Greetings, We've consulted with DMERC software vendors from time to time regarding HIPPA compliance. There are many small medical billing operations across the country and several software companies provide solutions for these folks to help them through the web of disparent formats and regulations.
For software vendors and connectivity providers HIPPA essentially boils down to maintaining a chain of custody and the protection of the digital assets. As the connectivity provider, your part is somewhat easy compared to the software vendors. An AES VPN tunnel would be your part along with the possible full control of both end point connections (managed WAN firewall/routers). Yes, it is technically not an explicit HIPPA requirement but strongly advised. That stated, the laws of physics come into play when using VPN tunnels with satellite connectivity. It's been our experience that the inherit latency results in increased cpu load on the VPN end point devices. We've needed to deploy beefy routers in such situations in order to keep the cpu loads reasonable. If their budget can allow, hardware based WAN optimization (Riverbed) is ideal in such situations and can significantly overcome increase the performance across the connection. $.02 Deposited --- On Thu, 8/13/09, Robert Miller <[email protected]> wrote: > From: Robert Miller <[email protected]> > Subject: [Pauldotcom] HIPAA Remote Site Connection Question > To: [email protected] > Date: Thursday, August 13, 2009, 11:48 AM > Hello Everyone, > > I am hoping Larry or someone else may have an answer or > direction to a > question regarding HIPAA and the security required for the > connection. > I want to give some background information for those who > may not know > our current network. > > We are a satellite internet service provider and are about > to provide a > backup solution to hospitals, however I am trying to find > out what type > of connection is required to comply with HIPAA. > > Does the connection need to be encrypted using hardware > encryption? > > Does the connection require dedicated VPN Tunnel? > > Where can I get detailed information about HIPAA security > guidelines? > > Is there another provider that has medical information > transversing > between two or more remote locations and how are they > complying? > > Any and all advice is greatly appreciated and thanks in > advance for a > better direction! > > Robert > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
