CLOSED: Shared Folder on a Windows Network. Is this HIPAA Compliant?

phlibby
Posts: 3
Joined: Sun Sep 25, 2016 2:31 pm

CLOSED: Shared Folder on a Windows Network. Is this HIPAA Compliant?

Postby phlibby » Sun Sep 25, 2016 3:07 pm

We are starting a Treatment Center and we need to have a Shared Folder so all counselors and an organisation that does our EMR(electronic medical records) can read and write to and from it but no one else on the network can get into it. It is critical the folder must be locked tight to anyone that is not authorized according to our HIPAA Compliance guidelines. The folder must be accessible to authorized people all the time. It must be accessible to our EMR Service (they set it up with an IP Address, a User Name and a Password as on a Windows Domain). And, it must be accessible to our Samsung K4350LX all the time so it can route faxes and scan jobs to it.
The office machine, Samsung K4350XL, can see the folder now but I can not lock it down because we only have average Windows Networking. Not a full Server with a Domain and such. We use Workgroups but this shared folder needs to be more secure like with a NAS.
I am trying to get out of paying $500 for MS Server 2012 r2 and I'm hoping Amahi would be a good solution for us.

I hope I explained that right. If not, just ask me and I will elaborate better.

Thank you so much for your time and knowledge,

Pat

User avatar
cpg
Administrator
Posts: 2618
Joined: Wed Dec 03, 2008 7:40 am
Contact:

Re: Shared Folder on a Windows Network. Is this HIPAA Compliant?

Postby cpg » Sun Sep 25, 2016 6:35 pm

Amahi is meant to be in a relatively trusted environment.

Amahi has not attempted to obtain HIPAA compliance. I am not sure how many things would be needed. Some people have managed to configure windows domains with Amahi but it was a while ago and may need work.

We do offer commercial support if you need to tighten your set up and check a number of checkboxes, however it would be up to you to ensure compliance.

Does that help?
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 8GB RAM, 1TBx2+3TBx1

phlibby
Posts: 3
Joined: Sun Sep 25, 2016 2:31 pm

Re: Shared Folder on a Windows Network. Is this HIPAA Compliant?

Postby phlibby » Mon Sep 26, 2016 9:34 am

Yes. That helps a lot. I was continuing my research and found out it would work, like you said, in a trusted environment. I believe, if I put the counselors office on their own subdomain protected by a firewall and followed my own checklist of requirements, it could be done. To start with anyway. I'm not sure if they will need more than just one folder protected in the future. But, for now, I believe I can make this work. My only concern now is encryption. The article I was reading about hipaa requirements said the data had to be encrypted at rest and in transit, if moving through a wireless config. The router I will be using will handle the encryption in transit however, my next question would be - does Amahi support encrypting data at rest?

Thank you so much for your helpful replies,

Pat

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: Shared Folder on a Windows Network. Is this HIPAA Compliant?

Postby bigfoot65 » Mon Sep 26, 2016 9:44 am

my next question would be - does Amahi support encrypting data at rest?
It's not Amahi that you need to research as it's just a framework add on to the OS.

Drives can be encrypted, however this is a Fedora feature that you might want to check out. I am sure their forums or web site will provide some guidance.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

User avatar
cpg
Administrator
Posts: 2618
Joined: Wed Dec 03, 2008 7:40 am
Contact:

Re: Shared Folder on a Windows Network. Is this HIPAA Compliant?

Postby cpg » Mon Sep 26, 2016 12:57 pm

I believe Fedora supports encrypted disks. You could put the critical shares in separate drives with Amahi. Fedora probably has the tools to build encrypted partitions. Once mounted, to Amahi they look like everything else (not encrypted) and only encrypted at the lower level, before it hits the media. Someone will have to be present to mount the drives.

There are a few things more that need tightening like mysql and perhaps others, or (alternatively, or possibly concurrently) add a firewall to only allow the minimal set of things needed. The WiFi assumption may be a little broad. Encryption in transit may hinge as to what actors may be assumed to be in the same WiFi network.
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 8GB RAM, 1TBx2+3TBx1

phlibby
Posts: 3
Joined: Sun Sep 25, 2016 2:31 pm

Re: Shared Folder on a Windows Network. Is this HIPAA Compliant?

Postby phlibby » Fri Sep 30, 2016 12:00 am

Thank you so much for your insights. I am going to give it a try. I have a box built with an ssd holding the OpSys & Apps and a secondary Terabyte drive. I have an Asus RT-N16 with tomato for control of the wifi. I will come from the network port of the Comcast Router to the WAN port so I can isolate them on a seperate subnet. Then I will set up dhcp/arp binding and a filter to block all devices but theirs. The port forwarding may be a trick. Now I will educate myself on the Amahi. I just have to try it. It's too cool not too.

Thanks,
I'm sure I'll be back with a report on how it went,
Pat

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: Shared Folder on a Windows Network. Is this HIPAA Compliant?

Postby bigfoot65 » Fri Sep 30, 2016 6:07 am

No problem. Happy to assist.

Will mark this as closed. If you need further assistance, please start a new topic.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

Who is online

Users browsing this forum: No registered users and 12 guests