HIPAA Wi-Fi Guidelines

Jeff over at HIPAA Blog has some Wi-Fi and HIPAA Integration guidelines, courtesy of Hospital Compliance Wire:

1. Make sure the wi-fi access for your patients is separate from your clinical information systems. It should operate as if the wi-fi access route was operated by the business next door. Remember, even if your clinical systems aren’t wireless now, they may be in the future, so you definitely want to keep “customer” access separate from “employee” access.

2. Use a static portal as your log-in rules of the road. Have wi-fi access go through that portal page first, and include on it your rules for patient access. Remind patients to respect others in the waiting room and be considerate about what they are accessing (porn, gambling, rap music, you get the idea). When listing terms and conditions, give examples.

3. Make sure your signal isn’t so strong that it allows access to people outside your office. You may find some big bandwidth costs if someone camps onto your wi-fi from your parking lot.

4. Monitor wireless use. The worst thing you could do is install wi-fi and not monitor it, only to find that a patient or visitor has used your wi-fi to hack into your systems. Look for loopholes and trouble spots. Malicious visitors are always looking for weak spots, and technology constantly changes to invent new ways to breach old security measures.

I wouldn’t be surprised if there were many doctor’s offices around the country who have installed Wi-Fi networks but failed to secure them.

Hackers beware though – the fines / penalties for violating medical privacy rights could be much stiffer than your average hack target.

Sorry, comments are closed for this post.