Securing OpenEMR

From OpenEMR Project Wiki

Securing OpenEMR

Overview

With the advent of the Patient Portals, the community is now addressing the issues of how to best secure OpenEMR instances that are open to the web. Doing this requires a firm understanding of securing several parts, which at least include OpenEMR itself, Apache, MySQL, PHP, firewall, router, https, certficates, etc. A forum that began to discuss this issue can be found here.
This document is still just a work in progress; hopefully as members of the community begin securing their OpenEMR instances for the web, they will place things they learned here in order to help others.

OpenEMR

  • After installation/upgrade consider removing(or ensuring no access to) to the following scripts, which are not needed for general OpenEMR use:
  • acl_setup.php
  • acl_upgrade.php
  • sl_convert.php
  • setup.php
  • sql_upgrade.php
  • gacl/setup.php
  • ippf_upgrade.php
  • admin.php
  • entire contrib directory
  • After installing a patch consider removing (or ensuring no access to) the following script, which is not needed for general OpenEMR use:
  • sql_patch.php

Network

  • On server, consider only opening port 443 (https).
  • Consider a firewall that only allows port 443 (https) traffic to the server.

Apache

  • General hardening of Apache, which is described here.
  • Only allow https (ie. turn off http)
  • Do not allow direct web access to the following directories
  • site/*/documents
  • site/*/era
  • site/*/edi
  • If not using portal and want to allow users to access over the internet, then consider using client-sided certificates to only allow users access to site
  • If want to give access to the patient portals over the internet, then consider using a client-sided certificate to only allow users access to the main OpenEMR login page
  • If using third party patient portal, then consider:
  • Only allowing the IP address of the third party portal to access the SOAP APIs (for patient access)
  • The third party portal could set up a certificate to identify their server as an option to further secure.
  • The third party portal could also set up a ssh tunnel method, so the local OpenEMR instance is not open to the web (and possibly not even require an IP address).

MySQL

  • Ensure the root password is set to something.

PHP

Codebase