Questions about VPN

[jim200]

I have a friend who is a physician, and he's asked me to help him network his office and 3 examination rooms. I have no problem with this, as I've set up a few home networks.

My question is: Is he a candidate for a VPN?
He has cable internet at both his office and his home. He will be using medical charting software and saving the data to the office computer. Since the information is private, it will need to be very secure.

If this is a good idea, can you recommend a router, and will any additional software be needed in addition to WinXP Pro?

Thanks

 

[RebateMonger]

Although, in my experience, may physicians don't seem to care about HIPAA, there are Federal regulations about data privacy and data protection when you start recording patient information on PCs. Getting involved in this area of IT without knowledge of the regulations might not be a good idea, since you could end up partially responsible for any violations.

Regarding your technical question:
If you are asking about being able to remotely view charts from home, the fastest and most secure way would be to use something like Remote Desktop, perhaps with some additional connection encryption (such as a VPN). Remote Desktop would keep the actual data from being spread to the Doctor's home, where it creates an additional data security problem.

 

[Net]

exactly. vpn + remote desktop is good.

offtopic: if he is running wireless see if you can upgrade him to wpa2 (check driver updates, etc.. to see if he is compatable.) or wpa if he can't get wpa2.

 

[jim200]

Thanks for the feedback. I hadn't even thought about HIPAA, and will address that with him over the weekend. We probably won't go the VPN route, I was just thinking that it would would allow him a lot more time at home.

As far as wireless, he has stated that he definitely wanted to go with wired.

Thanks again-

 

[JackMDS]

In cases like this it is recommended to take a consultant that specializing in HIPPA.

The HIPPA is Not enforced by active inspections, but when something would eventually be compromised and it would discovered that HIPAA guide line were not used, your friend would lose his "pants" in a malpractice law suit.

 

[ng12345]

based on what i read on hipaa -- you need to take appropriate measures to ensure the encryption of your data;

wouldn't remote desktop on high encryption suffice?

 

[jim200]

Originally posted by: JackMDS
In cases like this it is recommended to take a consultant that specializing in HIPPA.

The HIPPA is Not enforced by active inspections, but when something would eventually be compromised and it would discovered that HIPAA guide line were not used, your friend would lose his "pants" in a malpractice law suit.

Excellent suggestion - I will run that by him. Tomorrow we're going to run all the cat5. He still needs to purchase the 3 client computers, so he has a week or 2 to cover his bases with HIPAA. I agree that he needs to PAY an expert to make sure everything is legal.

 

[seepy83]

I work in a benefit funds office...it's for a labor union. We're HIPAA regulated because we process Health Claims and do EDI with health insurance providers like anthem blue cross. in order to comply with our HIPAA policies and procedures, we have a VPN connection for ALL remote access. We have a sonicwall firewall and use the SonicWall Global VPN Client. We're also making a lot of other changes to our entire IT infrastructure because of HIPAA regulations (it all should have been done years ago, but the regulations were partially ignored). Anyway...the point is, when you're dealing with an organization that's HIPAA regulated, it plays a huge role in any and all parts of their IT, and using a consultant that specializes in HIPAA is the best way to ensure you're safe and it's worth every penny.