Ensuring your network is configured and trusted, whether in the clinic, at home, or another remote location, is critical to protecting patient information. In this section, you’ll find information on how to:
Fully installing and configuring network equipment as part of a new clinic build or move is complex. We recommend working with an IT support provider to configure equipment for your clinic’s unique needs.
The Private Physician Network
The Private Physician Network (PPN) is the private, high-speed network available to physicians and practice staff to enable secure access to clinical information in their electronic medical record (EMR) systems. Provincial Health Services Authority (PHSA) offers the PPN service as part of a province-wide initiative. As of 2023, the PPN supports over 900 clinics including over 4500 clinicians. DTO provides escalation support when PPN issues arise. If you are experiencing problems related to performance or application use on the PPN, please.
Modern medical practice extends beyond the clinic walls. This section provides tips on how clinic staff can ensure security best practices are in place to protect personal health information while caring for their patients from home or on the go.
The local network you connect to facilitates access to all of your internet-based applications. This includes most EMRs and productivity suites like Office 365 or Google Workspace. Public networks (at cafes or hotels) can be fake and expose your account credentials or other internet traffic. Confirm the network ID with a staff member before connecting and consider use of a Virtual Private Network (VPN), detailed below.
Understanding some basics about your home network can give you more peace of mind when working from home. While the clinic or health authority may have dedicated IT staff, at home it’s up to you. Making sure your firewall is enabled, securing your home Wi-Fi, and changing default passwords are some simple steps that can make it substantially more difficult for others to gain access to patient information. Check out more information on router configuration [click to anchor in section below] to secure your home network quickly and effectively.
When working with patient information remotely, consider the physical management of your devices. Lock your screen or take your device with you when you step away. Orient your screen such that others cannot see patient information. Do not share your device with family members or friends as their activities can compromise other data on your device, including access to your EMR.
Account management is a pillar in protecting patient information. Learn more about managing user accounts and find helpful tips on how to manage your passwords with ease and the value of MFA in keeping patient information secure.
Virtual Private Networks (VPNs)
Communicating over the internet inherently carries more risk than communicating with devices within your home or clinic network. VPNs create an encrypted tunnel between your device and a VPN server over the internet, making it more difficult for someone to intercept any data that you send or receive. Use of a VPN in daily web browsing is becoming more commonplace. Although it can be used anywhere, it is particularly useful when you are connecting to a network where you may not have full visibility into other users’ activities. For this reason, the Canadian Centre for Cyber Security recommends use of a VPN as a safeguard for many aspects of remote work. DTO can help answer questions related to VPN use specific to your needs.
How do I get a VPN?
Consumer VPN solutions can be purchased for relatively low cost ($5-$15 per month per user). Searching for top VPN solutions will yield a selection of the most popular options, with many features comparison articles. These solutions will hide your IP, encrypt your internet traffic, and provide reasonable protection when on networks you may not fully trust. Some may even have features that alert you if you connect to a malicious network. Your clinic may have a specially configured VPN that allows you to remotely access clinic applications securely. Configuring a custom VPN solution for access to your clinic network requires intermediate to advanced IT knowledge. This is useful if you maintain servers or data on-site or require location specific access to some of your clinic applications. Speak with your IT provider or contact DTO to learn more.
Internet connectivity is essential in the modern clinic. Whether accessing your EMR or your clinic applications, configuring your network equipment is a critical step in protecting your patients' personal health information. This section provides tips on how to make basic changes to common settings that improve network security both at the clinic and at home. Contact us for questions about security on the Private Physician Network (PPN).
A firewall is a network security system that monitors and controls incoming and outgoing network traffic. It may be included with the device (router) provided by your internet service provider (ISP) or separately installed by an IT professional. In clinics, firewalls are generally configured to restrict most incoming network traffic to limit the ability for malicious actors to gain access to your local clinic computer network. Contact DTO if you need help getting started assessing your firewall configuration.
Your router controls many of your network settings and functions. Routers come with a default username and password (often “admin”) that are well known for each make and model. Changing these settings from the defaults reduces the risk of someone gaining access to your network.
Properly securing a wireless network in a clinical setting is complex. Commonly, your wireless access is included with the router provided by your ISP. When you log into your router, you will also have access to a variety of wireless settings, including encryption, passwords, and guest accounts.
Regardless of what type of router or wireless access device you may have, the setting options are typically similar across different makes and models. Consumer grade equipment may not give you access to all the following settings, but business-class network equipment will. Look for the following settings and configure them as follows for optimal performance and security:
The 2.4 GHz band provides greater physical coverage but transmits data at slower speeds and may have congestion from other nearby networks and active network devices. Use this setting for devices that are distant from the access point or travel through several walls. The 5 GHz band provides coverage over a shorter distance but transmits data at faster speeds. The range is shorter in the 5 GHz band because higher frequencies cannot penetrate solid objects, such as walls and floors. Use this frequency for devices close to the router or that will be transmitting high volumes of data.
The names of wireless networks are visible to the nearby public on their devices. Choose a name for your clinic wireless network that does not indicate to outsiders that the network belongs to a clinic. Having a custom network name immediately signals that your network has been configured and is less vulnerable.
There is no need to "administer" your Wi-Fi using a wireless computer, especially if you have at least one computer connected using a physical network cable. Only use remote administration if you and your IT support staff identify it as necessary.
Set the wireless encryption protocol setting to Wi-Fi Protected Access II (WPA2 or WPA3). This setting includes the Advanced Encryption Protocol (AES) standard, which is the industry standard at time of writing.
You may wish to provide a public Wi-Fi network for your patient waiting room or for others outside of your clinic team to use. Business class devices will allow you to create a separate wireless network, with its own name and password, which keeps your patients activity separate from your clinic activity.
WPS is a setting that allows devices to connect to your router without a password. It is often in the form of a physical push button on your router. This setting is generally not useful for clinics and represents a security risk.
Physical access to network equipment should be restricted to clinic staff only. If someone arrives at the clinic claiming to be tech support, ask for identification and verify they are from a legitimate company. Furthermore, the placement of devices can have a significant impact on performance. Consult with your IT support to determine the best location.
The Windows Wi-Fi Sense feature allows you to share Wi-Fi connections with others without knowing each other's passwords. Windows automatically identifies these individuals as anyone in your Outlook or Skype contacts, or optionally, your Facebook contacts, using this feature. This type of automatic access sharing is not appropriate for the business-use network at a clinic and should be disabled.
Network devices like your routers, firewalls and wireless access points will periodically receive firmware updates from the manufacturer. Often these updates require you to manually activate them by logging into your router using your administrator username and password. Keeping firmware up to date helps ensure that newly discovered vulnerabilities are fixed, and your data stays secure.