I have a customer who works from home transcribing mammogram notes from
doctors into their system.  Their IT department put a Cisco VPN router at
the client side to connect to their VPN at the imaging center.  We discussed
HIPPA, and they were not worried about my side at all as they were
encrypting the data.  If it is a large enough organization, they will have
IT support that understand HIPPA vs. Telecommuting.

However, IT guys in large organizations tend to be skeptical of WISP service
as they have not seen it much so don't want to vouch for its reliability or
support it.

So you can get the IT guys into the conversation but beware of the
reluctance factor.

Mark Nash
Network Engineer
UnwiredOnline.Net
350 Holly Street
Junction City, OR 97448
http://www.uwol.net
541-998-5555
541-998-5599 fax

----- Original Message ----- 
From: "Tom DeReggi" <[EMAIL PROTECTED]>
To: "WISPA General List" <wireless@wispa.org>
Sent: Monday, November 27, 2006 3:23 PM
Subject: Re: [WISPA] Wireless Security biting you in the ass?


> I think its important to understand where the client's fear comes from.
Its
> thinking that they are opening their network wide up.
> HIPPA is making a client process compliant not the hardware itself, as
just
> mentioned by someone. But one of the processes is what network policies
does
> the hospitol allow that could compromise securty if it was not managed
> properly. They don't want something in palce that could be improperly
> managed.  The intent may not jsut be HIPPA compliance, but their own good
> judgement on how to keep data secure.  Its been written about on every
> corner how consumer wifi devices are hackable and not secure, and they
> remember that regardless if it has anything to do with your network. The
key
> is to not have the customer AP/WiFiCPE be the mechanism of implimenting
> security. When it is shown that a third party device or other internal
> processes are responsible for doing the security, it takes away the WIFI
as
> even being a variable to consider for breaching security.  They can't
> critisize wifi for security if the securing method is not the wifi device.
> The last thing you want is to have your service be slow to be bought
because
> some technical bouard is debating for months and months that security
risks
> of your network. Just take it out of the equation, so there is no delay in
> buying your service, and they can figure out how to secure their network
as
> a seperate transaction.
>
> Tom DeReggi
> RapidDSL & Wireless, Inc
> IntAirNet- Fixed Wireless Broadband
>
>
> ----- Original Message ----- 
> From: "Dennis Burgess - 2K Wireless" <[EMAIL PROTECTED]>
> To: "'WISPA General List'" <wireless@wispa.org>
> Sent: Monday, November 27, 2006 5:32 PM
> Subject: RE: [WISPA] Wireless Security biting you in the ass?
>
>
> > John,
> >
> > Do you have a listing of HIPPA security needs?
> >
> >
> > One thing you can do is provide a secure tunnel, IPSEC is best, or a
> > security on top of security approach.  This tunnel will run from your
> > customer equipment, his hospital, etc, to your boarder router etc that
is
> > connected via fiber or land line.  At that point it is as secure as you
> > can
> > get it.
> >
> > So, if you use WEP, Ya security sux, but then put IPSEC inside that WEP
> > packet, now you are talking.  T1s can be tapped, seen it done.  So with
> > the
> > WEP and IPSEC you are always talking secure.  Add on top of that, the
> > application, and whatever it uses for security, HTTPS, etc.
> >
> > It's a custom solution to a simple problem.  The only thing now that
they
> > could complain about is what about someone sitting in the parking lot
> > listening to packets sent and received.  Can they do that with a T1 etc,
> > well, ya you can TAP a T1, usually done on the switch side of things?
All
> > you can do then is maybe offer a dedicated backhaul to them, with a
> > proportery protocol, something like Nstream would work, so now you have
> > Nstream, running WEP encrypted packets that has IPSEC packets inside
that.
> > If the break it, they should get the data for the work they had to do.
> > Or
> > put up something like a optical service if you are close!  That would
> > eliminate that.
> >
> > Another question I would have to ask is, how secure is cable or DSL?
> > Figure
> > this, DSL lets every customer off of their DSLAM to coomuncate  to each
> > other, so does cable.  If someone had the right cable modem and off the
> > same
> > segment, sure, they can capture every package that is going across the
> > cable
> > line!
> >
> > Thoughts.
> >
> > Dennis Burgess, MCP, CCNA, A+, N+, Mikrotik Certified
> > [EMAIL PROTECTED]
> > www.2kwireless.com
> >
> > 2K Wireless provides high-speed internet access, along with network
> > consulting for WISPs, and business's with a focus on TCP/IP networking,
> > security, and Mikrotik routers.
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> > Behalf Of John Scrivner
> > Sent: Monday, November 27, 2006 4:17 PM
> > To: wireless@wispa.org
> > Subject: [WISPA] Wireless Security biting you in the ass?
> >
> > Wireless broadband security issues have now officially led to my
> > business being put into a bad light due to perceived lack of security. I
> > am a member of a regional broadband planning group that is working with
> > health care and other industry sectors to help deliver broadband options
> > to all areas that need it. Rural Health centers and hospitals are all
> > over the region and most need access to broadband which is highly
> > secure. I need to know what others have done to bring HIPAA compliance
> > assurance to network administrators and hospital personnel so that your
> > solutions are chosen and used for health care connectivity. Currently my
> > services are not being considered do to the perception of a lack of
> > HIPAA security compliance. I need to get on top of this right now and
> > welcome your thoughts and ideas. I would prefer to hear from those of
> > you who have some actual knowledge of delivering HIPAA compliant
> > connections or those who provide equipment which has been documented to
> > meet HIPAA compliance.
> > Thank you,
> > John Scrivner
> >
> > -- 
> > WISPA Wireless List: wireless@wispa.org
> >
> > Subscribe/Unsubscribe:
> > http://lists.wispa.org/mailman/listinfo/wireless
> >
> > Archives: http://lists.wispa.org/pipermail/wireless/
> >
> >
> >
> > -- 
> > WISPA Wireless List: wireless@wispa.org
> >
> > Subscribe/Unsubscribe:
> > http://lists.wispa.org/mailman/listinfo/wireless
> >
> > Archives: http://lists.wispa.org/pipermail/wireless/
>
> -- 
> WISPA Wireless List: wireless@wispa.org
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
>


-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Reply via email to