1.    Encrypt the Wi-Fi Transmission – This is much easier than it sounds.  Wireless routers and access points come with built-in encryption capability.  HIPAA requires the use of WPA2 (Wi-Fi Protected Access 2) which implements “strong” encryption standards.  Before purchasing the wireless router/access point, make sure that it supports WPA2.

2.    Separate Networks for Staff and Patients – Many wireless routers and access points support the establishment of a “guest” network that is separate from your LAN.  This will allow your patients to access the Internet in your waiting room without any exposure to your network that contains PHI.  If you plan on allowing patient’s access to the Internet while waiting for an appointment, be sure to purchase a router/access point that will support a “guest” network.  Don’t underestimate the junior high boy in your waiting room playing on his tablet while mom is having her teeth cleaned.  He may entertain himself by perusing some of your files.

3.    Establish Good Password Management Practices – Both the guest and the production networks are accessed through the entry of a password.  Change both passwords regularly.  If you have employee turn-over, change the password.  Upon departing, a disgruntled employee could sit in your parking lot and cause irreparable harm to your practice.

Before you introduced wireless to your practice, the physical security of locked doors provided a layer of protection to the PHI you’ve been entrusted. 

An intruder had to break into your office to get access to your data.  With wireless the doors are open, perhaps 24/7 if you don’t shut down the access after business hours. 

Wi-Fi is a powerful tool, but not using it securely would be a wrong click.

.