You, Your Network, and HIPAA Compliance

You, Your Network, and HIPAA ComplianceWhile the expansion of wireless technology over the last few years has meant wonders to the modern business , it’s also provided its own share of risks as well. Because the wireless network relies on radio frequencies rather than the security of a wired network network, sensitive information is made much more available to potential attackers. This is especially worrisome in the healthcare industry, where patient information is protected by privacy standards under the HIPAA law (Healthcare Insurance Portability and Accountability). Until the signing of HIPAA in 2003, there was no existing law to insure the safety of sensitive patient records.

Compliance with HIPAA can be a challenging task for IT departments. For the HIPAA standards that are relevant to wireless networks, it’s crucial to learn how to best address the specific issues associated with them. On a wireless network under HIPAA compliance, each user on the network should be provided with their own unique user name and password. Under this system, the LAN should be able to track users under a log of activity. With each user having unique identity on the network, the LAN can provide different levels of access to different groups. While some users may be able to access patient health records, other users may only be able to access basic internet browsing.

Auditing can allow network administrators to monitor user activity on systems that can access patient information. A network should be able to provide a complete log of user-level events, including associations, authentications, and amount of bandwidth used. This log should be descriptive enough to provide administrators to take necessary steps, whether it be blocking a device, or contacting the user of the device.

In case of an emergency, unauthorized hospital employees can be able to access patient information through an emergency access procedure. Your wireless network can help by giving network access to wireless users even though access to the public internet is unavailable. Your network should always be able to continue running in the event of the public internet being down. With controller based wireless networks is that the controller must be reachable by the access points in order for the network to remain operational. Network administrators typically respond by deploying stand by controllers to take over when the primary controllers are down. Instead of this response, you should bypass the thought process that holds the controller as the single point of failure. A cloud managed wireless LAN can allow access points to continue being operational  even when the connectivity the cloud based interface is down.

Doug Atkinson
Follow Doug