How to Provide HIPAA Compliant Guest WiFi

Customers 11 minute read 13 April 2020

In 1996, President Bill Clinton signed the Health Insurance Portability And Accountability Act (HIPAA).

The law applies principally to US businesses and organisations, but does impact specific UK-based organisations, too (we’ll get onto that later, and how it differs to the GDPR).

The purpose of HIPAA is to keep patient medical and personally identifiable data safe by providing security provisions for data privacy.

The act contains five sections, but there’s one in particular that impacts the provision of WiFi to the public and patients in healthcare buildings: Title II.

Resource: HIPAA official website (Health Information Privacy U.S. Department of Health & Human Services)

HIPAA Title II and why it matters

HIPAA Title II

Title II of HIPAA aims to standardise the processing of healthcare data transactions. To comply with the regulations, organisations must implement safe, secure electronic access to patient health data.

There are three rules that are particularly important in relation to WiFi:

  1. Privacy: a set of national standards that protect patient health and identifiable information.
  2. Security: sets standards for patient data security.
  3. Enforcement: establishes guidelines for violations of HIPAA.

In 2013, the rules were updated to increase the penalty for HIPPA violations to a maximum of 1.5 million dollars per incident.

This of course makes instances of non-compliance extremely costly, but they’re compounded by other factors. For instance, a data breach might also result in fines after an audit by the Office of Civil Rights (OCR) and there may even be criminal charges to face.

There’s no official certification for HIPAA compliance, but there are plenty of training programs and materials available.

Resource: Training Materials (Health Information Privacy U.S. Department of Health & Human Services)

How HIPAA impacts WiFi

how HIPAA impacts WiFi

There are four technical safeguards noted within the HIPAA standard:

The one we’re particularly interested in for WiFi is transmission security. This guards against unauthorised access to protected health information transmitted over an electronic network and is fully adhered to by the Beambox solution.

Guests, patients and staff all depend on reliable WiFi connections, but to build a network for that audience, you need to understand how it must be governed by HIPAA.

At Beambox, everything we do is approached with a security-first mindset. We’re conscious of the fact that many healthcare organisations are moving to the cloud, which means patient history, prescription details and lab results are passing through networks.

This is why it is vital that HIPAA compliance is established with the help of a secure WiFi service like the one we provide.

How to provide WiFi that is HIPAA compliant

Let’s consider the two key elements of a HIPAA compliant WiFi network.

1. The Hardware

You can’t provide a great WiFi service without the right hardware. Outdated kit can result in lower levels of data security that severely impact your ability to be HIPAA compliant.

For instance, Beambox access points create a separate, isolated guest WiFi network. This secures guest traffic from the network used by the business or organisation, but it goes even further than that.

Beambox also features client isolation, which isolates traffic between individual guest devices. You don’t get much more secure than that.

2. The software

The software used to control access to your WiFi network is just as important as the hardware, from a HIPAA perspective.

For example, HIPAA compliance makes its presence felt the most when guest WiFi is provided in waiting rooms at dentists and doctors. Beambox achieves the necessary level of security required for HIPAA in such instances by:

This is an area where HIPAA is largely similar to the GDPR’s rules.

Who does HIPAA apply to?

Who does HIPAA apply to

There are primarily two types of organisation that must abide by the HIPAA regulations.

How Beambox remains HIPAA compliant

Beambox HIPAA compliant infographic

There are several ways the team at Beambox ensures our guest WiFi systems remain HIPAA compliant:

We can also provide a copy of our HIPAA Report on Compliance (HROC) and references from Beambox users who are of a similar size to yours.

I’m a UK business - do I need to be HIPAA compliant?

Although there’s no specific HIPAA guidelines to follow in the UK, if your business deals with US-based organisations in healthcare, it is a legal requirement to have sufficient data privacy provisions in place.

The differences between the GDPR and HIPAA

difference between gdpr and hipaa

The General Data Protection Regulations (GDPR) was introduced in May 2018 and applies to any business that deals with data provided by EU citizens.

On the face of it, the GDPR is very similar to HIPAA, but there are some key differences:

Resource: Complete guide to GDPR compliance (GDPR.eu)

Need more help?

There’s no escaping the fact that you need a HIPAA compliant WiFi service if you operate in healthcare in the US.

However, you’ll need help implementing one, which is why talking to the team at Beambox should be your first port of call. Get in touch today to find out more about our HIPAA compliant WiFi solution.

Reference: List of protected health information (PHI)

The 18 types of information that qualify as PHI include:

  1. Name
  2. Address
  3. Any dates (except years) that are directly related to an individual, including birthday, date of admission or discharge, date of death, or the exact age of individuals older than 89
  4. Telephone number
  5. Fax number
  6. Email address
  7. Social Security number
  8. Medical record number
  9. Health plan beneficiary number
  10. Account number
  11. Certificate/license number
  12. Vehicle identifiers, serial numbers, or license plate numbers
  13. Device identifiers or serial numbers
  14. Web URLs
  15. IP address
  16. Biometric identifiers such as fingerprints or voice prints
  17. Full-face photos
  18. Any other unique identifying numbers, characteristics, or codes

Weekly tips, advice and guides on everything hospitality - straight to your inbox.

Related posts

Join the Town Square

Weekly tips, advice and guides on everything hospitality, straight to your inbox.

    We won't send you spam. Unsubscribe at any time.