Educause Security Discussion mailing list archives
Re: HIPPA and Wireless Network Security
From: Doug Markiewicz <dmarkiew+educause () ANDREW CMU EDU>
Date: Tue, 10 Jun 2008 16:29:54 -0400
The HIPAA Security Rule doesn't get that specific. Below is a snippet from the Security Rule that would apply to a wireless network that transmits ePHI. --- <snippet> --- 164.312(e)(1) Standard: Transmission security. Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network. 164.312(e)(2) Implementation specification: (i) Integrity controls (Addressable). Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of. (ii) Encryption (Addressable). Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate. --- </snippet> --- The fact that both implementation specifications are "addressable" means you have some leeway in what you decide to do as long as you document your controls and how they address the specified requirements. In a perfect world, I would strive for adherence to the 802.11i standard. Alas, its not a perfect world. :-) Hope this helps. Babb, Robert wrote:
Hi All, Does anybody know if there is a specific wireless security requirement in HIPPA (i.e. WPA w/AES, 802.1X)? Thank You, Robert Babb Network Manager Information Technology Services Union College
Current thread:
- HIPPA and Wireless Network Security Babb, Robert (Jun 10)
- <Possible follow-ups>
- Re: HIPPA and Wireless Network Security Doug Markiewicz (Jun 10)