HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper



Similar documents
The next generation of knowledge and expertise Wireless Security Basics

Security in Wireless Local Area Network

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

WI-FI VS. BLUETOOTH TWO OUTSTANDING RADIO TECHNOLOGIES FOR DEDICATED PAYMENT APPLICATION

Link Layer and Network Layer Security for Wireless Networks

How To Protect A Wireless Lan From A Rogue Access Point

Best Practices for Outdoor Wireless Security

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Industrial Communication. Securing Industrial Wireless

Wireless VPN White Paper. WIALAN Technologies, Inc.

HANDBOOK 8 NETWORK SECURITY Version 1.0

Wireless Network Policy

Running Head: WIRELESS DATA NETWORK SECURITY FOR HOSTPITALS

HIPAA Compliance and Wireless Networks

Wireless LANs vs. Wireless WANs

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Deploy WiFi Quickly and Easily

This KnowledgeShare document addresses the main types of wireless networking today based on the IEEE standard.

HIPAA Compliance and Wireless Networks Cranite Systems, Inc. All Rights Reserved.

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Wireless Encryption Protection

Link Layer and Network Layer Security for Wireless Networks

Wireless Security with Cyberoam

Motorola Wireless Broadband. Point-to-Multipoint (PMP) Access Network Solutions

An Introduction to HIPAA and how it relates to docstar

INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ ITMC TECH TIP ROB COONCE, MARCH 2008

How Managed File Transfer Addresses HIPAA Requirements for ephi

For more information on how to build a HIPAA-compliant wireless network with Lutrum, please contact us today!

Defense in Cyber Space Beating Cyber Threats that Target Mesh Networks

ICANWK406A Install, configure and test network security

Network Security 101 Multiple Tactics for Multi-layered Security

Demystifying Wireless for Real-World Measurement Applications

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3

EPL 657 Wireless Networks

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science

HIPAA Compliance for Mobile Healthcare. Peter J. Haigh, FHIMSS Verizon

Introduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI

TeleGuard 5GHz Point To Point Broadband Radio Ethernet

ADM:49 DPS POLICY MANUAL Page 1 of 5

NEW WORLD TELECOMMUNICATIONS LIMITED. 2 nd Trial Test Report on 3.5GHz Broadband Wireless Access Technology

Wireless Network Standard and Guidelines

Remote Access Security

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

802.11b and associated network security risks for the home user

Attenuation (amplitude of the wave loses strength thereby the signal power) Refraction Reflection Shadowing Scattering Diffraction

HughesNet Broadband VPN End-to-End Security Using the Cisco 87x

Wireless Security and Healthcare Going Beyond IEEE i to Truly Ensure HIPAA Compliance

Frequency Hopping Spread Spectrum (FHSS) vs. Direct Sequence Spread Spectrum (DSSS) in Broadband Wireless Access (BWA) and Wireless LAN (WLAN)

Wireless Network Analysis. Complete Network Monitoring and Analysis for a/b/g/n

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

: The New Standard In Wireless Broadband

Computer Networking Networks

Wireless Local Area Networking (WLAN) Security Assessment And Countermeasures

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

CWNA: Official Certification Guide Unit 1 Introduction to Wireless LANs

White Paper. D-Link International Tel: (65) , Fax: (65) Web:

Wireless LAN advantages. Wireless LAN. Wireless LAN disadvantages. Wireless LAN disadvantages WLAN:

ITL BULLETIN FOR AUGUST 2012

Product Overview. Steve Erickson

Recommended Wireless Local Area Network Architecture

Network Security Best Practices

WIRELESS BROADBAND SOLUTIONS FOR CABLE OPERATORS

Exam Name: Cisco Sales Associate Exam Exam Type: Cisco Exam Code: Doc Type: Q & A with Explanations Total Questions: 50

CHIS, Inc. Privacy General Guidelines

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

Wireless Ethernet LAN (WLAN) General a/802.11b/802.11g FAQ

A NIMS Smart Practice

Wireless Security. New Standards for Encryption and Authentication. Ann Geyer

Steelcape Product Overview and Functional Description

Vocera Communications: HIPAA Data Security and Privacy Standards for Voice Communications Over a Wireless LAN

Wharf T&T Limited Report of Wireless LAN Technology Trial Version: 1.0 Date: 26 Jan Wharf T&T Limited. Version: 1.0 Date: 26 January 2004

