-
October 18th, 2004, 05:57 PM
#1
Senior Member
Web portal security?
Hello all, I am in the development stages of designing webserver with a employee portal for my domain. I would like for the employees to access this portal internally and externally. After logging in they would have access to email and other things. What kind of security design is recommended? It needs to be something very strong, since this site deals with patient information. All input will be appreciated.
-
October 19th, 2004, 09:49 AM
#2
Atleast put the employee part behind SSL and use strong authentication. Like tokens and such.
Try to seperate the public part and the employee part. Preferably on different servers. Both have different security concerns and it's "easier" to protect both if you seperate them. Also if somebody "cracks" your public site they won't be able to get to the employee site.
Eventhough you use SSL and strong authentication you still need to make sure the application is secure too. This means input validation, preventing sql injection and XSS to name a few.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
October 19th, 2004, 11:42 AM
#3
Greetings:
SirDice left out one major thing. It set off alarm bells in my head the second I read the word "patient information" in your description.
If you're in the healthcare industry, and if you're in the US, you need to be compliant with HIPPA. If you're not a security expert, and if you're not familiar with HIPPA, I STRONGLY STRONGLY STRONGLY suggest you hire someone to create this portal for you. (I think you'll find this portal can't be everything you're probably hoping for.)
With some areas it's fine to be a do-it-yourself learn-as-you-go type of administrator. Dealing with patient information, and making sure you're HIPPA compliant, is not one of those areas.
You can read more about HIPPA from the US Health and Human Services website at http://www.hhs.gov/ocr/hipaa/
-
October 19th, 2004, 02:17 PM
#4
JP speaks the truth, there are certain times when you just gotta call in an expert that nows the specific regulations.
You don't build a house with out first consulting the local building codes, and you certainly don't go putting patient records online without following HIPPA.
The implications of not are incredible. I read a very scary article one day about how open a lot of doctors offices are in regards to keeping electronic documentation, I wish I had it book marked, but it made you wonder about your medical provider and whether you should expect your identity to get "borrowed".
Quite scary!!!
Peace,
Dhej
The owl of Minerva spreads its wings only with the falling of dusk. -Hegel
-
October 19th, 2004, 02:40 PM
#5
I'm not a US citizen so I didn't know about HIPPA Good call!
Here in Holland we have rules and regulations regarding anyone's records, not just the medical ones.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
October 19th, 2004, 02:55 PM
#6
Senior Member
Actually, they will not access any patient info. But they will access email and our intranet which is a monthly news letter. i thought this would be something simple to create?
-
October 19th, 2004, 03:54 PM
#7
Everything I've told you still holds up. Except maybe the strong authentication. Normal authentication could be enough but ymmv .
Oliver's Law:
Experience is something you don't get until just after you need it.
-
October 19th, 2004, 04:18 PM
#8
Senior Member
Anybody know of a certain website that will help me on creating secure websites?
-
October 19th, 2004, 04:19 PM
#9
You already found one
Seriously, have a look through the archives and/or use the search function.
You can probably pick up a whole list of sites for your reading pleasure
Oliver's Law:
Experience is something you don't get until just after you need it.
-
October 19th, 2004, 04:22 PM
#10
Senior Member
This site is great! But is there a site that dedicates itself to web security?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|