If you offer patients a WiFi network to access when they are in your office waiting room, your practice is liable for any criminal activity that transpires. Considering that nothing on the internet is really secret, this is a serious concern.
You may provide a ‘splash page’ containing an acceptable use policy, but those are seldom read and even more seldom followed. Your acceptable use policy cannot effectively limit your office’s liability. If someone uses your WiFi network for criminal activity, and the activity is tracked, your practice is on the hook.
Let’s say that your office is located a few feet away from a popular restaurant, and that restaurant patrons can access your WiFi network while they’re dining. It’s no stretch to think that all sorts of illicit or illegal traffic could cross your WiFi network just because it’s available to anyone looking for an internet conduit.
Internet traffic is typically logged, and illegal activity can be traced back to your office WiFi network. You may think this a far-fetched scenario, but it does happen. When law enforcement officers show up at your front desk with a subpoena in hand, your office must quickly deal with a mammoth legal difficulty.
Securing your WiFi network with a password isn’t a sure way to prevent this sort of thing, because the password is often freely available to anyone who walks through your waiting room, and your patients aren’t always as pure as the driven snow.
For the past several years, we’ve consistently advised client practice to discontinue provision of a guest WiFi network. The risks involved go far beyond patients finding a back door to steal your PHI. In this day and age, none of us are immune to the darker aspects of internet traffic.
Read More About HIPAA News Here