Observer Analyzer Provides In-Depth Management

Wireless LAN Concepts

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Spacenet Security over VSAT Networks

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Logitech Advanced 2.4 GHz Technology

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Networking: Certified Wireless Network Administrator Wi Fi Engineering CWNA

CWNA Instructor Led Course Outline

Portable Wireless Mesh Networks: Competitive Differentiation

Wi-Fi in Healthcare:

Transcription:

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper Rev 1.0

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems This white paper will investigate the impact of the Health Insurance Portability and Accountability Act (HIPAA) as it pertains to the secure data transport of personal information over Trango Broadband Fixed Wireless Access (BFWA) systems. HIPAA legislation raises concerns and security challenges for the healthcare community when deploying a variety of wireless connectivity solutions as part of their communications network. Specific focus will be made on the relevant HIPAA regulations as they relate to security issues and deployment of Trango BFWA systems. HIPAA and Its Relevance to BFWA Systems The Health Insurance Portability and Accountability Act (HIPAA), passed in 1996, mandates that healthcare providers and facilities covered under the Act take appropriate minimum measures to ensure the confidentiality and protection of client personal information. The impact of this legislation is far reaching and the enforcement regulations developed under HIPAA by the Department of Health and Human Services (DHHS) will demand attention and action as the deadlines for compliance draw closer. Healthcare managers and IT professionals are continually assessing the ability of data communications solutions they deploy to provide HIPAA compliance. Broadband Fixed Wireless Access systems are but one component in support of wired Local Area Networks (LAN) and wireless networking technologies that are growing in popularity within healthcare organizations. A wireless system such as Wireless Local Area Networks (WLAN) and the availability of wireless enabled devices are effectively increasing the efficiencies and productivity of clinical staff and are helping to reduce administrative health care costs. BFWA systems are usually deployed as Point-to-Point (PtP) or Point-to-Multipoint (PtMP) wireless connections between physically desperate LAN and WLAN communication nodes. Since wireless network transport technologies are inherently open systems as they broadcast signals into the public domain, securing the integrity of over-the-air personal information data content raises significant concerns within healthcare organizations as they endeavor to address HIPAA security standards and guidelines. HIPAA and the associated DHHS regulations represent fairly complex requirements that cover a variety of privacy issues surrounding personal health information and information management. It should be realized that no one technology affords complete compliance to all HIPAA guidelines and additional protection strategies must be developed throughout an organization. Thus, deployment of BFWA networking solutions must be combined with other security controls and mechanisms as part of an overall management strategy and policy to effectively meet security standards as proposed under HIPAA. This paper will endeavor to address the following topics: HIPAA and the proposed DHHS security regulations Security considerations of Trango BFWA systems Security features supporting HIPAA compliance White Paper Rev 1.0 1

HIPAA compliance for wireless deployments in support of healthcare organizations must take into consideration comprehensive administrative, physical, and technical security mechanisms as outlined by 45 CFR Part 142. The five relevant areas of security implementations covered by this regulation are listed below with each one briefly described further. They are covered in detail by a subsection of the regulation. Administrative Procedures Physical Safeguards Technical Security Services Technical Security Mechanisms Electronic Signature Standard Administrative Procedures The proposed HIPAA security standard requires that certain administrative and procedural controls be in place within a covered organization to protect data integrity, confidentiality, and availability. These provisions define high-level policy and procedural infrastructures and are non-technical in nature. These procedures include such issues as certification of the security of computer systems or network designs, information access control for granting access to health care information, security management processes to address potential security breaches, and security training for staff. Detailed descriptions of the proposed Administrative Procedures requirements may be found at http://aspe.hhs.gov/admnsimp/nprm/sec06.htm. Physical Safeguards Processes must be established and documented to ensure the physical protection of information systems such as computers/workstations, communications equipment, and physical records. Each physical safeguard implemented must include details such as facilities management, physical room access controls/procedures, and equipment locations. Detailed descriptions of the proposed Physical Safeguards requirements may be found at http://aspe.hhs.gov/admnsimp/nprm/sec07.htm. Technical Security Services Technical security measures and control should be implemented for the protection, control, and management of information access. Enforcement of administrative policies and procedures should include access controls, user authorization and authentication, and audit control mechanisms. Minimum authentication and access policies typically require a user ID and password, with more sophisticated controls that may include tokens, proximity sensing devices, or digital certificates. Detailed descriptions of the proposed Technical Services requirements may be found at http://aspe.hhs.gov/admnsimp/nprm/sec08.htm. Technical Security Mechanisms The proposed security standard requires that communications and network controls be put in place surrounding the protection of computers, equipment, and physical records from hazards and natural disasters whenever information is transmitted over a public or private network. When deploying wireless networks, mandatory and optional controls should be considered such as message authentication for all network communications, encryption to protect transmitted health information, access controls, alarm mechanisms, audit trails and event reporting. IT managers should deploy data integrity safeguards like virus protection, encryption, virtual private networks (VPNs), and Internet monitoring controls. Detailed descriptions of the proposed Technical Security Mechanisms requirements may be found at http://aspe.hhs.gov/admnsimp/nprm/sec09.htm. White Paper Rev 1.0 2

