PHYSICIAN
OFFICE IT
SECURITY
GUIDE
2015
The CMPA supports the advice
and recommendations contained
in this guide and encourages their
consideration by BC’s physicians.
Disclaimer: Best practices for IT security depend on the sensitivity of the data and the
individual situation, and change regularly with changes in technology. The individual
physician must determine the degree to which each best practice applies to their particular
situation. This document is provided for use by physicians as a general guide. It is
strongly recommended that you retain a knowledgeable and qualified IT professional
to assess and maintain your network on a regular basis. In using this guide, you agree
that Doctors of BC accepts no liability whatsoever for any IT or security problems you may
experience or for any claims, demands, losses, damages, costs and expenses made against
or incurred, suffered or sustained by you as a result of those problems, nor any costs you
may incur in resolving any gaps or issues in your IT infrastructure.
2
Physician Office IT Security Guide 2015
Following is a list of IT security practices relevant to medical clinics. This list may not be
complete, but highlights previously observed gaps and issues. It is recommended that
physicians use this list as a checklist to generally assess their IT infrastructure. Each topic
is described in more detail in the reference section, with suggestions on ways to address
gaps related to that topic.
•
Device Security (includes in-office and remote access devices)
m All confidential patient information on any computer or portable device is encrypted
m Operating systems and all plug-in software (e.g. Java, Flash and other plug-
ins) are up to date – preferably using automatic updates
m Computers and portable devices automatically lock out after a pre-defined period of inactivity (e.g. five minutes)
m All computer equipment is appropriately disposed of
m Anti-virus detection programs are up to date – with automatic updates
m Computer devices (e.g. printers, monitors) are physically located to minimize unauthorized access and viewing
m Personal firewall technology is employed with high security settings
m
Website cookie installation is restricted to trusted sites
m
Auto-complete password storage for website access is disabled
•
Local Network Security
m
m
m
m
m
m
•
Network ports (wall sockets) in public areas (e.g. waiting rooms) are disabled
Wireless networks are hardened according to industry best practices
Wi-Fi access to clinical local network is not granted to patients and others
Networking equipment is located in a secure area (e.g. locked wiring closet)
Private Physician Network (PPN) is not interconnected to any commercial Internet services without appropriate security measures
PPN service is cancelled prior to moving
Local Server Security
m
m
m
m
Servers are hardened according to industry best practices
Server equipment is located in a secure area (e.g. locked wiring closet)
All requirements under Device Security are also applied to local servers
All server back-ups are transferred and stored securely with both physical security and encryption
3
•
User Account Management
m
m
m
m
m
•
Acceptable Use
m
m
m
m
m
Usernames and passwords are not shared between users
Passwords are required and robust (upper/lowercase characters, length, etc.)
Inactive user accounts are disabled immediately
User access is controlled by appropriate roles-based access profiles
One or more employees is assigned to manage user accounts
Users do not record passwords insecurely (e.g. sticky notes, notebooks)
Users do not download or install files/programs from unknown or suspicious sources into the network
Users do not e-mail or otherwise transfer confidential patient information over unsecure networks, such as the Internet, unless the information is encrypted
Users do not visit untrusted or potentially unsafe websites
Users do not open unknown email attachments
•Audit
m
m
m
Audit trail is turned on
Random audits are conducted regularly
Access to VIP records are audited
•Personnel
m
Physicians and staff attend regular privacy and security training (e.g. annual)
m
Confidentiality agreements are in place with staff and contractors
m
A Privacy Officer is appointed as required by PIPA
m
Appropriate written policies and procedures are in place (PIPA sections (5a) and (5b))
•
Remote Access
m
m
Any devices or network used for remote access meets the requirements above for Device Security and Local Network Security
Remote access uses a secure connectivity solution (e.g. VPN, SSL) that offers high grade encryption
4
Physician Office IT Security Guide 2015
REFERENCE SECTION
Note: Many of these recommendations require the skills of a knowledgeable and qualified
professional IT support person. It is strongly recommended to retain a qualified local IT
professional with solid experience in security who can become familiar with your clinic and
infrastructure.
