VHA works out wireless kinks
The Veterans Health Administration's Medical Information Security Service evaluates security requirements for wireless applications that are being used throughout VHA's 173 medical centers and other VHA-operated health care venues.
One of the lessons officials have learned is that wireless applications must be isolated if there is a chance they could be used as avenues for intrusion to other applications, said Dennis Seymour, a specialist at the service's Martinsburg, W.Va., headquarters.
Among the agency's wireless local-area network applications is the Barcode Medication Administration System, which employs wireless LAN-enabled laptop computers to scan patient armbands and medications to ensure that proper dosages are issued.
The interception of transmitted data was not a major concern. "Given the low voltage levels of the transceiver, you would have to be in close proximity to intercept the data," Seymour said.
But security measures were needed for the intranet used to connect the wireless LAN to the wired LAN. "The bar code medication system is a separate system, but [it is] linked to other systems that might have sensitive information," Seymour said. "Our security architecture limits the access that the wireless users have to other networked applications and data. It's built into our wired network. We isolate the application."
Other wireless applications being tested at VHA might require measures such as data encryption, Seymour said. "I know of [pilot programs] where smart cards are being evaluated and others where [public-key infrastructure] encryption is being tested," he said. "Cost is a big issue for security technologies."
But he is optimistic that robust security features will find their way into wireless products. "The more demand there is for secure wireless solutions, the more cost will be driven out of the technology," he said.