4. Use a Firewall
Unless a small practice uses an EHR system that is totally disconnected from the Internet, it should have a firewall to protect against intrusions and threats from outside sources. While anti-virus software will help to find and destroy malicious software that has already entered, a firewall's job is to prevent intruders from entering in the first place. In short, the anti-virus can be thought of as infection control while the firewall has the role of disease prevention.
A firewall can take the form of a software product or a hardware device. In either case, its job is to inspect all messages coming into the system from the outside (either from the Internet or from a local network) and decide, according to pre-determined criteria, whether the message should be allowed in.
Configuring a firewall can be technically complicated, and hardware firewalls should be configured by trained technical personnel. Software firewalls, on the other hand, are often pre-configured with common settings that tend to be useful in many situations. Software firewalls are included with some popular operating systems, providing protection at the installation stage. Alternatively, separate firewall software is widely available from computer security vendors, including most of the suppliers of anti-virus software. Both types of firewall software normally provide technical support and configuration guidance to enable successful configuration by users without technical expertise.
When should a hardware firewall be used?
Large practices that use a Local Area Network (LAN) should consider a hardware firewall. A hardware firewall sits between the LAN and the Internet, providing centralized management of firewall settings. This increases the security of the LAN, since it ensures that the firewall settings are uniform for all users.
4 http://healthit.gov/sites/default/files/Maintenance Checklist.pdf
If a hardware firewall is used, it should be configured, monitored, and maintained by a specialist in this subject.
Firewall Checklist
Policies are in place prescribing the use, configuration, and operation of firewalls and firewall logs.
All computers are protected by a properly configured firewall.
All staff members understand and agree that they may not hinder the operation of firewalls.