Upload
joomla-chicago
View
495
Download
2
Embed Size (px)
Citation preview
1
2
Company History And Project Background
3
HistoryTechnology-OrientedJoomla DiscoveryPresent And Future
4
The ClientMental health providerRecent growth + expansionNetworkingProject funded with a grant
5
Basic Project GoalOnline method to share patient information
6
General ProcessListeningReadingNotesPractice
7
HIPAA Introduction
8
Healthcare In The Digital AgeTitle I - Health Care Access, Portability, and Renewability
Title II - Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform
9
HITECH = Building On HIPAAIncreased enforcement, penaltiesBreach notificationsPatient access rightsIncentives for ePHI adoption
10
What is HIPAA Compliance?There is no ‘certification’HIPAA != PCI ComplianceProactive and Reactive
11
What Triggers HIPAA Compliance?ePHI -
“Protected health information (PHI) is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual.”
12
Cost ProhibitiveHostingExtra Security PrecautionsTraining and Implementation
13
General Tech CostsAWS = ~$1,500 min, + ~$50+Joomla Plugins/Software = ~ $120/yrLabor = ?Security = ?SSL = $70+ (letsencrypt.org)
14
Areas of Compliance
15
Pillars of HIPAASecurityPrivacyEnforcementNotification
16
Required vs. AddressableRequired = RequiredAddressable =
1. Implement2. Implement equivalent alternative3. Not Implement
17
Security Rule pt. 1Technical Safeguards
EncryptionBackup
Physical SafeguardsServer / WorkstationTransmission
18
Security Rule pt. 2Administrative
AccessContingency
19
Privacy RuleUACPatient Access Rights
20
EnforcementPenalties
$100 min to $1.5mil max civil$50k to $250k ea + up to 10yrs criminal
21
NotificationWho is responsible?Requires most providers send notice
22
HIPAA Compliance pt. 1 - Organizational Process
23
The Other Side of HIPAAChange the way you thinkAppoint responsible peopleReview policies regularlyTraining for ePHI
24
HIPAA Compliance pt. 2 - Server And Site Security
25
Security Part 1 - AWSEncrypted storage
EC2 - EBSS3 - SSE
FirewallKeyfile-based
26
Security Part 2 - WebminAutomatic loggingAnti-malwarePCI-compliance almost out-of-box
27
28
29
30
PHP Lockdownallow_url_fopenallow_url_includeoutput_bufferingdisable_functionsopen_basedir
31
Security Part 3 - JoomlaFine-grained UACField-tested APIPlugins
Akeeba Backup (audit)Akeeba Admin Tools
32
User Access ControlUsersUser GroupsViewing Access Levels
33
Joomla APIThis:$mysqli = new mysqli("localhost", "databasename", "databasepassword");if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());exit();
}
Into This:$db = JFactory::getDbo();
34
Akeeba Admin Tools
35
36
37
38
Assembling The Tools
39
PlatformsAWS (Amazon Web Services)Webmin / VirtualminJoomla
Fabrik
40
Other ToolsVirtualBoxFileZillaTextPadArtisteerPuTTY
41
Setting Up An EC2 Instance
42
AWS ProcessResearch needed infrastructure
Web Server (dedicated)What specs do I need?
Backup (S3)How much space do I need?
43
AWS ServicesEC2
Free TierM3 For Encrypted Storage
1 CPU, 3.75 RAM, 10GB/10GBS3
44
45
46
47
48
49
50
51
Setting Up Virtualmin/Webmin
52
Let It Do The WorkDownload the install script (wget/curl)Run the install scriptGrab a drink
53
Virtualmin ProcessProvision the siteSSLS3 BackupsPHP
54
55
Setting Up Joomla
56
57
Joomla ProcessCreate a theme w/ ArtisteerInstall and configure basic utility components
Akeeba BackupAkeeba Admin Tools
Install application toolFabrik
58
Artisteer ThemesMakes the process more aesthetic-focused, rather than programmaticAllows for painless experimentationMay not get you to 100%, but gets it to at least 90%.
59
FabrikWeb app creation toolExisting plugins (file upload)Lots of code samples online
60
61
62
63
64
65
66