Wireless Security: Shoring Up the Weakest Link

Healthcare workers can't see them, but they know they grant instantaneous, on-the-fly access to clinical information systems and EMRs. Wireless networks - that "invisible" technology taking healthcare by storm - are redefining boundaries and changing the paradigm of patient care. As Wi-Fi technology abounds, patients are now being given user names and passwords, and sometimes loaned a laptop computer, so that they too can access the internet. However, no matter the complexity, sophistication or size of a wireless infrastructure, healthcare providers must ensure their wireless network is secure and that there are no weak links in the chain.

You may have noticed that wireless devices and thus wireless network technology is very popular in healthcare today. A recent study by the San Francisco-based Focal Point Group LLC predicts that spending for wireless healthcare applications will reach $7 billion by 2010. Information that was once only accessible via a paper chart is now accessible via secure wireless connections and compact, sophisticated wireless devices.

While the doctor down the hall uses a tablet PC to order medications and a nurse wheels around a laptop to access electronically stored medical records, a patient in another room may be surfing the web or answering emails. High-speed wireless access for patients and visitors is a new paradigm in healthcare. It requires various levels of security and an IT staff that is always aware of its network's integrity. Albeit not impossible, rigid security applications are a must in lieu of strict HIPAA rules that mandate patient confidentiality.

Patients gain access too

Bronson Methodist Hospital, the flagship of Bronson Healthcare Group, a not-for-profit healthcare system serving all of southwest Michigan and northern Indiana is taking Wi-Fi to heart. With 343 licensed beds, Bronson provides care in every specialty and is a Level 1 Trauma Center. The hospital implemented a Cisco wireless infrastructure and is using it for clinical documentation, voice over Wi-Fi and asset tracking. A wireless "hot spot" grants guest access for patients and visitors, says Brian Lindsey, network engineer for Bronson. The network that is used to access patient health information has been secured with 802.1x authentication with TKIP (temporal key integrity protocol) encryption. "We also have put a firewall between our wireless network and our wired network," explains Lindsey. "We also have SSL (secured transmission) encrypted any application that contains patient health information."

On the other hand, the network used by patients has no authentication or encryption. Virtually - through software configurations within the infrastructure hardware - patients can access the internet through a separate network. Patients cannot, however, access the hospital network resources, such as patient care information. Bronson has securely segmented its private network to ensure that access is granted to specified users only.

One of the biggest challenges for Bronson has been getting their authentication and encryption to work from end to end. "We must make sure that every wireless device we purchase is fully compatible with our network configuration," says Lindsey. "The devices must work with the authentication and encryption methods we have chosen."

What guarantees round-the-clock security? "The ability to manage it effectively," says Lindsey. "You have to be able to manage the network and you need the visual component of the management. You need to be able to see what is going on in your RF space."

2 networks, 2 purposes

Colorado Hematology and Oncology Clinic in Denver installed a wireless network for its employees as well as a separate wireless network for patients. The network must be secure from all angles, which is why CHO's arsenal of wireless security devices include firewalls from SonicWall, including the Pro 2040 and Pro 4060, that help mitigate the threat of rogue users hacking into the hospital's private network.

CHO installed a secure, internal wireless network so that doctors can access an electronic medical record (EMR) system. Nurses and medical assistants utilize wireless tablets to access medical records, input vital signs and update important patient information. In addition, at home doctors have a firewall that permits remote access to the CHO network and maintains network security. CHO patients and visitors can log onto the internet via separate wireless connection once they receive a user name and password.

So that only doctors and nurses have access to private information contained in the EMR, the wireless network does not broadcast its SSID (service set identifier) and it has WEP (wired equivalent privacy) encryption. Tablets are the only devices specifically configured to interface with CHO's private network. On the patient side, CHO installed SonicWall's SonicPoints to ensure that patients are only given internet access. SonicPoints are dependent access points that provide secure wireless LAN connectivity to users on the network.

An important patient care aspect of CHO's secure wireless access is that it allows doctors, nurses and assistants to view a patient's chart and answer questions and/or prescribe treatment without having to be hardwire-connected to the network. "This is a huge benefit," says Roy Merrill, practice administrator for CHO. "With the complete medical record at your fingertips, patient care is greatly improved."

The ability to effectively control and manage wireless access to specified users and specified resources such as clinical information systems and EMRs is a critical aspect of security when utilizing wireless technology in a healthcare facility. Various levels of security must be utilized so that healthcare workers can reliably access information systems and securely input vital patient information at the point of care, while patients use the internet but pose no threat to the integrity of the wireless network.