We frequently get questions about whether this is a safe practice or not. Specifically, are WiFi networks HIPAA compliant?
Although we have seen articles stating that the answer is no, the correct answer is: it depends.
WiFi can indeed be implemented in a secure way that satisfies the HIPAA Security Rule (the HIPAA Security Rule actually does not mention any specific technologies like WiFi by name, but it does state that all system components have to be secure from internal and external threats to all protected patient healthcare data, whether from inappropriate access, loss or destruction).
However, like all technologies, WiFi can be implemented in ways that are not secure. Unfortunately, this is frequently the case, because all too often an inexperienced IT person will utilize the default factory settings on the WiFi equipment, or fail to properly set up encryption. Extra effort and expertise are required to make a WiFi network secure. Also, if a “public” (i.e., waiting room) WiFi network is provided by the ASC, it needs to be separate from the clinical WiFi network.
Failing to do so could allow just about any clever 12-year old with a WiFi laptop to hack into your network in about five minutes.
Mr. Jenkins, PhD, is founder and CEO of QSE Technologies, which provides IT consulting services for ASCs and other medical facilities nationwide. Learn more about QSE Technologies at www.qsetech.com.
