Wireless

HIPAA Security Compliance 101 - Lesson 3

HIPAA Compliant Wireless Networks

Published on

We have received numerous inquires about what constitutes a HIPAA compliant wireless network. Here are our recommendations for physician offices and smaller medical facilities. Larger organizations may want to take further steps.

Following HIPAA security requirements, our recommendations are grouped by Administrative, Physical and Technical.

Administrative

  • Set a strong WLAN password (12+ chars, upper/lower case and numeric).
  • Change your SSID from factory default settings.
  • Establish requirements for devices that may connect to your internal network.
  • Include your WLAN configuration data as part of your site backup.

Physical

  • Maintain network equipment in a restricted access area.

Technical

  • Setup your wireless network with WPA2 encryption. Ensure that WEP and WPA are disabled, as they are not secure.
  • Also encrypt PHI while in motion, so it will remain secure even if your WLAN is compromised.
  • If you offer public Wi-Fi, use a separate SSID to separate this network from your internal network.
  • Your WLAN solution should allow an admin user to monitor user activity and selectively block traffic.