Mac OS X Security Recommendations

Security features within Mac OS X are generally best addressed by Apple Support or a qualified Network Administrator. The MacPractice Internal Network documentation may address some questions on the setup and securing of the Internal Network. MacPractice Support is unable to assist with any aspect of securing Mac OS X or the Internal Network outside of this guide. The security features available and optimal will vary based on the Operating System version used, hardware, Internal Network configuration, and the office's security needs.

The suggestions in the Mac OS X Security Recommendations documentation are offered by recommendation only. Please discuss these suggestions with your Network Administrator to understand the impact of implementing any security features on the network setup.

Hot Corners

Hot Corners are a feature of the operating system and can be set in the System Preferences > Desktop & Screen Saver > Screen Saver tab by clicking the Hot Corners… button. Hot corners will perform a particular action when you move your mouse to a corner of the screen.

The screen shot to the left displays a hot corner set to start the screen saver when the mouse touches the top right corner of the screen. This will hide any patient information that might be displayed when away from the computer. This preference can be combined with the System Preferences > Security & Privacy setting, “Require password after sleep or screen saver begins.” It is recommended to set this time limit to 5 seconds. The OS user password can be set under System Preferences > Users & Groups.

Screen_Shot_2017-09-01_at_8.15.41_AM.png

 

FileVault

FileVault is the 128-bit AES full disk encryption system used within Mac OS X. MacPractice recommends enabling FileVault full-disk encryption for the security of your entire system, including the MacPractice database.
Note: FileVault is used to encrypt your Mac's hard drive. Your computer will not mount the hard drive until an authorized OS user enters their password.

Screen_Shot_2017-05-05_at_3.23.40_PM.png

Enable FileVault in System Preferences within the Apple menu. Select Security & Privacy and follow the prompts to obtain a Recovery Key, which can be used to unlock the disk if the password is forgotten. MacPractice Support will never have the Recovery key. The key should be copied and saved in a safe place.

While enabling FileVault, an iCloud account may be set up to be used to unlock the disk and reset the password if forgotten. It will be necessary to log in to iCloud during the set up process. Apple will store the recovery key. If an iCloud account is not used, a recovery key can be created and stored by the office. Ensure a copy of the code is stored in a safe place. If the password is forgotten, and the recovery key is lost, all of the computer’s data will be forever inaccessible!

FileVault is an Apple product. MacPractice Support will never be able to obtain the recovery key.

Mac OS X versions previous to Mac OS X version 10.7 (Lion) use Apple's original FileVault, which encrypts the user's directory (home folder) rather than the entire drive. More information of FileVault can be found on Apple's Support Site.

Dictation

In OS X 10.9 (Mavericks), Apple introduced Enhanced Dictation which does not send dictated speech to Apple's servers unlike previous versions of Dictation.

MacPractice does not claim compatibility with this feature as the capacity for successful voice recognition is determined by the Operating System and not the MacPractice software.

Apple released a new Dictation feature with the release of Mac OS X 10.8 (Mountain Lion). This Dictation feature records spoken words, which are sent back to Apple and then converted to text. Only a Network Administrator can provide HIPAA recommendations on using any Apple security feature with patient data, however Apple's Privacy information (found by clicking About Dictation and Privacy) lists a link to Apple's Privacy Policy as well as instructions on how to restrict access to the Dictation feature in the Parental Controls pane of System Preferences.

Please see Apple's Privacy Policy or contact Apple for more information on the Dictation & Speech feature.

GateKeeper

The Mac OS X 10.8 GateKeeper security function may report an application as authored by an unidentified developer upon installation. To install third party apps that may be used in conjunction with MacPractice (such as Comcharts, ScanSnap, Splashtop, and so on) that have not yet registered with Apple, you may need to override this setting manually or turn the function off.

  • To manually override the setting once, control+click on the installer icon and select Open in the Contextual Menu.

  • To turn this function off entirely, go to System Preferences > Security & Privacy > General > "Allow Applications downloaded from;". From the listed options, select to allow applications downloaded from "Anywhere". Please note that there will no longer be a warning presented when downloading any unidentified developer Apps.

For more information on this function, please see Apple's Security site.