webmasterbeta
New Member
I posted this in the generak web hsoting forum with no response, but maybe this is a more appropriate forum for this type of question. 
I am doing some research for a friends business. My friend owns a medical billing related business and will be using a custom built software package to handle all client medical billing and employee data. The PC based software is MS Access based, it uses a built in runtime version of Access. The software uses just three 20mb Access DBs and imports the timesheet data as .XLS/.CSV files and exports .DAT files for medical billing.
The demo I saw of the software was used on a Windows Server 2003 setup where the software was accessed by Remote Desktop. So we know he could just rent a fully managed dedicated Windows Server 2003 to run the software (custom Access software, Quickbooks, medical claim software, MS Office).
The data stored in the DBs is senstive employee records and client records, so security is a concern and must be HIPAA compliant.
The system would be used by 1 to 3 users, only once or twice a week, very light use.
I am wondering what all his options are...
1. Is it possible to just place the 3 Access DBs on a Windows shared host of Windows VPS with SSL server and have local installs of the program connect to the DBs remotely? Would this be secure?
2. If he were to go with a fully managed dedicated server from a known place like LiquidWeb, would this be secure enough for this Remote Desktop use?
3. Would just setting up Windows Server 2003 on a dedicated PC in the companys small office on a DSL or Comcast line be a viable option?
Thanks!Sounds like you just need secure RDP access to a Windows server.
This can be done in a variety of ways.
>>
3. Would just setting up Windows Server 2003 on a dedicated PC in the companys small office on a DSL or Comcast line be a viable option?
>>
Sure, as long as the connection speed doesn't cause issue. It should just be a simple bit of port forwarding at your firewall. Do you use NAT?Hipaa compliance requires far more security than a couple of access databases. Typically all connections to and from the server must be at a certain level of encryption and you must also store the data in an encrypted format. You should probably go to hipaa.org and read up on compliance before you make any decisions or consult a security expert.1. Is it possible to just place the 3 Access DBs on a Windows shared host of Windows VPS with SSL server and have local installs of the program connect to the DBs remotely? Would this be secure?
Not too sure what you mean here? If the app is actually an application with an access backend how are you going to provide access to it via SSL? If it's a web based application that's a different story, but from what I gather it's an app that integrates with other desktop apps, where a dedicated server would be required in any case. On top of this shared hosting would not be HIPAA compliant.
2. If he were to go with a fully managed dedicated server from a known place like LiquidWeb, would this be secure enough for this Remote Desktop use?
A server is only as secure as you make it, where Windows is involved I'd always reccomend a dedicated hardware firewall. Remote desktop access would preferably be via VPN too, or locked down to certain IP addresses.
3. Would just setting up Windows Server 2003 on a dedicated PC in the companys small office on a DSL or Comcast line be a viable option?
Thanks!
It all depends on how it's going to be used, if the users are using the app inside of the office it's going to be ideal, if they are using it remotely a lot of the time it probably won't live up to expectations. Remember you also have the issue that your office doesn't have redundant cooling/redundant power/fire suppression/24x7 onsite security, etc. There are a lot of advantages to using a datacentre.
Hope that helps,
Dan
I am doing some research for a friends business. My friend owns a medical billing related business and will be using a custom built software package to handle all client medical billing and employee data. The PC based software is MS Access based, it uses a built in runtime version of Access. The software uses just three 20mb Access DBs and imports the timesheet data as .XLS/.CSV files and exports .DAT files for medical billing.
The demo I saw of the software was used on a Windows Server 2003 setup where the software was accessed by Remote Desktop. So we know he could just rent a fully managed dedicated Windows Server 2003 to run the software (custom Access software, Quickbooks, medical claim software, MS Office).
The data stored in the DBs is senstive employee records and client records, so security is a concern and must be HIPAA compliant.
The system would be used by 1 to 3 users, only once or twice a week, very light use.
I am wondering what all his options are...
1. Is it possible to just place the 3 Access DBs on a Windows shared host of Windows VPS with SSL server and have local installs of the program connect to the DBs remotely? Would this be secure?
2. If he were to go with a fully managed dedicated server from a known place like LiquidWeb, would this be secure enough for this Remote Desktop use?
3. Would just setting up Windows Server 2003 on a dedicated PC in the companys small office on a DSL or Comcast line be a viable option?
Thanks!Sounds like you just need secure RDP access to a Windows server.
This can be done in a variety of ways.
>>
3. Would just setting up Windows Server 2003 on a dedicated PC in the companys small office on a DSL or Comcast line be a viable option?
>>
Sure, as long as the connection speed doesn't cause issue. It should just be a simple bit of port forwarding at your firewall. Do you use NAT?Hipaa compliance requires far more security than a couple of access databases. Typically all connections to and from the server must be at a certain level of encryption and you must also store the data in an encrypted format. You should probably go to hipaa.org and read up on compliance before you make any decisions or consult a security expert.1. Is it possible to just place the 3 Access DBs on a Windows shared host of Windows VPS with SSL server and have local installs of the program connect to the DBs remotely? Would this be secure?
Not too sure what you mean here? If the app is actually an application with an access backend how are you going to provide access to it via SSL? If it's a web based application that's a different story, but from what I gather it's an app that integrates with other desktop apps, where a dedicated server would be required in any case. On top of this shared hosting would not be HIPAA compliant.
2. If he were to go with a fully managed dedicated server from a known place like LiquidWeb, would this be secure enough for this Remote Desktop use?
A server is only as secure as you make it, where Windows is involved I'd always reccomend a dedicated hardware firewall. Remote desktop access would preferably be via VPN too, or locked down to certain IP addresses.
3. Would just setting up Windows Server 2003 on a dedicated PC in the companys small office on a DSL or Comcast line be a viable option?
Thanks!
It all depends on how it's going to be used, if the users are using the app inside of the office it's going to be ideal, if they are using it remotely a lot of the time it probably won't live up to expectations. Remember you also have the issue that your office doesn't have redundant cooling/redundant power/fire suppression/24x7 onsite security, etc. There are a lot of advantages to using a datacentre.
Hope that helps,
Dan