- Private networks are often the first line of defense for healthcare IT networks. With the growing adoption of healthcare cloud technology and digital recordkeeping, building a strong network and controlling the way people access it can help decrease unauthorized access and the chance of data breaches.
Traditionally, enterprise organizations have embraced intranet as a way to build and maintain a private internal network. Intranet networks include local area networks (LAN), but are not limited to on-premise networks. Intranet uses the same protocols as the internet, like hypertext transfer protocol (HTTP) and simple mail transfer protocol (SMTP), making it easier for main and remote locations to securely access and share the same data.
Virtual private networks (VPNs) have become necessary in addition to intranet solutions because of the need for employees to access the network while traveling or remotely from home or outside the physical organization. VPNs can connect two networks together as well as connect a device to a network securely.
A VPN is the extension of a private network that can be accessed through the public internet. This connection can be made within a physical location or remotely. Connection data is tagged with a header that allows it to use the internet to locate the private network. This works by creating an encrypted tunnel that connects the VPN client (i.e., a device used to access the network) and the intranet or VPN server. This tunnel securely wraps the connection separating it from the public internet.
Security is always the main concern when it comes to private patient data, and sharing that data using the public internet to connect to a VPN can increase those concerns. Connections via VPN cannot be totally anonymous, but key security features are included in any VPN solution regardless of vendor. Data is always protected by encryption, senders are always authenticated to prevent the spread of false and malicious data, and data integrity is always verified to check for tampered messages.
Some advantages of VPNs are:
- Scalability: Thousands of users can connect to a VPN at the same time.
- Cost: Compared to older methods such as leased lines, VPNs take most hardware out of the equation.
- Centralized resources: IT has control over the network, monitoring and administrating from one central location.
- Easy sharing: Users can connect and share faster, getting responses sooner which is critical in a healthcare environment. External portals can also be established temporarily or permanently for partners.
- Remote access: Users traveling or accessing data outside the office have uninterrupted, secure connections.
Understanding the VPN market isn’t as clear cut as other enterprise technology markets because VPNs can be wrapped up in other products. This can make shopping for just a VPN not so straightforward.
According to Gartner, “The VPN marketplace is mature and fragmented, because the capabilities are embedded in other products, such as routers, firewalls, portals, application suites, unified threat management (UTM) appliances and platform OSs. Mainstream VPN vendors offer it as part of a family of networking products and services, which can also include access management and single sign-on (SSO).”
Examining the technology that’s already in place and analyzing how the network is being accessed by different solutions comprise the first step. When inquiring about any enterprise technology that will allow remote access, asking the vendor about the compatibility of VPNs that already exist in an organization and how that technology uses VPN technology are both key to understanding and untangling a private network. It’s most likely possible to consolidate VPN technology across all solutions, making it easier for IT departments to manage.
Depending on the size of an organization, setting up a VPN infrastructure may or may not be necessary. Smaller institutions with solutions that have VPNs included (e.g., cloud, virtualization) may not need further VPN technology. Larger institutions like hospitals or organizations with many departments and locations could benefit from a single VPN that covers the entire network. This will allow the easy sharing of electronic health records, and centralized control over who has access to the network.
Securely and remotely accessing data is one of the most important steps in establishing a successful health IT infrastructure. It is the foundation that allows all other healthcare technology to function; establishing a strong foundation is the best defense against electronic healthcare data getting into the wrong hands. Secure VPNs are a large piece of monitoring how, where and when access is being granted to a network, and identifying any abnormalities or potential threats. With a strong, secure VPN, firewalls, and disaster recovery solutions become a precaution instead of a necessity.