Submit your HIPAA questions to Editor Jaclyn Fitzgerald at firstname.lastname@example.org  and we will work with our experts to provide the information you need.
Q: Does HIPAA permit organizations to network computers internally or externally? For example, can a CE link two computer systems within the organization or between the organization and another CE or BA to exchange information? If so, what is the most secure way to accomplish this?
A: HIPAA is technology neutral and does not prohibit networking computers internally or externally. If networking internally, the organization should ensure it has a strong perimeter (i.e., installing and regularly updating a firewall and anti-malware). If networking to an external computer, the CE should establish a secure method of communication (e.g., using a virtual private network, secure web, or some other method of ensuring the patient data is encrypted when it travels outside of a closed or secure network).
Editor’s note: Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, Oregon, answered this question for HCPro’s Briefings on HIPAA.  This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions.