{% set baseFontFamily = "Open Sans" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Open Sans" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1100px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '40px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

4 Steps To Updating Your Clinic To a HIPAA Compliant Network

by John Ciarlone on March 26, 2014

If you have a health care facility of any sort in the United States, HIPAA regulations are a major concern. These how to become hippa compliant laws are designed to protect the private data and information of those receiving health care, and their enforcement is taken very seriously.

At the end of the day, there are few personal revelations that can be more damaging to a person than a release of their medical records, so it's vital every health care provider take their data-handling responsibilities seriously.

While HIPAA regulations are extremely complex, and you should always double-check with your lawyer, we've got some general tips for helping make your network compliant.

Short on time? Download our guide to network security and PCI compliance for  tips on how to keep your network secure


HIPAA Compliance Checklist 


1 - Physical Security

One burden of HIPAA beyond that of most networks is that you need to keep your hardware physically secured. While it's certainly a good idea for anyone to keep their server room locked, this is generally a requirement for health care businesses.

Similarly, your access points also need to be physically secured in some way, since a clever hacker can sometimes gain access to a network if they can get their hands on the wireless access point. Your access points should be kept away from visitors, by:

  • Placing them high on the ceiling,

  • Putting them inside ceiling dropspace, or within walls,

  • Or using a locked cage of some sort that prevents physical access.

There's nothing special required here, just a good-faith effort to keep your hardware secure from unauthorized physical intrusion.

2 - Network Segregation

In terms of setting up your network topography, it boils down to this: Patients, visitors, and anyone else not cleared to access patient records need to be kept far away from them.

Generally, the most secure methods involve simply wiring up a separate physical network. If your public Internet access is no way touches your business network, unauthorized intrusions are virtually impossible.

Otherwise, most business-grade wireless access points allow the creation of "guest account" networks, which are kept on separate subnets. When backed up bhipaa compliant network y robust security policies ensuring that subnet is isolated, this is nearly as secure as a physically separate system.

Under no circumstances should you allow a guest access to your primary business network, ever. It's a huge security risk, and one that's unwarranted.


3 - Employee Training

Proper staff training is another vital element.  Every worker with access to patient records must be kept up-to-date on policies regarding the handling of NPI. (Non-Public Information.) This should include:

  • Password selection and protection procedures

  • Training on how to recognize and avoid "social engineering"

  • Data collection, storage, and deletion policies

  • Legal liabilities and responsibilities

Remember, the "human element" is often the most vulnerable area of network security. No one can train your staff in secure data handling procedures except you, and if they drop the ball, it's your clinic that takes the heat.


4 - Error And Breach Reporting

Finally, compliant systems are required to have robust tracking and reporting of all discrepancies, errors, and breaches as they occur. HIPAA regulations require prompt notification if a patient's information is stolen.

Experiencing a data breach is bad. Attempting to cover up that data breach is much, much worse if a company is caught sweeping an intrusion under the rug.

Even if you (wisely) hope they'll never be utilized, you must have collation and reporting procedures in places to disseminate information about an attack if it occurs. The penalties for failing to report a data breach are too steep to ignore.


HIPAA Compliant Networks Help A Clinic Succeed

Having in-office WiFi and guest access is a good idea for virtually any organization with walk-in business, and it's no different for medical clinics. As long as you stay within HIPAA regulations, there's no reason you can't implement a robust and useful WiFi network.

And for more tips on securing your network, please don't hesitate to contact us with your questions!

patient records

Topics: Wireless