DEVICE SECURITY (includes in-office and remote access devices)
All confidential patient information on any computer or portable device is encrypted
Any confidential patient information stored on computers (desktops and laptops), mobile
devices (e.g. laptops, smartphones and iPods), and removable media (e.g. USB drives)
should be password protected and encrypted. When confidential patient information is
stored on these devices without encryption there is risk that these devices could be stolen
or lost, and the data on these devices could be accessed by unauthorized users. There are
a couple of different approaches to secure these devices. One approach is to purchase
devices such as desktops or laptops with built-in hard drive encryption or utilizing the
built-in encryption software found in various operating systems (e.g. Microsoft’s Windows
7 Ultimate version BitLocker). This encryption software can also be used to encrypt a USB
drive. If this is unavailable, users may purchase commercially available software, such as
Folder Locker. The second approach is to purchase a USB drive with built-in encryption
software.
Operating systems and all plug-in software (e.g. Java, Flash and other plug-ins) are up
to date – preferably using automatic updates
Computer software manufacturers routinely provide security updates for their operating
system and Internet browser plug-ins to ensure that security risks to their software are
minimized. The end user can customize their operating system and Internet browser to
receive these security updates automatically or manually. It is recommended to set up the
computers to automatically install these updates so that important security updates are
not missed, and to conduct the updates outside of normal business hours as they can take
time to install and would impact system performance until the installation is complete. It
is also recommended to leave your computer devices powered on and logged off at night
so the updates can be automatically installed (scheduled updates will not happen if the
computer is in hibernation mode).
Computers and portable devices automatically lock out after a pre-defined period of
inactivity (e.g. five minutes)
When clinical staff members leave a computer or mobile device inactive for an extended
period, the computer or mobile device automatically locks the device from unauthorized
users accessing or viewing confidential patient information. Lock-outs can be enabled
through either the EMR application or the operating system. Lock-out at the EMR level
5
is very good for EMR security; however, it still leaves the workstation open to access.
Lock-out at the operating system level ensures the entire workstation is locked from
unauthorized access, including access to the EMR application, non-EMR applications,
documents and data. Lock-out using the operating system does have limitations as this
feature can be easily turned off by any user; therefore, it is ideal to have both the EMR
application and the operating system lock-out feature enabled. It is important to instruct
end users not to alter these settings. The operating system’s lock-out feature can be
configured by the end user, while enabling the EMR application lock-out typically requires
the EMR vendor.
All computer equipment is appropriately disposed of
As computer equipment is replaced in the clinic (e.g. workstation, mobile devices, etc.), it
is important to ensure old equipment does not contain confidential patient information.
Conventional deletion techniques (e.g. using the delete key or formatting the drive) do
not remove the data in its entirety from the equipment as this data can still be recovered
by unauthorized users. It is important to use specialized computer software (e.g. Eraser,
HDDErase, DBAN) to remove the data securely from the device before disposal. Another
method to ensure the data cannot be access by unauthorized users after disposal is
physical deformation of the storage platters (the physical media where data is stored)
inside the hard drive through the use of tools, such as a hammer, to cause significant
physical damage to the media.
Anti-virus detection programs are up to date – with automatic updates
Anti-virus software is a computer program that detects, prevents, and takes action
to disarm or remove viruses. Computer viruses are programs that are deliberately
designed to interfere with computer operation. They can corrupt, delete data, and spread
themselves to other computers throughout the clinic or Internet. You can protect your
computer against viruses by using antivirus software. To protect your computer against
the most current viruses, you should update your anti-virus software regularly using its
automatic update feature. Some anti-virus programs are configured by default to be
manually updated, leaving the responsibility of the user to perform this task. This option
increases the risk of obtaining a virus as this task can be easily missed. The end user can
configure the antivirus software to automatically update by launching the application
and selecting the “Update” menu. While the anti-virus software gives the user the option
to run the updates daily, weekly or monthly, it is recommended to run the updates daily
after normal business hours to ensure it does not interfere with the performance of other
applications on the device (e.g. EMR application).
Malware, also known as malicious software, includes computer viruses. Malware, in
addition to viruses, includes programs such as keylogger, Trojan horses, worms, etc.
Malware is less interested in attacking your computer, but more interested in stealing
stored data, which can include personal information, user names and passwords. Malware
has the ability to spread or infect other computers on a network. As this poses a larger
security threat, it is recommended that users use malware detection software.
6
Physician Office IT Security Guide 2015
Computer devices (e.g. printers, monitors) are physically located to minimize
unauthorized access and viewing
Computer screens in patient areas (such as the reception desk) should be positioned
so that they cannot be easily viewed by unauthorized users. If this cannot be avoided,
consider purchasing privacy screens for the monitors. Printers should not be installed in
public areas where unauthorized users can easily access the printouts.
