Topic: VPN Requirement for HIPPA Regulations?

[Barry]

I am working with a Medical Billing office.  Who has just given me their Internet Access wish list, and requirements.

Can E-Smith/SME fulfull these requirements?  The answers in ( ) are my best understanding at this point.

1.  Firewall (YES)

2. VPN for Remote Home Workers and Remote Offices.  4-10 Home users who will just be connecting via client software (IPSEC through either WinXP or Win98 computers).  3-5 Remote offices that may require a E-Smith or other VPN device on their premises. (YES)

3.  Authentication of Remote Users.  Username and Password required to make VPN connection.  (YES - but is this required if it is a SME/E-Smith or a hardware VPN device making the connection.)

4.  Monitoring of Internet Usage for internal office users.  Filtering not required but logging of access is.  (YES)

5.  Monitoring VPN usage.  Is their traffic being generated on their connection.  (NO)  Purpose of this is to see if home workers are actually working not just establishing a connection and sitting around having coffee.

6.  Virus Protection.  (YES for email, Add-on)

7.  Spam filtering.  (YES with Add-ons)

We are evaluating the SME/E-Smith option in comparison to using a Sonicwall Hardware Firewall/VPN solution.

I'd love to see any comments or recommendations either way.  Also, are there any other requirements to meet HIPPA regulations that I should be aware of?

[Geoff Bennion]

Barry wrote:
>
> I am working with a Medical Billing office.  Who has just
> given me their Internet Access wish list, and requirements.
>
> Can E-Smith/SME fulfull these requirements?  The answers in (
> ) are my best understanding at this point.
>
> 1.  Firewall (YES)

Not advertised as such, but it is generally accepted that it does indeed qualify as a firewall

>
> 2. VPN for Remote Home Workers and Remote Offices.  4-10 Home
> users who will just be connecting via client software (IPSEC
> through either WinXP or Win98 computers).  3-5 Remote offices
> that may require a E-Smith or other VPN device on their
> premises. (YES)

The Win98 computers will require the dun update to accept 128bit connections
Machines behind e-smith can also use the vpn connection, or you could use the ipsec to create premanent links between the server.

>
> 3.  Authentication of Remote Users.  Username and Password
> required to make VPN connection.  (YES - but is this required
> if it is a SME/E-Smith or a hardware VPN device making the
> connection.)

If you use ipsec/freeswan, the e-smith boxes store the password, and use it themselves
See prev Q.


>
> 4.  Monitoring of Internet Usage for internal office users.
> Filtering not required but logging of access is.  (YES)
> .

Yes, Yes and Yes - either by viewing log files, or using awstats, and the web use report and email reports

> 5.  Monitoring VPN usage.  Is their traffic being generated
> on their connection.  (NO)  Purpose of this is to see if home
> workers are actually working not just establishing a
> connection and sitting around having coffee.
>

One answer - IPTRAF !
This will let you view traffic on local and internet nics.
Can be filtered down to just show certain traffic from certain pc's etc...

> 6.  Virus Protection.  (YES for email, Add-on)
>

But it costs..

I'm still waiting for someone to do a package for clam antivirus, so it's tied into qmail and squid.

> 7.  Spam filtering.  (YES with Add-ons)
>

Yup, and there is procmail.......
 
> We are evaluating the SME/E-Smith option in comparison to
> using a Sonicwall Hardware Firewall/VPN solution.
>

But a lot easier to customise and use.

> I'd love to see any comments or recommendations either way.
> Also, are there any other requirements to meet HIPPA
> regulations that I should be aware of?

What is HIPPA ? is this a dyslexic hippo ?

[Boris]

HIPAA - Health Insurance Portability and Accountability Act
Basicaly every network solution in the healthcare industry installed from now on MUST meet HIPAA requirements learn more at URL bellow:

http://www.hipaaplus.com/abouthippa.htm