HIPAA provisions mandate Federal privacy protections for individually identifiable health information. Most health care providers, those responsible for health plans, and health care clearinghouses must comply with HIPAA regulations. When it comes to providers, the law states specifically that “those that conduct certain business electronically, such as electronically billing your health insurance,” must comply (emphasis added).
This electronic aspect ties in the WiFi network at any office, clinic, hospital, or nursing home as it’s often this network that makes it possible to conduct business electronically. If the network isn’t HIPAA compliant, serious privacy breaches can result.
Here’s how to ensure a secure and reliable healthcare WiFi network that promotes HIPAA compliance.
Ensure complete network visibility
IT and network professionals must have 24/7 network visibility. This includes visibility into infrastructure, devices, and both WiFi and non-WiFi sources of interference like nearby networks, microwaves, radiology equipment, and Bluetooth devices. This visibility is paramount because it allows IT to know immediately if there is any problem with network utilization or network performance that will impact secure health information. The complete visibility will also identify any unauthorized Access Points which could create a security breach.
Visibility should be accessible from any location at any time. This requires IT to have remote access to the network.
Proactively analyze network behavior
Any network problem needs to be resolved as quickly as possible, ideally before user experience suffers. IT must be alerted to the problem as soon as it occurs, rather than waiting for users to report issues.
Healthcare facilities can work with proactive analytics devices to deliver the necessary information. These devices use artificial intelligence and machine learning to learn to recognize normal network behavior. This allows them to also recognize and then immediately report any change in behavior.
Implement regular security testing
As a second proactive measure, facilities should implement regular security testing. Tests can be run either manually or automatically depending on the technology on hand. Working with an automatic testing tool frees up IT resources for other tasks and ensures that the tests can be run consistently, whether or not IT is onsite.
The tool should also automatically alert IT to any failures so that resolutions can be quickly implemented. When it comes to HIPAA and PII, there is no time to waste.
Separate networks
All private information should be separated from other WiFi network traffic. This minimizes the chance that it will be hacked by malicious users. The best practice is to deploy 3 SSIDs in a healthcare facility:
- SSID 1: This network is the most secure. It should use WPA3 encryption or WPA2 if WPA3 isn’t supported by all devices. This should be the only network with individually identifiable information.
- SSID 2: This can be a guest network. Facilities can choose to password protect it or require a User Agreement.
- SSID 3: This network is considered a “catch-all” for all other devices. Often, it is the network used by IoT devices like printers and thermostats that don’t have the same security protocols as other devices.
Bottom Line
Keep personally identifiable information and WiFi networks secure by limiting network access, and automatically and proactively alerting IT to all network activity and issues.
