Locking down a Public Kiosk

[Jay]

This issue has been on my mind so here is what I have found on how best to lock down a Kiosk PC so that a patient cannot mess around too much.

1. Create a User account in Windows for the Kiosk and have an Admin backdoor.
2. Create a "Kiosk" account in OD. There is no such thing but what I mean is create a KIOSK group in Setup>>Security and disable most modules of OD.
3. Set the Kiosk password in Kiosk Manager>>Password. Since this is plain text and not masked do not enter it in the presence of a patient.
4. Mirror your Kiosk screen to another monitor that a staff member can monitor. if you have an All-in-One Kiosk PC you can still use an USB-DVI or USB-VGA converter. Newer all in ones have an HDMI output.
5. if you are able to run XP, you are lucky since you can download a Windows utility called Steady State that will help you lock down your PC. Steady Sate has been discontinued so you have to Google a bit. Bear in mind that once Microsoft withdraws XP support (08/2014) you will be out of HIPAA compliance for running an unsupported OS.
6. For Windows 7 you can use the following link from Microsoft to get an Excel Spreadsheet with step by step instructions for locking down each item. http://www.microsoft.com/en-us/download ... x?id=19990 Need updates for Windows 8. Anyone?
7. Use a fake (local) C:\OpenDentalImages folder. If you do this remember that updates have to be run manually by navigating to actual //Server/OpenDentalImages. Also be sure to ensure that any form backgrounds are copied over to C:\OpenDentalImages\SheetImages
8. Additionally you should implement other security measures: BIOS password, disable F8 (Safe Mode) on the Kiosk keyboard (superglue?), remove all devices from Boot Sequence except the primary Hard Disk, disable Autoplay, delete unnecessary Screen Icons.
9. For Windows 8 I think it would be prudent to disable the Metro UI altogether using some or the other utility. Specifically disable Hot Corners and Charm bar.
10. If the Kiosk has a wireless keyboard get an encrypted one, again for HIPAA. They cost about the same. http://www.amazon.com/Logitech-Wireless ... B004YLAYHA

I intend this to be a starting point. I am sure there are experts here who can weigh in and add more measures to this list. I know there are many Kiosk softwares out there but I don't want to pay for more software and configure things outside of Windows. To disable/remap certain keys it might be easier to use Sharpkeys and/or AutoHotKeys (both free) but I haven't tried either.

Please add to the list or tell me what you guys think.

[Pruce Dental]

Whoa Jay,..my head is spinning after reading your post...did you ever consider just having a staff member present in the room to help a patient complete their forms and watch them?

[Jay]

You are right. It's annoying but any person who uses a Kiosk on your network can, in theory, gain complete access to it. The way I see it. This is a one time setup cost in terms of time and hardship and then, all but the most determined hackers can be held at bay.

The other way, you rely on a staff member who could be doing something else that is productive. Or the staff member could get lazy just once...In big spaces there might be more than one kiosk. I am sure some folks have wireless tablets which patients can use in the comfort of the dental chair. Imagine yourself running late and a determined, unattended teenager with a mobile kiosk in his hands who is getting bored by the minute...Why not rule out human error as far as possible?

But I agree. It's extremely annoying to have to do this and the irony is, I am not even sure the list is complete. Which is why, please add to it.

I dream of a world where OD Version 18.1 will include a Kiosk program which when run on the Kiosk PC makes all these changes automatically for us. Then again, in five years people might be entering their info 'telepathically' using a direct neural interface.

Till then this is best I could think of.