HIPAA Remote Site Connection Question

[travelingregbaker at yahoo.com (Gregory Baker)]

Greetings,

We've consulted with DMERC software vendors from time to time regarding HIPPA compliance. There are many small medical 
billing operations across the country and several software companies provide solutions for these folks to help them 
through the web of disparent formats and regulations.

For software vendors and connectivity providers HIPPA essentially boils down to maintaining a chain of custody and the 
protection of the digital assets. 

As the connectivity provider, your part is somewhat easy compared to the software vendors. An AES VPN tunnel would be 
your part along with the possible full control of both end point connections (managed WAN firewall/routers). Yes, it is 
technically not an explicit HIPPA requirement but strongly advised.

That stated, the laws of physics come into play when using VPN tunnels with satellite connectivity. It's been our 
experience that the inherit latency results in increased cpu load on the VPN end point devices. We've needed to deploy 
beefy routers in such situations in order to keep the cpu loads reasonable. If their budget can allow, hardware based 
WAN optimization (Riverbed) is ideal in such situations and can significantly overcome increase the performance across 
the connection.

$.02 Deposited


   



--- On Thu, 8/13/09, Robert Miller <arch3angel at gmail.com> wrote:

> From: Robert Miller <arch3angel at gmail.com>
> Subject: [Pauldotcom] HIPAA Remote Site Connection Question
> To: pauldotcom at mail.pauldotcom.com
> Date: Thursday, August 13, 2009, 11:48 AM
> Hello Everyone,
>
> I am hoping Larry or someone else may have an answer or
> direction to a 
> question regarding HIPAA and the security required for the
> connection.? 
> I want to give some background information for those who
> may not know 
> our current network.
>
> We are a satellite internet service provider and are about
> to provide a 
> backup solution to hospitals, however I am trying to find
> out what type 
> of connection is required to comply with HIPAA.
>
> Does the connection need to be encrypted using hardware
> encryption?
>
> Does the connection require dedicated VPN Tunnel?
>
> Where can I get detailed information about HIPAA security
> guidelines?
>
> Is there another provider that has medical information
> transversing 
> between two or more remote locations and how are they
> complying?
>
> Any and all advice is greatly appreciated and thanks in
> advance for a 
> better direction!
>
> Robert
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com