Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Mac Mini + Server?

M

Macinstache

macrumors member
Original poster
Sep 16, 2013
44
0
I am starting my own small medical office. I need to save my electronic health records and plan to have 2 computers in the office. A lot of these all-in-one medical softwares cost a fortune.

I plan to use my Macbook Pro as my computer. If I get a Mac Mini for the reception desk could I install Mac OS Server and use it as a local server which holds all patient contact, schedule etc between the 2 computers?
 
If all you need is file sharing, you don't need the Mac Server app.

I am more interested in Security: What country are you located in?

No matter where you are, you should appropriately safeguard your patient data. In the US, there are HIPPA guidelines and laws to follow. So whatever you do, make sure your software vendor supports your environment, and that you can properly secure the customer data.

By itself, without some deeper knowledge of how to secure your data, the Mac mini would be easy to steal and then they'd have access to the data. So you should apply both physical as well as data security techniques to protect the data.

For example (btw, I am not a security professional, my response will elicit a lot of debate here, and you should listen to it all and seek a professional if you aren't capable of deciphering it yourself):
1) Lock the Mini to the desk. A cable lock is easy enough to cut through for a prepared person, but it will keep a janitor or a quick smash-and-grab from taking it.
2) Use a dual-disk mini, and use FileVault to lock the second disk. Keep all of your patient data on the encrypted disk, nothing on the boot disk.
3) Use strong passwords for logging into the Mini and your laptop.
4) Back everything up daily to an external encrypted device, and take that device off site with you every day. Potentially use 2 external devices for backup, both encrypted, locking one in an onsite safe and keeping the second off site.
5) Avoid using WiFi for access, use hard wired. If you must use WiFi, consider having the WiFi access outside your protected LAN, connect to WiFi, and then use a VPN to access the corporate LAN to get access to the mini.

There are a lot more things. Using the Mac as a server is the easy part. Doing it right in a medical environment is harder.
 
You're going to keep confidential patient records on a Mac Mini? Is that even legal?
 
Very good tips above. If you plan to remotely access the files you want to VPN into your Mac Mini
 
cinealta said:
You're going to keep confidential patient records on a Mac Mini? Is that even legal?
Click to expand...

Yes, starting this year it is a requirement that all medical records be electronic. This has cost clinics tons of money just scanning paper records into a system. Where they decide to store it, I don't know. I do know that most store them on local devices with multiple back ups and encryption, but surprisingly there are tons of cloud based medical information storage options.
 
bplein said:
If all you need is file sharing, you don't need the Mac Server app.

I am more interested in Security: What country are you located in?
Click to expand...

United States.

The reason I was thinking Mac Mini is because I am very comfortable trouble shooting Mac's. The current office I own I paid a company to come in and set up a secure network with 3 pcs and whenever I have an issue (every few months) I have to pay them again to troubleshoot/fix it.

If I could set it up myself with a physically secure Mac Mini that backs up to a RAID? and encrypts the data, but lets me share files between Macbook Pro & Mac Mini I feel that I would be able to handle all troubleshooting.
 
Macinstache said:
If I could set it up myself with a physically secure Mac Mini that backs up to a RAID?
Click to expand...

You could use RAID1 to mirror the drive, so you'll have 2 exact copies of every file. However RAID1 is not a complete backup solution because it doesn't protect you from file corruption nor accidental deletion. Along with RAID1, you need to use Time Machine to save file versions.
 
I think the Mac Mini would be fine. Like others have said, use FileVault to encrypt the drive. Also set it up to require a password when waking from the screensaver.

My day job is with a cloud based practice management, and health records company. These law changes have caused a good number of headaches for us too. :)
 
cinealta said:
You're going to keep confidential patient records on a Mac Mini? Is that even legal?
Click to expand...

It is legal as long as no unauthorized person in or outside the clinic has access to them.

I have several Mini's running in our clinic but I'm on a bit larger scale with multiple servers and backup solutions.
The multiple backup solutions is a MUST if you're going full digital records, losing a couple years of patient records will be completely devastating to your practice.
I'd suggest a minimum of 3 backups with at least 1 offsite in case of a disaster such as the building burning down.

Also I would house records on a machine separate than one used daily by employee's. You wouldn't want one of them to accidentally crash the machine or that hard drive and ALL of your information is gone.

Even getting 1 Mini to serve as a server, a 2nd for your front desk and your MBP for you.
With the "Mini Server" doing an internal backup, an external backup, a cloud backup and possible an external drive that you can backup to weekly and take home so worst case scenario is you lose a couple days of updated files.

and another tip: there are plenty of cloud based backup solutions that are hipaa compliant. Most of the one's that specify they are a medical records cloud solution will charge you 5-6x the cost and will be the exact same service located on the same servers. A lot of the medical backup cloud service will also charge an arm and a leg per GB while the others are per 10 or 100GB.
 
can anyone recommend a Mac Mini year model that I should look at. I'm sure I don't need the newest fastest version?
 
Macinstache said:
Yes, starting this year it is a requirement that all medical records be electronic. This has cost clinics tons of money just scanning paper records into a system. Where they decide to store it, I don't know. I do know that most store them on local devices with multiple back ups and encryption, but surprisingly there are tons of cloud based medical information storage options.
Click to expand...

It is only a requirement if you want to collect the CMS meaningful use incentive, some of the older guys are still sticking to paper records
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back