Essential Hardware for HIPAA Compliance in 2015
HIPAA compliance is the name of the game for healthcare IT. That game is about to change after Windows Server 2003 reaches end of support (EoS) July 14, 2015. Practices that have a local electronic health records (EHR) installation on Windows Server 2003 will fail HIPAA compliance checks after that date. Here we will cover tools and resources available to address Windows Server 2003 EoS as it pertains to HIPAA compliance, and other networking and data storage tools to keep your practice’s EHR and EMR data secure.
Choose server hardware for Windows Server 2012 based on number of users
Since locally-hosted EHR and EMR software is server based, think of your server hardware as the brain and spinal cord of your IT system. Any IT tech will tell you that spinning up new server software onto new hardware will save time and support costs. Let the IT workload and the number of users who access your resources dictate the server hardware you choose.
2-10 Users
For smaller practices, a tower server should suffice to run EHR software. In terms of hardware, look for one with a CPU capable of 3.2 GHz speed and at least 4 GB of server RAM. There are several options to explore in the $500-$750 range.
Hardware: The Lenovo ThinkServer TS140 is an entry-level server that features strong computing specs for the cost. At the heart of it is a quad-core processor designed to accommodate day-to-day computing across a small network (15 or fewer) workstations. This range of tower servers offers two internal hard drives for redundant data backup purposes. Compare with the HP ProLiant Micro Tower, which comes with 8 GB RAM for faster performance; or the Dell PowerEdge T1100 which has similar specs and price point.
Software: Windows Server 2012 RT Essentials is probably the best option since it offers access for up to 25 users without requiring purchase of Client Access Licenses (CALs).
11-25 Users
Medium-sized practices will benefit from server hardware with more power and performance. Servers with these specs may come in a tower form factor, or a rack form factor.
Hardware: You are looking for a combination of performance and the ability to expand on the hardware. The HP ProLiant ML350p comes with 8 GB of RAM installed and fitted with storage controllers to attach secure storage arrays that accommodate growing data storage needs. Comparable models include the Lenovo ThinkServer 5U Tower Server, and the Dell PowerEdge T420.
Software: Consider Windows Server 2012 R2 Standard. Should your practice exceed 25 users, there is no simple upgrade path from Essentials to Standard. It is always best to plan for growth. You will need to purchase CALs for each user accessing the system.
25+ Users
Large scale practices should be equipped with top-of-line enterprise server hardware. These are usually found in rack form factors.
Hardware: High-power processors and expandable storage are the hallmarks to look for. The HP ProLiant DL360 (32 GB of RAM; 12-core CPU) is a model to consider; compare it with the Dell PoweEdge R720 2U.
Software: Windows Server 2012 R2 Standard is recommended.
Related content:
- Windows Server Migration Planning in 5 Steps
- Windows Server Migration: 5 Free Resources
- Servers: Build or Buy
Keep your network HIPAA compliant with a managed switch and a business-grade firewall
Network segmentation is a key factor in protecting your data and maintaining HIPAA compliance.
Make sure your networking hardware is designed for virtual local area network tagging (VLAN tagging). With VLAN tagging, you essentially quarantine off sets of machines in your network so they cannot communicate with each other. This type of network segregation limits the impact if one machine on your network is compromised, though all machines maintain an Internet connection to receive critical updates for Windows and antivirus programs.
A firewall / security appliance provides constant protection against malware attacks that expose your data to costly data breaches. The Dell SonicWALL TZ series offers small practices an affordable solution for safe collaboration across your network. If your practice extends to satellite locations, this is tool is essential for a creating secure virtual private network (VPN). If you utilize Wi-Fi for patients in the waiting room, the SonicWALL accommodates makes sure guest activity does not interfere with your protected network.
There are plenty of other options available. Compare the SonicWALL series with the WatchGuard Firebox T10, the ZyXEL XyWALL, and the Cisco ASA line, among others.
Related content: Cloud Managed Networking: Is Meraki Worth the Total Cost of Ownership?
A managed switch allows you to make use of VLAN tagging across all of the switch ports. Combined with a configured firewall, a managed switch can provide the appropriate network segregation and rules to make a network rock-solid secure. Check the product pages for scale (number of ports) and features that are appropriate for the size of your practice’s network.
The Cisco SG300 supports 10 network connections and is gear for small practices. It is a favorite among NeweggBusiness users as well. The Dell PowerConnect is a comparable model in terms of costs and features; the Netgear ProSafe line is competitive here as well.
Related content: Network Switch Cost to Performance Considerations
What hardware is your medical practice deploying or planning to deploy to maintain HIPAA compliance after Windows Server 2003 EOS?
