Thursday, April 30, 2009

Building a Secure Medical Office PC on the Cheap

A friend is opening an office to provide counseling and therapy for patients in the midst of serious or terminal illnesses. She's one of only one hundred or so therapists certified for this particular kind of work, and it's her gift to the world after losing both patients to cancer within a year of each other.

My gift to her is a computer system for her practice, and since she's going to be doing correspondence, billing, and insurance tasks, it's important that it's highly secure so that no patient information can be breached. That would not be the way to launch a new practice.

Being a start-up, her resources are limited, so I was aiming for functionality and security that she could easily implement without much of a learning curve. She's computer literate but no geek, so I tried to keep it simple.

The base system is a Dell Inspiron with Vista Home Premium that was further locked down by tweaking some of the default settings and loading Firefox with my favorite add-ons installed. I added a reputable antivirus package, and installed Secunia PSI so that she can keep track of unpatched and end-of-life software at a glance. Automatic updates are turned on, as is a personal firewall, antispyware, and other assorted protective and detective control mechanisms.

To keep someone from reading the data if they happen to smash the window and run down the street with the physical computer, I provided whole-disk encryption using the open-source TrueCrypt product that I've always found to be top-notch. Setup was relatively easy, and I picked a pretty robust encryption algorithm and key length. TrueCrypt allows you to build a rescue disk (CD or DVD) to keep locked away in case something happens down the road - very helpful.

We'll toss is a mobile USB hard drive for her to back up and take offsite (also encrypted, of course), and she'll be all set. I was able to pull together the hardware and software for a couple hundred dollars - not a bad deal.

So good luck, Dana. I'm glad the world is blessed with people like you.

If you happen to be in central Ohio and need a very caring, talented therapist to help you or someone you love through a terrible illness, drop me a note at and I'll pass your name along.

It's easy to work with secure computing. If you're an info security professional, give back to the world by doing something nice for others. It feels pretty good.

No comments:

Post a Comment

Please tell me what you think.