Labs - Firewall Guidelines

Owned by Dylan Nigh
May 04, 2023
2 min read

Security is an important part of an Internal Network that must be discussed with a HIPAA certified Network Administrator. It is your responsibility to ensure your network is secure. Due to the unique needs of each office, MacPractice support cannot assist with configuring a your office's network. This information is only a recommendation. Your local network technician will need this information to configure and secure the current Internal Network to function with MacPractice.

To configure your Internal Network to function with MacPractice, start by blocking access from the internet by enabling the router firewall. Block all traffic, then allow incoming traffic selectively to only services required by the office. For example, if an email server is used, open Port 25 for mail.

The following tables indicate the network services MacPractice may use. If you do not use a listed ability, the service will not need to be enabled.

Firewall Incoming

All incoming services refer to TCP ports. Block all incoming services and enable access to only required services. HIPAA compliancy restricts sending patient data over the internet using unencrypted services.

Service

Encrypted 

Port 

Firewall

MySQL

No

3306

Blocked at firewall (use VPN for access)

MacPractice Message Server

No

1234

Blocked at firewall (use VPN for access)

Unencrypted Web Service

No

80

Open only if outside accesses required*

Encrypted Web Service

Yes

443

Open only if outside access is required*

If the MacPractice iPhone/iPad interface or the MacPractice Patient Web interface is used from outside the office, enable access to web services on the firewall and forward these ports to the server's internal IP address.

Firewall Outgoing

Many Network Administrators will do nothing to block outgoing access. If outgoing access must be enabled, the following services may be enabled for MacPractice to function properly. Only the listed abilities used need to be enabled.

Service

Port

Firewall

Destination Host

eClaims SFTP

22

Allow

Any

eClaims PMSFT

1023

Allow

Any

eStatement Transmission

22

Allow

ftp.pscftpx.com (for Rev Spring)
ftp.datamail.biz (for DMA/Capario)

Sending Tickets

443

Allow

tt.macpractice.net

NEA FastAttach

443

Allow

secure1.nea-fast.com

MacPractice Drop Box

548

Allow

public.macpractice.net

eStatement Transmission

20,21

Allow

ftp.pscinfogroup.com

For a better experience MacPractice suggests that a wireless access should not be used within your practice for accessing patient data. Ethernet can be more secure and may provide a more stable environment for a practice. If you do choose to use a wireless access point, it should be secured with WPA2 and a good, long password. Do not use WEP under any circumstances, as it is not secure.