3 Questions: How HIPAA affects the mobile workforce
Takeaway: In this interview, a senior security analyst with Fortrex discusses the effect of HIPAA on security issues, specifically the impact on people who use mobile computing devices.
By Carl Weinschenk
With Lee Kelly, senior security analyst at Fortrex: During the past year, the financial and healthcare industries have been subject to new rules and regulations concerning the handling of sensitive information. Among other things, Fortrex advises healthcare-related businesses on security issues.
This interview originally appeared in the IT Business Edge weekly report on Empowering a Mobile Workforce. To see a complete listing of IT Business Edge weekly reports or sign up for this free technology intelligence agent, visit www.itbusinessedge.com.
Question: How does The Health Insurance Portability and Accountability Act (HIPAA) impact people who use mobile computing devices?
Kelly: They have to pay attention as well. Take the healthcare field. Companies potentially transmit, store, and process PHI [Protected Health Information]. The wireless network is just an extension of current networks, but their use has different ramifications. For a wireless computer to connect to a network, it sends a signal to an access point. The AP can broadcast that signal over a wide area and anyone potentially can connect. The stories you hear about people driving by, sitting in parking lots and connecting are true. In a traditional wired network, you don't have that.
Question: What do you recommend?
Kelly: First: Use wireless only based on business need, not because it's the latest and greatest high-tech toy. Second, in the configuration of the AP, it is crucial to do things like not broadcast the AP signal, filter or restrict who can connect through the AP and, above all—even if you do the other two—encrypt the traffic. Where you place the AP in the overall network architecture is also critical. We generally recommend that it go in a DMZ, just in case someone breaks in.
Question: It seems that in healthcare, groups of folks that aren't as aware of regulations might be using the gear. Is this a potential problem?
Kelly: For example, at a teaching hospital, students may use wireless devices to go on rounds and to do school work and clinical work. They may be using the same devices at home. In some cases, the PDA may be used for the student's personal life as well. Now you would have [PHI] data stored on that device being taken to parties, being taken home. It does expose data to risk. It needs to be looked at with common sense.
SponsoredWhite Papers, Webcasts, and Downloads
- Is power your weakest link in data center flexibility? Key considerations for power systems in adaptive IT environments Eaton Corp.
- Real-Time Capacity Optimization Solutions Storwize
- The Social Enterprise: Using Social Enterprise Applications to Enable the Next Wave of Knowledge Worker Productivity Oracle
- Web 2.0 for the Enterprise: Setting the Foundation for Success Oracle
- Stay Ahead of the Hackers: Strategies to Protect your Web Applications - and Your Organization IBM
Article Categories
- Security
- Security Solutions, IT Locksmith
- Networking and Communications
- E-mail Administration NetNote, Cisco Routers and Switches
- CIO and IT Management
- Project Management, CIO Issues, Strategies that Scale
- Desktops, Laptops & OS
- Windows 2000 Professional, Microsoft Word, Microsoft Excel, Microsoft Access, Windows XP,
- Data Management
- Oracle, SQL Server
- Servers
- Windows NT, Linux NetNote, Windows Server 2003
- Career Development
- Geek Trivia
- Software/Web Development
- Web Development Zone, Visual Basic, .NET
