Web Forms, OD Server and HIPPA

[DocEastin]

I am thinking of using the OD webforms for my new patient registration and history forms. As I understand the process, the data is stored on the open dental server. Are there any HIPPA compliance issues with this? Is the data encrypted on the OD server?

Curt Eastin

[jordansparks]

The data is only stored on our server between the time when the patient fills out the form and when you download the data to your office. That's typically less than one day. The data is behind a firewall, and the only way to access it is https (secure). We have decent physical security, an extra locked door and an alarm system. The mysql data files are encrypted at the file level. If you are not aware of how to do that on your own server, you would stop the mysql service, browse to the mysql folder in Windows, right click, Advanced, encrypt.

[DocEastin]

Awesome Jordan! Thank you for the prompt and complete reply. I'm LOVING Open Dental BTW

[Jay]

Slightly offtopic but here goes: Suppose someone encrypt OpendentalImages using EFS/Windows as you recommend. Can they backup this encrypted database and restore to a totally different server in the event of a crash?

[jordansparks]

I was recommending encrypting C:\mysql\data, not the shared OpenDentImages. You generally would not shared the mysql folder on your network, and only the admin on the server can make backups. Once you make a backup, the backup itself is unencrypted unless you take precautions. There are USB drives that have hardware encryption built in. Something similar to that needs to be used when moving your backup files. You can't just walk around with unencrypted files. What if you drop your USB drive someplace? Same thing with the computer you restore to. Make sure to use a secure password when logging on to Windows, and if someone steals your computer, having the mysql folder encrypted will prevent them being able to access it without your Windows password.