Magazine Article | August 1, 2003

Clinic's New Network Meets HIPAA Standards

Business Solutions, August 2003

The Pain Institute, a five-office pain management practice headquartered in Louisville, KY, understands the importance of the timely assessment and treatment of pain. To improve its ability to provide timely patient care, The Pain Institute deployed new practice management software and is in the process of implementing an electronic medical records package.

With facilities in Kentucky and Indiana, The Pain Institute also needed to build a WAN (wide area network) that would provide access to its new software from all locations. The clinic deployed a broadband-based VPN (virtual private network) to maximize network performance.

"With confidential patient information traveling across the Internet, we needed a solution that could provide network security for our doctors," says Steven Friedman, CTO and CFO for The Pain Institute. "The VPN allows us to do that and respond to our patients' needs quickly."

The clinic deployed a SonicWALL (Sunnyvale, CA) SOHO3 Internet security appliance at the main office to provide network security and VPN connectivity. In addition, nine SonicWALL TELE3 SP appliances were installed at each remote location (clinics and doctors' homes) to ensure network availability. The Pain Institute also purchased SonicWALL's Complete Anti-Virus for additional network protection.

"Our doctors can access scheduling, billing and treatment information, and write prescriptions remotely," says Friedman. "By automatically switching over to a dial-up connection, we don't have to worry about downtime in the event of a lost broadband connection, and we can reduce the travel time previously required to perform these tasks." As a result, doctors at The Pain Institute have increased the number of patients seen by 10-12 each day.

The Pain Institute's one-person IT staff deployed the network security platform within the deadline for HIPAA (Health Insurance Portability and Accountability Act) compliance. HIPAA regulations are designed to reduce paperwork, improve data collection, and eliminate healthcare errors. HIPAA also requires healthcare organizations to ensure the security of their networks and the privacy of their patient information.

"As more medical information is converted into electronic format, our systems become increasingly vulnerable to outside attack," says Friedman. "Because our network transmits prescription, billing, insurance, and treatment information, we need it to be secure. Our new network helps eliminate the security holes that expose our network to exterior threats, helping us comply with HIPAA regulations."