If you're interested in this you should talk to a local Fort Wayne company, EXTENSION Inc. This is their bread and butter. Several of their staff are FW-LUG members.
Medical data is not special. It is no different from blueprints, financial data, credit card transactions, or any other data that must not be disclosed about a company or its customers. Travis touched on a few of these already. The typical process in ANY clinical application running on a consumer grade wireless device is simple: - wireless encryption, WPA2 - very specific MAC rules, if you don't know the device it gets a guest network at best not the corporate network. This applies to wired and wireless. - HTTPS to any web-based applications, any fat clients must also use some encrypted channel, SSL, SSH, etc. - Each application must authenticate users - Logins should lock/timeout during inactivity - Each application and network device should be capable of auditing access The last point is key to HIPPA compliance. Its only partially about blocking access from bad actors, a lot of it is about being able to audit access from employees. I'm told its similar to SOX in many ways. Medical data is very important and very personal, but its not magic. You secure it like any other data. With modern devices there is very little overhead to run a secure network and secure channels. On Mon, Mar 14, 2011 at 12:31 PM, Rich Gilson <[email protected]> wrote: > From my experience, it's not so much a matter of consume grade hardware, > it's a matter of how they do the encryption and authentication. > > What I would recommend would be a mixture of activating TCP/IP packet > encryption on all traffic on the network (wired and wireless) as well as > implementing a certificate-based authentication server where you can only > get authenticated to the network if you have a valid certificate file. > > It's been a while since I've looked at this stuff, but maybe this is useful > as a starting point. > > Rich Gilson > > On Mon, Mar 14, 2011 at 12:24 PM, Simón Ruiz <[email protected]> wrote: >> >> Hey, I was asked a question by my father-in-law about what sort of >> hardware he might use to connect WiFi tablets to their medical >> office's system specifically to interact with their EMR software, >> which means legally sensitive information would need to be transmitted >> wirelessly. >> >> Does anyone have experience with the practical/legal implications? >> >> What level of security, or what type of security scheme, would be >> appropriate for this type of use-case? >> >> I understand it's dead easy to crack WEP encryption, and not too hard >> to crack WPA, so most consumer level devices would be dangerous to try >> to use, right? >> >> Any ideas? >> >> Simón >> >> _______________________________________________ >> Fwlug mailing list >> [email protected] >> http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org >> >> This is a public list and all posts are archived publicly. Please keep >> this in mind before posting. > > > _______________________________________________ > Fwlug mailing list > [email protected] > http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org > > This is a public list and all posts are archived publicly. Please keep this > in mind before posting. > > -- ----- Jonathan Bartels _______________________________________________ Fwlug mailing list [email protected] http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org This is a public list and all posts are archived publicly. Please keep this in mind before posting.
