Wi-Fi Health Care Systems to Hit $4.9B
There are two caveats, though. It's expected that this surge will be due to the $20 billion in stimulus funds, but also by the fact that: "...government security requirements including HIPAA often mean replacing older wireless equipment with modern versions." Who's to say that the system you'll be heavily invested in is "modern" enough, or will need upgrading later on? Yesterday, during a computer security Webinar, there was talk of HIPAA 2.0 as new standards of compliance are developed.
The second is ABI Research VP Stan Schatt's remark about health care wi-fi systems: "It is truly a Tower of Babel," meaning that multiple vendors are required to put together a system.
UPDATE: I just finished a phone conversation with Ken Kousky of IP3, Inc, a company that provides computer security training. During his Webinar yesterday "Zero Day Attacks and Bot-Nets in the Age of Compliance," he spoke of the idea that one of the consequences of ARRA will be the emergence of HIPAA 2.0, which led to the point I made above.
He also told me that he felt that HIPAA does a disservice by concentrating on privacy while not paying enough attention to data integrity (I would call authenticity) and data availability. We've all heard about the MRI systems that became infected with conficker because they were running Windows-embedded systems that were not being updated with security patches supposedly because of FDA regulations. It seems that the stories I read seemed to put the onus on the FDA. My question is why isn't there a mandate that these systems be air-gapped (not connected to the Internet)?
Regarding the topic of medical wireless, Ken told me that Wi-Fi security implemenation 802.11i is inadequate and a broader view of wireless security, broader than the IEEE connection, is needed to include cellular packets. He called this a holistic approach to security, which I think would be harder if multiple vendors are required to build this clinical wireless systems. Maybe I'm wrong on this. There are other issues to be addressed such as user authentication and VoIP handsets in the hospital setting.