Labs - Firewall Guidelines

Security is an important part of an Internal Network that must be discussed with a HIPAA certified Network Administrator. It is your responsibility to ensure your network is secure. Due to the unique needs of each office, MacPractice support cannot assist with configuring a your office's network. This information is only a recommendation. Your local network technician will need this information to configure and secure the current Internal Network to function with MacPractice.

To configure your Internal Network to function with MacPractice, start by blocking access from the internet by enabling the router firewall. Block all traffic, then allow incoming traffic selectively to only services required by the office. For example, if an email server is used, open Port 25 for mail.

The following tables indicate the network services MacPractice may use. If you do not use a listed ability, the service will not need to be enabled.

Firewall Incoming
All incoming services refer to TCP ports. Block all incoming services and enable access to only required services. HIPAA compliancy restricts sending patient data over the internet using unencrypted services.

Service Encrypted  Port  Firewall
MySQL No 3306 Blocked at firewall (use VPN for access)
MacPractice Message Server No 1234 Blocked at firewall (use VPN for access)
Unencrypted Web Service No 80 Open only if outside accesses required*
Encrypted Web Service Yes 443 Open only if outside access is required*

If the MacPractice iPhone/iPad interface or the MacPractice Patient Web interface is used from outside the office, enable access to web services on the firewall and forward these ports to the server's internal IP address.

Firewall Outgoing
Many Network Administrators will do nothing to block outgoing access. If outgoing access must be enabled, the following services may be enabled for MacPractice to function properly. Only the listed abilities used need to be enabled.

Service Port Firewall Destination Host
eClaims SFTP 22 Allow Any
eClaims PMSFT 1023 Allow Any
eStatement Transmission 22 Allow (for Rev Spring) (for DMA/Capario)

Sending Tickets 443 Allow

NEA FastAttach 443 Allow
MacPractice Drop Box 548 Allow
eStatement Transmission 20,21 Allow

For a better experience MacPractice suggests that a wireless access should not be used within your practice for accessing patient data. Ethernet can be more secure and may provide a more stable environment for a practice. If you do choose to use a wireless access point, it should be secured with WPA2 and a good, long password. Do not use WEP under any circumstances, as it is not secure.

Was this article helpful?
0 out of 0 found this helpful