Q

Necessity of a firewall for office using modem to send electronic claims

This Content Component encountered an error

I have been hearing so much lately about security, specifically about firewalls. I'm in a small office with four workstations, one server, no e-mail, an ISDN Internet connection and a modem on the server. Do I need a firewall? I haven't allowed incoming VPN connections, and the modem is only used for sending electronic claims. I just want to make sure I'm doing exactly what I need to do!


You're ISDN connection might have "firewall" technologies built into it. Check your manual or contact your ISP to see if it is performing packet filtering and/or network address translation. These two are a good start. If it doesn't support at least one of these, the best practice for this situation would be to install a low cost firewall. You can get a hardware solution from SonicWall, Netscreen, etc. The best bang for your buck may very be to install host-based firewall/intrustion-prevention software like BlackICE on your server (at a minimum) and optimally on your workstations as well. This software will not only act as a firewall, but it will cut off any malicious attacks or intrusions in real-time.

Remember, HIPAA is not about technology, and information security is not just about firewalls. General best practices (and HIPAA requirements) are to implement the proper technologies, policies and procedures that make up an overall secure infrastructure. This includes the proper system access controls and authentication, as well as policies and procedures outlining the who, what, when, where, why and how you're protecting protected health information (PHI).

Also, keep in mind that just because you have a firewall (hardware like SonicWall, Netscreen, etc., or software like BlackICE), the modem on your server could still be a huge vulnerability. A couple of quick tips would be to make sure the claims/modem software is not loaded except for when you need to send a claim and that the modem cannot receive incoming calls by any other means -- this needs to be tested from the outside to verify this is the case. An improperly configured modem and its associated application(s) can completely negate any other technologies, policies and procedures that you've implemented to protect patient privacy and keep PHI confidential.


For more information on this topic, visit these other SearchSecurity.com resources:
  • Strom's Security Tool Shed: SonicWall: Solid as a rock
  • Scheier's Security Product Roundup: HIPAA compliance: Tools alone aren't enough
  • News & Analysis: HIPAA compliance doesn't come in a box


  • This was first published in February 2003

    Dig deeper on Network Device Management

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close