Setting up a doctors office

We're an IT firm setting up an new doctors office. We've been lucky enough not to be asked to setup a doctors office. But as our office grows, so does our demand.

We have a doctors office that we will be setting up from scratch. New equipment, new computers (75), new everything. With HIPAA in mind, what are the basic requirements and supplies needed to consider for any network. (Servers, switches, routing, sonic walls, ect.) Any suggestions, tips will be welcomed.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ron MalmsteadInformation Services ManagerCommented:
One obvious item to me would be assessing the server room cooling requirements.
Another would be a DVR security system, w/remote viewing capability.
You may consider adding environment monitoring ..tempurature/humidity, with alerts.
What type of phone system are you going to deploy?  VOIP?  If so, will the phones be POE? (power over ethernet), If so, make sure your switches support this.

You're going to need network cable probably.. cable ends, etc.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
A doctors office network isn't anything super special in terms of hardware.  You'll need the same basics that you'd have on any network:  a firewall, switches, some servers, etc.  The office may also require wireless access.

In a doctors office, security is paramount.  Everything needs to be access controlled, with some kind of auditing enabled to know who's accessing what, when.  You'll need a robust backup system, which will also need to be access controlled.  There may be requirements for encryption as well.

You'll also need to figure out what core software the office is running.  For example, many medical offices run a UniVerse database on Linux or AIX.  You need to be prepared to setup the servers with these databases and software, as well as configure the client devices for access (e.g. Hyperterm).

You'll also want to investigate the idea of using thin-clients for access.  This may be more cost-effective for the office, and would allow them to use devices like tablets and still access all their software.  This is a common trend in the medical field today.

With things like HIPAA, I would strongly recommend not trying to figure it on your own.  The security and reporting setup necessary for HIPAA compliance is not trivial.  There are companies out there that specialize in IT HIPAA compliance, and I would recommend retaining one of those companies to both educate you on exactly what is required, and to perform a check of the systems after you have it set up.
James HIT DirectorCommented:
Depending on the type of practice, the requirements are different.

Most offices require high bandwidth connectivity, 1/10GB core and 1 GB CAT 6 on the LAN.  I would choose a manged switch (POE capable as most offices would eventually want wireless access and POE AP's would be easier to deploy.

Archival storage is another area that is big in those offices as they scan documents continually. I would go with either a virtual solution with shared storage or a high end server with plenty of capacity.

You can pick any firewall but just ensure the throughput can handle the amount of traffic they could potentially have.
Lee W, MVPTechnology and Business Process AdvisorCommented:
At the end of the day, I agree with nick2253 - get a compliance expert to review things with you AND the client. IT Companies that implement and especially technologies at Doctor's offices can be held in violation of HIPAA themselves and FINED HEAVILY if you fail to properly manage the network.  Unfortunately, HIPAA is not a set of definitions you can follow - it's "guidelines" as to what is "reasonable".  What's reasonable for a 2 person office is different for what's reasonable for a 50 person office which is different from what's reasonable for a Hospital... so what you do has to be reasonable in an effort to protect PHI and reasonable is open to interpretation.

One thing that can be considered reasonable is encryption - with BitLocker and TPM chips in business class systems, you should consider enabling Bitlocker on the server and the workstations ESPECIALLY any laptops to be a requirement.  It's a simple thing that can help protect in the event the hardware is stolen or someone breaks in at night.  You would also likely have to enforce screen savers that lock the machine after a few minutes - otherwise, someone steps away for a few minutes and now someone else could have access to other people's records.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.