There are a lot of reasons it makes sense for a business to add public WiFi, and it's the same for hospitals and doctors' offices. Unfortunately, medical-related businesses have a big hurdle to surmount when implementing WiFi: HIPAA.
These regulations are in place to protect the sensitive private health data of individuals, but they can be a significant barrier to WiFi adoption. Worse, since regulations on electronic systems are lagging several years behind current technology, it's hard to know what systems even are HIPAA compliant.
In some cases, relevant regulations don't even exist - although that wouldn't stop them from being implemented.
So when a hospital looks into implementing a secure public WiFI system, security concerns are absolutely paramount. More than anything else, such a system needs to be completely segregated from your main business network.
Keeping A Secure Public WiFI Network At A Health Facility
1 - Implement a new physical network.
While not the easiest or most cost-effective method, in terms of security, this is the best option for health-care facilities looking to keep their data HIPAA-compliant. A separate physical network -without any ties to your business system- is going to almost immediately secure and compliant.
For smaller offices, you can usually work out a good deal with your Internet provider to run a second connection an access point for your public access. If it never touches your network, someone on it can't get access to patient records.
On the other hand, for a large facility - such as a hospital - this is an impractical solution since it requires two separate infrastructures and potentially dozens of access points.
2 - Subnet Segregation
For heath organizations that don't want the additional cost of more physical hardware, a separate virtual subnet on your existing network is generally a fine solution as well.
This requires access points that can handle broadcasting multiple IP addresses at once, but that's a common feature in all but the most inexpensive of networking hardware. Virtually any business-grade access point will have a "Guest Mode" that creates a new network SSID and keeps it separate from the rest of the network.
From there, sufficiently robust security policies can lock that network away from your work servers. If users on the guest network can only access the Internet, they're kept away from private information.
Many of the commercial-grade networking systems in the world, such as ADTRAN or Cisco's Meraki line, are built specifically to allow this level of segregation with a minimum of hassle.
3 - Hidden Internal SSIDs
For further security, it's simple to reconfigure your access points to use hidden SSIDs for your actual business network. These are network access points that don't broadcast their name to users nearby, so it's impossible to log in without first knowing
A)That there IS a hidden network, and
B)The exact specific SSID for that network, and
C)The password for it.
This is a very wise security policy for health care firms worried about HIPAA violations, since it vastly decreases the chances of a hacker breaking in from a private device.
4. Physical Safeguards
This one is simple and straightforward - your access points should be physically protected from unauthorized access. Either put them high on the ceiling, within drop-space or walls, or inside locked cages.
Nothing special or fancy is required, just an honest effort to keep them physically protected.
Remember To Consult Your Lawyer
While we try to provide accurate networking information, HIPAA regulations are extremely complex and often shifting. No one is going to be able to give you better advice about the legal regulations over your business than your own legal staff.
We're here to answer any questions you might have about implementing your network, but remember to double-check with Legal before going ahead.