Networking - Firewall

Security is an important part of an Internal Network that must be discussed with a HIPAA certified Network Administrator. It is your responsibility to ensure your network is secure. Due to the unique needs of each office, MacPractice support cannot assist with configuring your office's network. This information is only a recommendation. Your network technician will need this information to configure and secure the current Internal Network to function with MacPractice.

To configure your Internal Network to function with MacPractice, start by blocking access from the internet by enabling the router firewall. Block all traffic, then allow incoming traffic selectively to only services required by the office. For example, if an email server is used, open Port 25 for mail.

The following tables indicate the network services MacPractice may use. If you do not use a listed ability, the service will not need to be enabled.

Firewall Incoming
All incoming services refer to TCP ports. Block all incoming services and enable access to only required services. HIPAA compliancy restricts sending patient data over the internet using unencrypted services.

Service Encrypted Port Firewall
MySQL No 3306 Blocked at firewall (use VPN for access)
MacPractice Message Server No 1234 Blocked at firewall (use VPN for access)
Unencrypted Web Service No 80 Open only if outside access is required*
Encrypted Web Service Yes 443

Open only if outside access is required*

Server Management App No 26700

Blocked at firewall (use VPN for access)

MPXServer No 41853

Port 41853 needs to be only used for the MPXServer process, otherwise issues can occur in several areas of MacPractice

If the MacPractice iPhone/iPad interface or the MacPractice Patient Web interface is used from outside the office,enable access to web services on the firewall and forward these ports to the server's internal IP address.

Firewall Outgoing
Many Network Administrators will do nothing to block outgoing access. If outgoing access must be enabled, the following services may be enabled for MacPractice to function properly. Only the listed abilities used need to be enabled.

Service Port Firewall Destination Host
eClaims SFTP 22 Allow Any
eClaims PMSFT 1023 Allow Any
eStatement Transmission 22 Allow (for RevSpring) (for DMA/Capario)
Sending Tickets 443 Allow
NEA FastAttach 443 Allow
MacPractice Drop Box 548 Allow
eStatement Transmission 20,21 Allow

In general, wireless access should not be used within your practice for accessing patient data and using MacPractice. Ethernet is more secure and a better choice for a practice. If you do choose to use a wireless access point, it should be secured with WPA2 and a good, long password. Do not use WEP under any circumstances, as it is not secure.

Was this article helpful?
0 out of 0 found this helpful