Electronic Signatures Currently, electronic signatures are not a requirement under HIPAA for any proposed standard transactions. However, in cases where a HIPAA specified transaction requires the use of an electronic signature, the following standard applies: Mandatory features for message integrity, non-repudiation, and user authentication Optional features for the ability to add attributes, continuity of signature capability, countersignatures, independent verifiability, interoperability, multiple signatures, and transportability. Security Considerations of Trango BFWA Systems Trango BFWA systems are typically deployed as a wireless communication link connecting Ethernet networks between healthcare campus facilities and/or to extend network connectivity to remote installations as shown in Figure 1. The wireless link acts as a relatively transparent transport vehicle allowing all forms of Ethernet traffic and unlimited IP addresses to pass seamlessly over the system. The primary HIPAA/DHHS regulations that impact BFWA systems are the Technical Security Mechanisms designed into these systems that must secure the integrity and confidentiality of data transported over-the-air. Again, these systems must be combined with other security controls and mechanisms as part of an overall management strategy and policy to effectively meet security standards as stated under HIPAA/DHHS regulations. Typical Point-to-Point Backhaul Deployment Figure 1: Point-to-Point BFWA Deployment The security methods used by Trango BFWA systems for protecting over-the-air data on the wireless link are implemented through multiple proprietary mechanisms and use of a robust access technology. It is virtually impossible for an unauthorized entity to capture and extract information from the public wireless transmission of a Trango BFWA carrier signal, as will be described later. The only possibility for data traffic to be compromised is through actual physical and unauthorized access to the management systems and hardware controlling the radio link. Data encryption is not employed by Trango BFWA systems at the air transport level as it is considered a redundant level of encryption in well-designed network installations. This also enables higher throughput performance to be delivered to the network by eliminating the associated White Paper Rev 1.0 3

encryption overhead. Data security ultimately becomes the responsibility of the individual user once the data leaves the enterprise carrier equipment and travels the Internet via wired or wireless transports. It is therefore incumbent on the healthcare network administrator to install appropriate hardware and software systems to provide an adequate level of data security that is compliant with HIPAA/DHHS requirements. These higher-level systems employ advanced encryption techniques to protect the data from end-to-end, typically deploying wireless optimized Virtual Private Networks (VPNs) to effect a secure peer-to-peer link. Security Features Supporting HIPAA Compliance Data security is of paramount interest to the designers, implementers, and users of fixed wireless networks, and mandatory when HIPAA/DHHS compliance is required. Much of this concern has arisen due to published technical studies that highlight the security vulnerabilities in the increasingly popular 802.11b wireless LAN standard. This open, standard architecture permits competing 802.11b equipment manufacturers to co-exist on the same local area network. Unfortunately, this interoperability feature also limits the security of the network employing such technology. For the purposes of this document it is important to highlight the fact that Trango Broadband Fixed Wireless Access systems do NOT employ the 802.11b RF protocol, and instead employ a robust proprietary protocol scheme. The very nature of this proprietary protocol, coupled with the advantages of Direct Sequence Spread Spectrum (DSSS) modulation, user authentication, and data scrambling techniques enable an inherent level of security not found in 802.11b-based systems or other competing, standards based wireless systems. Trango Broadband Wireless Access systems are classified as Layer 2 bridges (PtP or PtMP) and provide secure wireless communications. Proprietary access and authentication techniques employed by these systems mitigate decryption and unauthorized access. Unlike 802.11b radios, there are no off-the-shelf sniffers, or other such devices that can be employed to "hack" into or eavesdrop on the wireless system. The advanced nature of the modulation and data-scrambling techniques ensure that the only method to access the system over-the-air is with another Trango radio. And, with the provisions designed for authentication, the network will not recognize an unauthorized rogue radio in the proximity of the network. It is important to point out that the Trango radios do not employ a secondary encryption algorithm (primary encryption is accomplished via spread spectrum by design), and in it of itself does not guarantee a secure network. To guarantee a secure network, whether it is hardwired or wireless, it is necessary that users employ Virtual Private Network (VPN) or other encryption techniques in their hardware and software systems. The inherent security features of Trango systems are meant to be a very effective, albeit a first line of defense, in achieving a communication network that realizes HIPAA/DHHS compliance. Security Features There are four distinct features of Trango Broadband Wireless systems that contribute to an inherent level of security by design and implementation: 1. Proprietary data scrambling of Radio Frequency (RF) data packets 2. Authentication of Subscribers 3. SMARTPolling dynamic/adaptive polling protocol 4. Direct Sequence Spread Spectrum (DSSS) modulation White Paper Rev 1.0 4

Proprietary Data Scrambling The scrambling technique employed by Trango systems involves proprietary patterns of sequencing and combining of each data byte with one of 256 scrambling bytes. This technique offers a significant level of over-the-air security. The proprietary nature of the scrambling technique permits only authenticated radios to intercept and descramble the data. Authentication The typical wireless system is comprised of one Access Point (AP) and one or more Subscriber Units (SU). In order for information to pass between the AP and an SU, the AP must authenticate the SU. This is achieved through a password protected database system administered through the AP. Every AP contains a database of SUs that are authorized to communicate with the AP. The SU information is located within non-volatile memory of the AP and must contain the unique MAC Identification (MAC ID) of the SU authorized for operation on the PtP or PtMP connection. In addition to the above, another layer of authentication is added to each data packet outbound from an AP; a scrambled identifier is encoded with the data packet along with a target SU "address". In other words, only the intended SU can de-scramble and read the data, and recreate the original Ethernet packet. In short, only the authenticated SU can associate with a specific AP provided the SU's identity resides in the MU's database. In the event an unauthorized or rogue SU is brought into proximity to a wireless network, it will not authenticate to the AP and will be impossible for the rogue SU to gain network access. SMARTPolling, Trango s Dynamic Polling Protocol Another feature of Trango PtMP systems is the SMARTPolling protocol that enables highly efficient use of a given AP's bandwidth in a PtMP Ethernet system. In addition to providing bandwidth efficiently, the SMARTPolling feature provides an additional level of security. SMARTPolling is an algorithm executed by the AP that allocates varying timeslots at varying intervals to each SU in order to grant it permission to send data back and forth to the AP. The polling sequence and allocation of timeslots is determined according to various parameters including the amount of data, and the frequency of data needed to be sent by each SU. The polling sequence, and resulting sequence of data transmissions, is dynamic, and not set to a synchronous, predetermined pattern unlike straight Time Division Multiple Access, or TDMA based systems. As a result, Trango's SMARTPolling feature provides added protection from outside tampering since the invading party will not be able to predict the polling sequence. Direct Sequence Spread Spectrum Trango systems employ Direct Sequence Spread Spectrum (DSSS) modulation in the unlicensed 2.4/5.3/5.8 GHz and 900 MHz bands. DSSS provides a degree of protection, as there is no simple demodulator, either on the market or easily constructed, that can receive and decode the signal. The signal and encoded data are modulated and spread over a band of frequencies. The modulation process employs an 8-bit pseudo noise code, further providing a layer of security, and an 8-bit scrambling code. While the above features represent a good means of addressing security concerns, we strongly recommend and encourage operators to employ other means of securing their networks via VPN, packet encryption, etc. to comprehensively address their security requirements. White Paper Rev 1.0 5

Summary HIPAA and the DHHS regulations are forcing healthcare entities to institute appropriate procedures and systems that provide uncompromised security and protection of personal information. The connection of campus and remote facility networks over BFWA links must ensure the security and data integrity of these networks. Trango Broadband Fixed Wireless Access systems are designed to provide secure transmission/reception of over-the-air network data. The robustness of Trango design technologies, in conjunction with a healthcare entity provisioning of secure network systems and adherence to HIPAA/DHHS regulations, can provide a secure communications network solution that maintains personal information confidentiality. White Paper Rev 1.0 6

www.trangobroadband.com 15070 Avenue of Science, Suite 200 San Diego, CA 92128 Tel. (858) 653-3900 Fax. (858) 621-2725 White Paper Rev 1.0 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information