HIPAA Tip: Wireless Access Within the Organization

How is your wireless access set up within the organization? Are you asking yourself how it should be set up in order to reach HIPAA compliance and protect the environment?

A wireless access point is hardware that allows Wi-Fi devices to connect to a wired network. The access point typically connects to a router via a wired network.

Wireless access points are set up on a wireless local-area network (WLAN). A WLAN allows users to move around the coverage area, in an office, while maintaining a network connection.

A virtual local area network (VLAN) is a collection of devices or network nodes that communicate with one another, as if they made up a single local area network.

Healthcare organizations need to have wireless security measures in place that include:

• · Encrypted connection with Wi-Fi Protected Access 2 (WPA2)
• · Strong password requirements
• · Private/corporate wireless should ONLY be utilized for business devices (no staff should have the password and no personal devices should be connected to this)
• · A separate Guest wireless network can be utilized by staff and patients for internet connectivity on personal devices
• · Content Filtering needs to be in place on both the Guest and internal/private networks
• · Businesses should have multiple service set identifiers (SSIDs) that are not broadcast
• · Firmware on wireless controllers must be kept up to date, and when wireless devices are no longer supported (and patched) by the manufacturer, these should be replaced right away for organizational security

HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). ANATOMY_IT. can provide you peace of mind with our expert HIPAA compliance services. To learn more, contact us here.