- HIPAA Update - http://blogs.hcpro.com/hipaa -

HIPAA Q&A: Networking computers

questions [1]Submit your HIPAA questions to Editor Jaclyn Fitzgerald at jfitzgerald@hcpro.com [2] and we will work with our experts to provide the information you need.

Q: Does HIPAA permit organizations to network computers internally or externally? For example, can a CE link two computer systems within the organization or between the organization and another CE or BA to exchange information? If so, what is the most secure way to accomplish this?

A: HIPAA is technology neutral and does not prohibit networking computers internally or externally. If networking internally, the organization should ensure it has a strong perimeter (i.e., installing and regularly updating a firewall and anti-malware). If networking to an external computer, the CE should establish a secure method of communication (e.g., using a virtual private network, secure web, or some other method of ensuring the patient data is encrypted when it travels outside of a closed or secure network).

Editor’s note: Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, Oregon, answered this question for HCPro’s Briefings on HIPAA. [3] This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions.