Home
Join

4 Replies

  • They appear to be a relatively small organization (from your description of the number of locations). I would recommend that they do the same thing with file shares that they do with their EHR and email. Put it in the cloud. There are several solutions from which to choose. 

    Think of it this way - do they have the budget and expertise to secure and maintain their own infrastructure the way Microsoft, Google or any other reputable hosted provider can? That's the thing that convinced me to switch to hosted services. After decades of swearing that I would never do it, I realized that I can't staff a 24/7 security operations center and hire all of the other experts in storage, security, etc that would be needed to do it correctly. 

    You're at a pivot point. Money hasn't been invested in building up in-house infrastructure. Now is a very good time to reconsider.

    Edit: One of the other advantages of choosing a hosted infrastructure is that it moves from CapEx (capital expense) to OpEx (operational expense). Simply paying a monthly hosting bill, rather than having to amortize hardware over time, is appealing to the accounting folks.

    Was this post helpful? thumb_up thumb_down
  • You seem to be asking two questions - are you right to recommend a physical server and would a physical server (assuming to run AD) be  best practice. I would say that the answer to both questions is no. User access control and PC control are addressed under HIPAA as it pertains to ePHI (electronic protected health information). You could make the argument that Active Directory could help with security by locking workstations down using group policy but the truth of the matter is that you don't need a physical server to get that kind of control. You don't even need Active Directory, you could get the same thing through MDM software or even some endpoint security products. The organization could set everything up through Azure and never even look at physical hardware. Microsoft 365 could handle their file sharing needs. And speaking of hardware - what does their EHR vendor recommend? Do all users use Windows-based PCs, laptops, tablets, etc.? Are there Apple devices in the mix? Smartphones? Just throwing a server at them is a huge disservice if you don't first look at how the users do their work, what their workflows are and if you are truly concerned about HIPAA - where is the ePHI, and is its security in question? I think it's great wanting to help out your friend, but unless they are knocking on your door asking for your advice and wanting a solution to address a particular need - I'd let things stay the way they are until there is a clearly defined need.
    Was this post helpful? thumb_up thumb_down
  • We'll they are a non-profit and the price of hosting an Azure Active Directory from what they priced is' very expensive for the long term. Hence, a $5000 - $7000 physical server over the course of 5 to 8 years.

    Was this post helpful? thumb_up thumb_down
  • kenny leo wrote:

    We'll they are a non-profit and the price of hosting an Azure Active Directory from what they priced is' very expensive for the long term. Hence, a $5000 - $7000 physical server over the course of 5 to 8 years.

    Are you aware of non-profit "donations" and discounts that are available from Microsoft? In addition to specific software titles that are available, Microsoft provides a credit on hosted services. (My organization also is a non-profit and takes advantage of these offers.)

    Was this post helpful? thumb_up thumb_down

Read these next...