Setting up a doctors office

Posted on 2014-08-21
Medium Priority
Last Modified: 2014-10-08
We're an IT firm setting up an new doctors office. We've been lucky enough not to be asked to setup a doctors office. But as our office grows, so does our demand.

We have a doctors office that we will be setting up from scratch. New equipment, new computers (75), new everything. With HIPAA in mind, what are the basic requirements and supplies needed to consider for any network. (Servers, switches, routing, sonic walls, ect.) Any suggestions, tips will be welcomed.
Question by:itneedshelp
LVL 25

Accepted Solution

Ron Malmstead earned 2000 total points
ID: 40276435
One obvious item to me would be assessing the server room cooling requirements.
Another would be a DVR security system, w/remote viewing capability.
You may consider adding environment monitoring ..tempurature/humidity, with alerts.
What type of phone system are you going to deploy?  VOIP?  If so, will the phones be POE? (power over ethernet), If so, make sure your switches support this.

You're going to need network cable probably.. cable ends, etc.

Expert Comment

ID: 40276447
A doctors office network isn't anything super special in terms of hardware.  You'll need the same basics that you'd have on any network:  a firewall, switches, some servers, etc.  The office may also require wireless access.

In a doctors office, security is paramount.  Everything needs to be access controlled, with some kind of auditing enabled to know who's accessing what, when.  You'll need a robust backup system, which will also need to be access controlled.  There may be requirements for encryption as well.

You'll also need to figure out what core software the office is running.  For example, many medical offices run a UniVerse database on Linux or AIX.  You need to be prepared to setup the servers with these databases and software, as well as configure the client devices for access (e.g. Hyperterm).

You'll also want to investigate the idea of using thin-clients for access.  This may be more cost-effective for the office, and would allow them to use devices like tablets and still access all their software.  This is a common trend in the medical field today.

With things like HIPAA, I would strongly recommend not trying to figure it on your own.  The security and reporting setup necessary for HIPAA compliance is not trivial.  There are companies out there that specialize in IT HIPAA compliance, and I would recommend retaining one of those companies to both educate you on exactly what is required, and to perform a check of the systems after you have it set up.
LVL 17

Expert Comment

by:James H
ID: 40276514
Depending on the type of practice, the requirements are different.

Most offices require high bandwidth connectivity, 1/10GB core and 1 GB CAT 6 on the LAN.  I would choose a manged switch (POE capable as most offices would eventually want wireless access and POE AP's would be easier to deploy.

Archival storage is another area that is big in those offices as they scan documents continually. I would go with either a virtual solution with shared storage or a high end server with plenty of capacity.

You can pick any firewall but just ensure the throughput can handle the amount of traffic they could potentially have.
LVL 97

Expert Comment

by:Lee W, MVP
ID: 40276845
At the end of the day, I agree with nick2253 - get a compliance expert to review things with you AND the client. IT Companies that implement and especially technologies at Doctor's offices can be held in violation of HIPAA themselves and FINED HEAVILY if you fail to properly manage the network.  Unfortunately, HIPAA is not a set of definitions you can follow - it's "guidelines" as to what is "reasonable".  What's reasonable for a 2 person office is different for what's reasonable for a 50 person office which is different from what's reasonable for a Hospital... so what you do has to be reasonable in an effort to protect PHI and reasonable is open to interpretation.

One thing that can be considered reasonable is encryption - with BitLocker and TPM chips in business class systems, you should consider enabling Bitlocker on the server and the workstations ESPECIALLY any laptops to be a requirement.  It's a simple thing that can help protect in the event the hardware is stolen or someone breaks in at night.  You would also likely have to enforce screen savers that lock the machine after a few minutes - otherwise, someone steps away for a few minutes and now someone else could have access to other people's records.

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Suggested Courses

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question