The javascript used on this site for creative design effects is not supported by your browser. Please note that this will not affect access to the content on this web site.
Skip Navigation
H H S Department of Health and Human Services
U.S. Department of Health and Human Services
Health Information Technology and Quality

A-Z Index  |  Questions?  |  Order Publications  |  HRSA Mobile

Should we upgrade our network security before implementing an EHR?

It is critical that your local network have the bandwidth and security to support your EHR system.
Some areas to consider as part of your EHR planning include:
1. Capacity and performance. Estimating bandwidth requirements can be complex and depend on a number of different factors, such as number of users, locations, real-time transactions, hardware and storage technology. It is best to work directly with your EHR vendor to determine requirements.
2. Perimeter protections. Higher valued assets justify more robust protection. If a firewall is not part of your Internet gateway, then one must be installed. Installation of recent patches, upgrades and firmware versions should be verified. The firewall rule set should be audited to ensure only legitimate traffic is being permitted to pass on and off the network. Delete any rules that allow file share unless there is a critical business purpose.
3. Intrusion detection. Install an intrusion detection system (IDS) go to exit disclaimer to drop anomalous traffic that matches the 'signature' of well known network attacks.
4. Network segmentation. Consider segmenting the network to isolate the EHR system along with other systems requiring access to the EHR. The purpose is to remove connectivity between the EHR and other systems whose users do not require access to the EHR.
5. Directory audit. Audit Active Directory structure and policy to ensure that workstations access to the EHR system complies with good security standards. Users should be properly authenticated with strong passwords, smart cards or tokens before accessing the workstation or domain resources.
6. Privilege review. Clinical users of EHR systems require few if any administrative rights to the EHR. Review all existing user privileges. Where feasible, employ Active Directory to centrally manage user rights.



Developed by the Health Resources and Services Administration as a resource for health centers and other safety net and ambulatory care providers who are seeking to implement health IT.
Health Information Technology Toolboxes help health centers, safety net providers, and ambulatory care providers with electronic and online resources and technical assistance to improve patient care.  More>
Stay Informed