Personal firewall technology is employed with high security settings
To prevent unauthorized remote access to desktops and laptops, and to increase the
security of these devices, it is recommended to install and/or enable personal desktop
firewall technology on all computers within the clinic. This software is typically part of the
operating system but is turned off by default or set with a lower security threshold. By
configuring this software to a higher security setting, it provides another layer of security
protection against unauthorized access. Some operating systems (e.g. Windows 7) provide
built-in firewall protection that allows the end user to customize to its highest security
settings, or the clinic can purchase commercially available personal firewall software (e.g.
Webroot, ZoneAlarm, Agnitum Outpost Pro Firewall) and configure to its highest security
settings.
Website cookie installation is restricted to trusted sites
Website cookies can be altered by malicious users or software since they are stored on
the local computer drive. Cookies can also be used to steal sensitive personal information
of another user, which can lead to fraudulent acts such as identity theft. They can also be
used for tracking the web browsing history of a user. This data can be sold to advertising
agencies, which in turn results in junk emails and advertisements. To enhance security and
protection from potential fraudulent acts, cookies should only be allowed for trusted sites.
The cookies configuration options are typically found in the Internet browser’s option
menu.
Auto-complete password storage for website access is disabled
When accessing a website that requires username and password authentication, some
Internet browsers (e.g. Internet Explorer, Firefox, Chrome, etc.) offer the option to
automatically store and pre-populate the username and password for the user. These
Internet browsers store the username and password on the local computer to be retrieved
whenever the website is accessed. This feature is called “auto complete password
storage.” The risk with enabling auto complete password storage is the credentials
grant anyone using that computer full access to those websites requiring personal login
information. It defeats the purpose of having usernames and passwords if they are already
automatically entered by the computer, especially if a user has the same login credentials
across numerous applications. If the end user uses the same username and password to
log on to the EMR application and to log on to a workstation, these same credentials can
be compromised by an unauthorized user using the same workstation. This dangerous
7
practice could potentially allow unauthorized users to access confidential patient
information and extract and retain the details electronically. It is recommended to disable
auto complete password storage within the Internet browser application. The end user can
disable the auto complete password storage functionality under the options menu within
the Internet browser.
LOCAL NETWORK SECURITY
Network ports (wall sockets) in public areas (e.g. waiting rooms) are disabled
There are situations where a clinic has local network plugs (wall sockets) installed in public
areas that are still connected to the local network, but with no devices connected to the
plug. This situation creates a potential security risk as unauthorized users could connect
their laptop to this network plug and gain access to the clinic’s local network and possibly
view confidential patient information. The clinic should ensure that all plugs with no
devices connected to them, especially in public areas, are not active by verifying that the
other end of the cable at the wiring closet is not connected to the local network (switch).
Wireless networks are hardened according to industry best practices
When wireless network solutions are purchased, their default security settings are not
configured to industry best practices. If the clinic installs this network solution with default
settings there is the potential for unauthorized users to connect to the wireless network
to gain access to the clinic’s local network and possibly obtain confidential patient
information. Unfortunately, some individuals use advanced tools and software to locate
unsecured wireless networks. Once detected, they will connect to the unsecured wireless
network to gain access to confidential information. Clinics should ensure their wireless
solutions are not installed with the default setting, but, instead, are following industry best
practices. The following examples are current industry best practices for wireless solutions.
Please note this list is based on time of publication and therefore subject to change due to
updates to technology:
•
Physically secure wireless access points;
•
Wi-Fi Protected Access II (WPA2) Enterprise;
o
Authentication: EAP-TLS;
o
Encryption: AES-CCMP (128-bit minimum);
•
Wi-Fi Protected Access II (WPA2) Personal;
o
Authentication pre-shared keys (PSK) with a minimum 13-character random passphrase;
o
PSK should be secured and changed on a regular basis;
o
PSK should be changed whenever an employee/contractor who had access to the network leaves the organization; and
o
Encryption: AES-CCMP (128-bit minimum).
It is important the clinic hires a qualified IT support vendor with extensive knowledge and
experience installing and supporting wireless solutions.
8
Physician Office IT Security Guide 2015
Wi-Fi access to clinical local network is not granted to patients and others
Due to security and privacy risks (e.g. users accessing confidential patient information) the
clinic should not provide patients and others with Wi-Fi access to the network the clinic
uses for clinical purposes. If the clinic wants to provide patients and others access to a
Wi-Fi network, the clinic should set up a separate Wi-Fi network which is not connected to
the clinic’s primary local network.
Networking equipment is located in a secure area (e.g. locked wiring closet)
It is important for the clinic to install all network equipment (e.g. TELUS’ PPN equipment,
clinic’s switches) in a secure and locked area, preferably in a dedicated wiring closet. Only
the clinic and authorized support vendors should have access to this secure area. If the
networking equipment is not in a secure and locked area, unauthorized users can plug a
laptop into the clinic’s local network and potentially gain access to confidential patient
information.
Private Physician Network (PPN) is not interconnected to any commercial Internet
services without appropriate security measures
There are situations where the clinic may require a second or third Internet connection
in addition to their PPN service to access other services the PPN cannot provide (e.g.
high speed Internet to view PACS images). In this situation, the clinic should ensure these
services are not connected with each other without the appropriate security measures.
When two or more such networks are connected together, hardened security measures
are required to ensure information exchange only occurs between the proper networks.
In other words, EMR information destined to the EMR vendor does not traverse the
Internet portion of the network and vice versa, keeping EMR traffic and Internet traffic
flow separate. The security design requires a highly skilled professional, as well as approval
from Health Shared Services BC (HSSBC) vis-à-vis the PPN.
PPN service is cancelled prior to moving
If a clinic is moving or closing, it is important for the clinic to contact HSSBC and their
EMR vendor to inform them they are cancelling their PPN service. If the clinic does not
inform HSSBC and their EMR vendor, the PPN equipment will remain at the old location
and the next tenant could use this service and gain unauthorized access to confidential
patient information. It is important for the clinic to inform both parties at least one month
prior to moving or closing so that the appropriate steps can be taken to remove the
equipment.
9
LOCAL SERVER SECURITY
Servers are hardened according to industry best practices
If the clinic is planning to install a local server in their clinic that will store confidential
patient information, these servers need to be configured to increase their level of security
(i.e. hardening). Depending on the server’s functionality (e.g. delivering EMR application
services, storing identifiable confidential patient information in documents, databases
or spreadsheets), the server should be hardened according to the services provided. If
an unauthorized user gains access to this server, it is important that they cannot gain
access to confidential patient information stored on the server. The IT industry publishes
recommendations on how to harden your servers based on the services the server is
providing. It is important that the clinic follows these guidelines set by the vendors of their
chosen server software company (e.g. Microsoft, VMware).
Server equipment is located in a secure area (e.g. locked wiring closet)
It is important for the clinic to install all server equipment in a physically secure and locked
area, preferably in a dedicated wiring closet with the networking equipment. Only the
clinic and authorized support vendors should have access to this secure area. If the server
equipment is not in a secure and locked area, unauthorized users can gain physical access
to the clinic’s server and potentially access confidential patient information.
All server back-ups are transferred and stored securely with both physical security and
encryption
If the clinic stores confidential patient information on a local server (i.e. server located
inside the clinic), all server back-ups should be stored off-site in a secure location,
preferably managed by a qualified business that specializes in this type of service. Clinics
should back up their server daily to ensure they have the most up to date backup in the
event their server hardware fails, and the backup should be tested regularly (i.e. a full
recovery from backup performed). To increase privacy and security of confidential patient
information, all back-up medium, such as a USB or tape drives, should be encrypted
and password protected. It is important to keep the back-up tapes away from magnetic
sources to avoid erasure.
Note: In addition, all requirements under “Device Security” apply to local servers
USER ACCOUNT MANAGEMENT
Usernames and passwords are not shared between users
Sharing usernames and passwords between users is a security and privacy risk. Unique
usernames are assigned to allow users to have a role-based profile (i.e. the level of access
provided for each user matches the user’s need to know and provides the least privilege
necessary based on the user’s job function.). When usernames are shared between users,
the person using the shared username immediately has access to the other person’s role
profile that was assigned specifically to that username. This process also circumvents the
auditing process built into the EMR application as it makes it difficult to pinpoint who
accessed information they were not allowed to view. This situation puts the person the
10
Physician Office IT Security Guide 2015
username and password was originally assigned to at risk as they could be liable for the
actions of the person using their username and password.
Passwords are required and robust (upper/lowercase characters, length, etc.)
In order to increase the security of confidential patient data, it is important for users to
have a robust password to prevent unauthorized users from easily guessing it or using
automated password cracking software to decode the password. The more complex the
password is, the harder it is to decrypt. Users should use a combination of upper and
lowercase characters, along with numeric characters and special characters (e.g. $%_ ^).
The password should be a minimum of eight characters in length and it should be changed
regularly.
Inactive user accounts are disabled immediately
When an account becomes inactive (e.g. employee leaves the clinic), it is important that
the account is disabled immediately by the physician or the assigned Security Officer
(or their delegate) to ensure unauthorized users cannot access the EMR and view
confidential patient information. Workstation logon accounts can be disabled using the
operating system’s administrator tools and the EMR logon accounts can be disabled by
the EMR application’s built-in administrator tools. If in any doubt, contact the EMR vendor
helpdesk.
User access is controlled by appropriate roles-based access profiles
To enhance the level of security and privacy and protect confidential patient information,
it is important to assign role-based profiles for each user requiring access to the EMR
application. Role-based profiles allow the administrator to control what the end user can
view and access – for example, a billing clerk does not typically need access to full patient
medical charts. The roles are created using the administrator tools built into the EMR
application.
One or more individuals is assigned to manage user accounts
It is important to designate one or more individuals (e.g. physician, Security Officer, MOA)
to manage and govern the privacy and security of user accounts. This role ensures that:
all inactive accounts are disabled in a timely manner; all users are assigned a unique
username; all passwords are secure and robust; and role-based access profiles are properly
configured.
ACCEPTABLE USE
Users do not record passwords insecurely (e.g. sticky notes, notebooks)
To help remember passwords, some users write down their passwords on sticky note
pads and/or in a paper notebook. This type of practice is a serious risk to the security of
11
confidential patient information as unauthorized users could find the password and log
into the EMR application to view patients’ records. The clinic privacy and security policy
and the clinic’s Security Officer should discourage this type of behaviour.
Users do not download or install files/programs from unknown or suspicious sources
into the network
There are websites on the Internet designed with the purpose of luring users into
downloading and installing malicious software onto the user’s computer. Such malicious
software can capture the usernames and passwords and install viruses on the computer..
This software then allows unauthorized users to access the computer devices secretly
and remotely gain access to confidential patient information. The clinic’s Security
Officer should discourage users from accessing questionable websites and downloading
and installing files or programs from unknown or suspicious sources. The computer’s
operating system should be configured to prevent the downloading and installation of
software by end users.
Users do not e-mail or otherwise transfer confidential patient information over insecure
networks, such as the Internet, unless the information is encrypted
Email is not a secure method of transferring confidential patient information. If email
is the only method to send confidential patient information, there are applications that
can encrypt the email message with a combination of public and private passwords,
better known as public/private certificates, or keys. The public key is shared with the
email recipient and must be used in order to view the email message. OpenPGP.js +
Mailvelope or GPG4win are recognized email encryption solutions the clinic can consider
for encrypted emails.
In the private medical practice setting B.C., governed by PIPA, if a patient has provided
appropriately informed consent acknowledging the risks, a physician can choose to
communicate with the patient via email without the protections of encryption, but should
carefully consider the appropriateness and risks in each case prior to doing so.
Users do not visit untrusted or potentially unsafe websites
Similar to the guidelines under “Users must not download or install files/programs from
unknown or suspicious sources into the network”, it is crucial that end users do not
visit untrusted or potentially unsafe websites. There are numerous websites containing
malicious software to be downloaded by unsuspecting end users.
Users do not open unknown email attachments
Email attachments, especially from unknown sources, can contain malware which, when
opened or downloaded, causes malicious software to be installed on the unsuspecting
user’s computer device. This creates the potential for unauthorized users to access
confidential patient information or install viruses on the user’s computer device. Users
should take the time to familiarize themselves with understanding e-mail scams, fraud, and
phishing. To learn more about e-mail scams or frauds, or to report one, visit
http://www.rcmp-grc.gc.ca and type “e-mail scams and frauds” in the search bar.
12
Physician Office IT Security Guide 2015
AUDIT
Audit trail is turned on
EMR applications have user-level access auditing features built in; however, this feature
may not be turned on or if it is turned on the clinic may not be actively reviewing the
audit log. The clinic should contact their EMR vendor to ensure this feature is turned on
and verify by reviewing the audit log. At minimum, the audit log captures which users
have logged onto to the EMR solution, the patient records they have reviewed and/or
printed, and which files have be modified or deleted. The auditing feature within the EMR
application should be turned on and actively reviewed by the clinic’s Security Officer
or delegate to ensure the privacy and security of confidential patient information. The
workstation also has an auditing feature to monitor printing and file access on the user’s
computer device which can also be enabled.
