Security is an important part of an Internal Network that must be discussed with a HIPAA certified Network Administrator. It is your responsibility to ensure your network is secure. Due to the unique needs of each office, MacPractice support cannot assist with configuring a your office's network. This information is only a recommendation. Your local network technician will need this information to configure and secure the current Internal Network to function with MacPractice.
To configure your Internal Network to function with MacPractice, start by blocking access from the internet by enabling the router firewall. Block all traffic, then allow incoming traffic selectively to only services required by the office. For example, if an email server is used, open Port 25 for mail.
The following tables indicate the network services MacPractice may use. If you do not use a listed ability, the service will not need to be enabled.
All incoming services refer to TCP ports. Block all incoming services and enable access to only required services. HIPAA compliancy restricts sending patient data over the internet using unencrypted services.
|MySQL||No||3306||Blocked at firewall (use VPN for access)|
|MacPractice Message Server||No||1234||Blocked at firewall (use VPN for access)|
|Unencrypted Web Service||No||80||Open only if outside accesses required*|
|Encrypted Web Service||Yes||443||Open only if outside access is required*|
If the MacPractice iPhone/iPad interface or the MacPractice Patient Web interface is used from outside the office, enable access to web services on the firewall and forward these ports to the server's internal IP address.
Many Network Administrators will do nothing to block outgoing access. If outgoing access must be enabled, the following services may be enabled for MacPractice to function properly. Only the listed abilities used need to be enabled.
ftp.pscftpx.com (for Rev Spring)
|MacPractice Drop Box||548||Allow||public.macpractice.net|
For a better experience MacPractice suggests that a wireless access should not be used within your practice for accessing patient data. Ethernet can be more secure and may provide a more stable environment for a practice. If you do choose to use a wireless access point, it should be secured with WPA2 and a good, long password. Do not use WEP under any circumstances, as it is not secure.