Networking - Firewall
- Dylan Nigh
Security is an important part of an Internal Network that must be discussed with a HIPAA certified Network Administrator. It is your responsibility to ensure your network is secure. Due to the unique needs of each office, MacPractice support cannot assist with configuring your office's network. This information is only a recommendation. Your network technician will need this information to configure and secure the current Internal Network to function with MacPractice.
To configure your Internal Network to function with MacPractice, start by blocking access from the internet by enabling the router firewall. Block all traffic, then allow incoming traffic selectively to only services required by the office. For example, if an email server is used, open Port 25 for mail.
The following tables indicate the network services MacPractice may use. If you do not use a listed ability, the service will not need to be enabled.
Firewall Incoming
All incoming services refer to TCP ports. Block all incoming services and enable access to only required services. HIPAA compliancy restricts sending patient data over the internet using unencrypted services.
Service | Encrypted | Port | Firewall |
MySQL | No | 3306 | Blocked at firewall (use VPN for access) |
MacPractice Message Server | No | 1234 | Blocked at firewall (use VPN for access) |
Unencrypted Web Service | No | 80 | Open only if outside access is required* |
Encrypted Web Service | Yes | 443 | Open only if outside access is required* |
Server Management App | No | 26700 | Blocked at firewall (use VPN for access) |
MPXServer | No | 41853 | Port 41853 needs to be only used for the MPXServer process, otherwise issues can occur in several areas of MacPractice |
If the MacPractice iPhone/iPad interface or the MacPractice Patient Web interface is used from outside the office,enable access to web services on the firewall and forward these ports to the server's internal IP address.
Firewall Outgoing
Many Network Administrators will do nothing to block outgoing access. If outgoing access must be enabled, the following services may be enabled for MacPractice to function properly. Only the listed abilities used need to be enabled.
Service | Port | Firewall | Destination Host |
eClaims SFTP | 22 | Allow | Any |
eClaims PMSFT | 1023 | Allow | Any |
eStatement Transmission | 22 | Allow | http://ftp.pscftpx.com (for RevSpring)ftp.datamail.biz (for DMA/Capario) |
Sending Tickets | 443 | Allow | |
NEA FastAttach | 443 | Allow | |
MacPractice Drop Box | 548 | Allow | |
eStatement Transmission | 20,21 | Allow |
In general, wireless access should not be used within your practice for accessing patient data and using MacPractice. Ethernet is more secure and a better choice for a practice. If you do choose to use a wireless access point, it should be secured with WPA2 and a good, long password. Do not use WEP under any circumstances, as it is not secure.