Wi-Fi needs tight security to avoid problems
Wi-Fi needs tight security to avoid problems
Free wireless Internet access, known as Wi-Fi, is offered in many retail establishments and public buildings, allowing customers and visitors to access the Internet with their laptop computers and cell phones. But as health care providers venture into offering this convenience, questions arise about network security and possible breaches of sensitive data.
The risks should not deter health care providers from offering Wi-Fi, but some precautions are necessary, says Wade Williamson, director of product management at AirMagnet, a Sunnyvale, CA, company that offers Wi-Fi security consulting. He recently studied Wi-Fi in hospitals around the country and found what he calls an "alarming" lack of security in some facilities.
Securing the Wi-Fi offered as a convenience is fairly simple, he says. Make it a completely separate network from any other Wi-Fi that is used in the facility - such as the wireless service used by employees to access any provider computer network.
"We often see that there is a wireless network in the hospital that is used to track access badges or critical equipment, or to allow the staff to sign on to the system from a work station or the patient's bedside. There usually are extensive wireless systems in a health care facility, so when you want to provide a service to patients and visitors, there is a temptation to just branch off of that," he says. "That is a mistake."
Any system that carries patient data and other sensitive information must have extremely tight security, but the system, offered as a convenience, can be basic and provide no more than direct access to the Internet, Williamson says. That system should be no more capable of accessing the health provider's computer system than if the user were sitting at home working on his or her own PC.
Jörg Hirschmann, chief technical officer with NCP Engineering, a wireless network company in San Francisco, agrees that the key for a public access Wi-Fi system is to keep the user out of the provider's internal system.
"The benefit in this scenario is that you can offer a wireless network to your patients and visitors without this becoming a major challenge in terms of providing adequate security. The level of security needed for this system, if it is separate from any network that includes sensitive data, is not so substantial that it should be a deterrent to offering this service," Hirschmann says. "Once you have access in any way to the other network, security becomes a far more complex challenge. It can be done, but it is much more complex."
The details concerning exactly how to secure any Wi-Fi network, especially one with sensitive patient data, can be highly technical, but Williamson advises risk managers to consult closely with the IT department to ensure that there is an absolute separation - not just a firewall or some type of divide between the public side and the internal side of a network. The security necessary for the facility's internal wireless network, which includes patient information and other sensitive data, can be quite extensive and highly technical, whereas the security on a public network can be relatively simple, because there is no crossover with the sensitive data.
Offering Wi-Fi is popular with patients. In 2003, Crutchfield Dermatology in Eagan, MN, was the first dermatology clinic in the state to offer Wi-Fi in the reception area, and Charles E. Crutchfield III, MD, says he decided to offer it one day when he noticed while ordering coffee at a coffee shop that many of the patrons were using the Internet. Wi-Fi helps patients increase their productivity and increase their perception of value in attending the medical clinic, he says.
The primary concern was to make sure that when patients were on the Internet, they had no access to any of the practice's corporate information or medical records, so Crutchfield set up a completely separate network for Wi-Fi in the reception area. The cost was about $1,000.
"Our patients are thrilled, and I receive compliments on a regular basis from patients, especially parents who are waiting for their children during appointments so they can maintain productivity in the reception area," he says. "Additionally, the Wi-Fi reaches into the exam rooms, so oftentimes when the patients are waiting a few minutes in the exam rooms to be seen, they can also continue their productive work."
Sources
For more information on Wi-Fi security, contact:
Charles E. Crutchfield III, MD, Crutchfield Dermatology, Eagan, MN. Telephone: (651) 209-3600. E-mail: [email protected].
Jörg Hirschmann, Chief Technical Officer, NCP Engineering, San Francisco. Telephone: (415) 248-1249. E-mail: [email protected].
Wade Williamson, Director of Product Management, AirMagnet, Sunnyvale, CA. Telephone: (408) 400-0200.
Free wireless Internet access, known as Wi-Fi, is offered in many retail establishments and public buildings, allowing customers and visitors to access the Internet with their laptop computers and cell phones. But as health care providers venture into offering this convenience, questions arise about network security and possible breaches of sensitive data.Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.