retaining one of those companies to both educate you on exactly what is required, and to perform a check of the systems after you have it set up.
    LVL 17

    Expert Comment

    Depending on the type of practice, the requirements are different.

    Most offices require high bandwidth connectivity, 1/10GB core and 1 GB CAT 6 on the LAN.  I would choose a manged switch (POE capable as most offices would eventually want wireless access and POE AP's would be easier to deploy.

    Archival storage is another area that is big in those offices as they scan documents continually. I would go with either a virtual solution with shared storage or a high end server with plenty of capacity.

    You can pick any firewall but just ensure the throughput can handle the amount of traffic they could potentially have.
    LVL 95

    Expert Comment

    by:Lee W, MVP
    At the end of the day, I agree with nick2253 - get a compliance expert to review things with you AND the client. IT Companies that implement and especially technologies at Doctor's offices can be held in violation of HIPAA themselves and FINED HEAVILY if you fail to properly manage the network.  Unfortunately, HIPAA is not a set of definitions you can follow - it's "guidelines" as to what is "reasonable".  What's reasonable for a 2 person office is different for what's reasonable for a 50 person office which is different from what's reasonable for a Hospital... so what you do has to be reasonable in an effort to protect PHI and reasonable is open to interpretation.

    One thing that can be considered reasonable is encryption - with BitLocker and TPM chips in business class systems, you should consider enabling Bitlocker on the server and the workstations ESPECIALLY any laptops to be a requirement.  It's a simple thing that can help protect in the event the hardware is stolen or someone breaks in at night.  You would also likely have to enforce screen savers that lock the machine after a few minutes - otherwise, someone steps away for a few minutes and now someone else could have access to other people's records.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
    In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now