BTW, we're going to try to work out something with the local hospital for
data storage. We want to do off site backup for them. Via a dedicated link
to a server that never touches the internet!
I'll be working on physical security of the server as well as the transport
needs. Issues like noc access and such.
We'll also be working on the frequency of the backups. ie: does the system
need to backup the data every time a change is made? Or only a few times
per day? Once per night?
I hope to meet with the hospital administrator here in a couple of weeks
when we're not both so swamped.
Marlon
(509) 982-2181 Equipment sales
(408) 907-6910 (Vonage) Consulting services
42846865 (icq) And I run my own wisp!
64.146.146.12 (net meeting)
www.odessaoffice.com/wireless
www.odessaoffice.com/marlon/cam
----- Original Message -----
From: "Peter R." <[EMAIL PROTECTED]>
To: "WISPA General List" <[email protected]>
Sent: Monday, November 27, 2006 2:44 PM
Subject: Re: [WISPA] Wireless Security biting you in the ass?
Great questions, Marlon!
You are correct that it is application/data encryption needed, not
transport security.
Every hospital has a HIPAA Officer. Talk to that person. By 2009, they all
have to have EMR and HIPPA compliance, along with some EDI with health
insurance payers.
- Peter Radizeski
Consultant to the Internet Stars :)
Marlon K. Schafer (509) 982-2181 wrote:
Officially, hippa compliance is a CLIENT issue. As long as the data is
properly encrypted there's no need for the transport to be.
Some will argue this (mainly the telco but sometimes the customer). It's
still a fact.
Questions to ask them.
What do the Doctors use for connectivity to their handheld devices?
Right, wireless.
What is the encryption mechanism on a t-1 or dsl link? Right, none.
What is the security on the cable network? Right, none.
Does the facility have a wireless network? Care to have me break into it
for you? (I'm told that WPA has now been cracked too.)
We went around in circles with a local Sheriff's office on this issue.
In the end it was decided that the only real way to be hippa compliant
was to encrypt the data AT THE PC level. ANYTHING done after that point
was all but useless. They confirmed this with the DOJ. All that's
needed is data security, not transport security. If transport security
is what's wanted then EVERY vlan switch, router etc. in the loop is a
possible security hole. This risk runs end to end, regardless of the
transport medium.
Good luck.
Marlon
--
WISPA Wireless List: [email protected]
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
--
WISPA Wireless List: [email protected]
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
