Officially, hippa compliance is a CLIENT issue. As long as the data is
properly encrypted there's no need for the transport to be.
Some will argue this (mainly the telco but sometimes the customer). It's
still a fact.
Questions to ask them.
What do the Doctors use for connectivity to their handheld devices? Right,
wireless.
What is the encryption mechanism on a t-1 or dsl link? Right, none.
What is the security on the cable network? Right, none.
Does the facility have a wireless network? Care to have me break into it
for you? (I'm told that WPA has now been cracked too.)
We went around in circles with a local Sheriff's office on this issue. In
the end it was decided that the only real way to be hippa compliant was to
encrypt the data AT THE PC level. ANYTHING done after that point was all
but useless. They confirmed this with the DOJ. All that's needed is data
security, not transport security. If transport security is what's wanted
then EVERY vlan switch, router etc. in the loop is a possible security hole.
This risk runs end to end, regardless of the transport medium.
Good luck.
Marlon
(509) 982-2181 Equipment sales
(408) 907-6910 (Vonage) Consulting services
42846865 (icq) And I run my own wisp!
64.146.146.12 (net meeting)
www.odessaoffice.com/wireless
www.odessaoffice.com/marlon/cam
----- Original Message -----
From: "John Scrivner" <[EMAIL PROTECTED]>
To: <wireless@wispa.org>
Sent: Monday, November 27, 2006 2:16 PM
Subject: [WISPA] Wireless Security biting you in the ass?
Wireless broadband security issues have now officially led to my business
being put into a bad light due to perceived lack of security. I am a
member of a regional broadband planning group that is working with health
care and other industry sectors to help deliver broadband options to all
areas that need it. Rural Health centers and hospitals are all over the
region and most need access to broadband which is highly secure. I need to
know what others have done to bring HIPAA compliance assurance to network
administrators and hospital personnel so that your solutions are chosen
and used for health care connectivity. Currently my services are not being
considered do to the perception of a lack of HIPAA security compliance. I
need to get on top of this right now and welcome your thoughts and ideas.
I would prefer to hear from those of you who have some actual knowledge of
delivering HIPAA compliant connections or those who provide equipment
which has been documented to meet HIPAA compliance.
Thank you,
John Scrivner
--
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
--
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/