tion, such as TCP wrappers, to protect the host machines that allow external connections.6 Organizations should also require an additional, secure authentication process for users attempting to access the system from remote locations (e.g., those using home computers or portable computers). This should take the form of either encrypted or single-session passwords (see Chapter 4). Organizations that do not implement either of these approaches should allow remote access only over dedicated lines.

Many health care organizations currently protect their remote access points by using dial-back procedures7 or by embedding the remote access telephone number in the software employed by remote users to establish a connection. The committee does not consider such approaches adequate for protecting remote access points and recommends against their use as substitutes for these other techniques. It recommends that information systems that are not protected by firewalls or by strong authentication mechanisms be disconnected from public networks and linked only to secure dedicated lines for remote access.

Protection of External Electronic Communications. Health care organizations need to protect sensitive information that is transmitted electronically over open networks so that it cannot be easily intercepted and interpreted by parties other than the intended recipient. To do so, organizations that transmit patient-identifiable data over public networks such as the Internet should encrypt all patient-identifiable information before transmitting it outside the organization's boundary. Any of several available encryption schemes will suffice. Organizations that cannot or do not meet this requirement either should refrain from transmitting informa-


TCP wrappers protect individual server machines, whereas firewalls protect entire networks and groups of machines. Wrappers are programs that intercept communications from a client to a server and perform a function on the service request before passing it on to the service program. Such functions can include security checking. For example, an organization may install a wrapper around the patient record server physicians use to access patient information from home. The wrapper could be configured to check connecting Internet Protocol addresses against a predefined approved list and to record the date and time of the connection for later auditing. Use of wrapper programs in place of firewalls means that all accessible server machines must be configured with wrapper(s) in front of network services, and they must be properly maintained, monitored, and managed. See Venema, Wietse. 1992. "TCP WRAPPER: Network Monitoring, Access Control and Booby Traps," pp. 85-92 in Proceedings of the Third Usenix UNIX Security Symposium, Baltimore, Md., September.


In a dial-back procedure, a remote user dials a specified telephone number to access the system. The system then hangs up and checks the caller's number against a directory of approved remote access telephone numbers. If the number matches an approved number, the system dials the user back and restores the connection.

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement