This page contains a Flash digital edition of a book.
Caught Between a Rock


[Wireless Demand] 22


ADDRESSING ACCESS VS. SECURITY ON HOSPITAL WIRELESS NETWORKS


BY DON FLUCKINGER H


ealthcare CIOs are caught between a rock (technology) and a hard place (regulation). On the one hand, demanding patients and


increasing numbers of wireless medical devices are requiring they open up their wireless networks. On the other, tighter rules for HIPAA privacy compliance are forcing them to lock networks down with encryption and tighter access control, lest they find their facility’s name posted on a government website in connection with a data breach.


3 Steps to Compliance For John Cameron, computer technical specialist


and wireless technician at the 121-bed Milford Regional Medical Center in Massachusetts, accommodating guests while maintaining HIPAA privacy compliance on the facility’s new wireless network begins with three technology measures: • Partitioning the network and keeping patient data and guest activity on separate partitions


• Limiting guest activity to the browser — that is, no virtual private networks, or VPN, or other applications


• Using public domain name servers, or DNS, for the guest partition, not the hospital’s own


Guidelines for New Equipment HIPAA guidelines also should be taken into account


when the hospital’s medical equipment buyers order new wireless gear, Cameron recommended. Not every monitoring device or wireless intravenous pump has the capacity to encrypt the bits of data that HIPAA protects, such as name and date of birth. That reality should be factored into buying decisions whenever possible.


On the same point, all the medical devices in use on a hospital’s wireless network should be evaluated and the security settings maxed out, he added. “Work with the [wireless and biomedical equipment]


vendors on getting the highest security level you can get with what you have,” Cameron said. “Biomedical gear is a couple years behind in the wireless field. Eventually, when they come on to the wireless, we need to make sure they can withstand a certain amount of encryption . . . and make sure it’s within the HIPAA guidelines.”


Keeping Patient Data Secure For Robert Mann, manager of information technology


for Westminster Canterbury Richmond, a continuing care retirement community in Virginia, the HIPAA wireless compliance problem is especially thorny. The community’s three-floor, 158-bed facility uses the network in delivering health care, but its 900 residents also access it for their personal use. That represents 900 more vulnerable points in the network for malware or other unauthorized access that hospitals with more transient populations might not have. Yet the facility chose to offer Internet to residents via Aruba Networks Inc. wireless gear because wiring the community’s 1970s-vintage buildings would have busted the budget. “We decided this would be a great place to kick off our


great enterprise wireless initiative,” said Mann, whose network recently was further upgraded to accommodate physicians and nurses accessing Westminster Canterbury’s electronic health record (EHR) system via laptops and bedside workstations on wheels. “This is going to give us real-time documentation,” he said.


CONNECTION


VOLUME 1 • ISSUE 2


©MARKO CEROVAC


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36