Random audits are conducted regularly
To maintain the privacy and security of confidential patient information, the Security
Officer and/or delegate should conduct random audits of the EMR application audit
logs to ensure that users are not accessing confidential patient information or printing
and deleting files not pertaining to their role (e.g. accessing the information of family
members, other clinic staff/physicians, friends, neighbours, or random individuals).
Access to VIP records are audited
When clinics have VIP patients (e.g. political leaders, celebrities, etc.) it is recommended
to audit accesses to these records to ensure they are not being viewed by unauthorized
users. The Security Officer or their delegate should create a regularly scheduled process
to audit VIP records.
PERSONNEL
Physicians and staff attend regular privacy and security training (e.g. annual)
Physicians and staff should attend regular privacy and security training workshops. This
training should focus on Personal Information Protection Act (PIPA) legislation and how
to apply its policies in an EMR environment. The Ministry of Technology, Innovation and
Citizens’ Services offers PIPA training sessions. For further details, including contact
information, visit their webpage at http://www.cio.gov.bc.ca.
Confidentiality agreements are in place with staff and contractors
In keeping with the requirements of the BC Personal Information Protection Act (PIPA),
the physician(s) (or designated Security Officer) should require internal staff and third
party vendors exposed to confidential patient information to sign a confidentiality
agreement. This approach helps to ensure that all staff and contractors are familiar with
13
the clinic’s privacy and security policies and guidelines when in contact with confidential
patient information. Additional information and resources can be found at
https://oipc.bc.ca and search for “BC Physician Privacy Toolkit.”
Physicians working in clinics are not typically expected to sign confidentiality agreements
due to their existing professional standards set by the College of Physicians and Surgeons;
however, group clinics may choose to establish an additional commitment to privacy and
security with a physician confidentiality agreement.
A Privacy Officer is appointed as required by PIPA
The appointment of a Privacy Officer is a requirement and legal obligation under
PIPA. The Privacy Officer is an individual designated with the accountability to ensure
organizational compliance with privacy legislation, industry standards, and professional
and regulatory obligations. The Privacy Officer is responsible for policy development,
compliance monitoring, privacy breach management, staff training, and managing
complaints, questions and access to personal information requests. In a medical practice,
it is recommended that the Privacy Officer is a physician. This means that if the office is
a solo practice, the solo physician is the de facto Privacy Officer. In a group practice, one
of the physicians or a senior staff person such as a Clinic Manager should be identified as
being responsible for this role and its functions on behalf of the group.
Appropriate written policies and procedures are in place (PIPA Sections (5a) and (5b))
According to PIPA, clinics must maintain appropriate privacy policies and procedures that
meet the requirements of the Act:
5 An organization must
(a) develop and follow policies and practices that are necessary for the organization to meet the obligations of the organization under this Act,
(b) develop a process to respond to complaints that may arise respecting the application of this Act, and
(c) make information available on request about
(i) the policies and practices referred to in paragraph (a), and
(ii) the complaint process referred to in paragraph (b).
REMOTE ACCESS
Any devices or network used for remote access meet the requirements above for Device
Security and Local Network Security
The clinic should ensure that any device or network used for remote access meets the
requirements described in the “Device Security” and “Local Network Security” sections,
above.
14
Physician Office IT Security Guide 2015
Remote access uses a secure connectivity solution (e.g. VPN, SSL) that offers highgrade encryption
Physicians increasingly need to view confidential patient information remotely (outside of
the clinic – such as from at home for on-call coverage).
For clinics on the PPN, Remote access to EMR patient records from outside the clinic using
computers with Internet connectivity is already provided through tokens issued by TELUS
(with the exception of Med Access EMR, which uses web-based software with built-in
remote access certificates). The tokens provided by TELUS use a SSL VPN Tunnel with
two-factor authentication.
Secure remote access to an individual desktop within a clinic on the PPN, from a public
network such as the Internet, requires cloud-based third-party remote control software,
such as TeamViewer or LogMeIn. To maintain the highest level of security for this type of
access, two-factor authentication should be used to protect against compromising the security of usernames/passwords. Other methods may work for non-PPN clinics, but cloudbased products are necessary for the PPN due to the particular security configuration of
the PPN.
Unlike SSL-based browser encryption to secure data for web browser-based EMRs such as
Med Access or OSCAR EMR, secure remote access to an individual clinic network for other
LAN-based (non-ASP, local server) EMRs from a remote location requires Virtual Private
Network (VPN) technology or Cloud-based third-party remote access software.
15
115 - 1665 West Broadway
Vancouver BC V6J 5A4
doctorsofbc.ca
@doctorsofbc