Solved

Is Bellsouths DSL Modem HIPAA compliant? Where can I find that information?

Posted on 2008-09-30
2
911 Views
Last Modified: 2013-12-14
I have a guy refusing to put a Firewall on a DSL Line. He says the DSL modem has a built in Firewall that is sufficient and HIPAA compliant.

Is this true and where can I find that information?
0
Comment
Question by:aando
2 Comments
 

Accepted Solution

by:
irievt2005 earned 300 total points
ID: 22610611
It is true that the Bell South DSL modems made by Westell (models 2100, 2200, and 6100) do have the NAT (network address translation) and firewall capabilities of most consumer-grade gear.  The NAT feature and internal firewall protect your network by hiding all unused ports and making it more difficult for an attacker to find an access individual computers on your network.  

While the modem's firewall probably meets the qualitative requirements of the HIPAA legislation, it is highly unlikely that the device is certified as HIPAA-compliant.  As I'm sure you're aware, the HIPAA regulations are quite ambiguous and as a result only a handful of companies are willing to certify a device as compliant.  Unfortunately, since the entire liability for HIPAA non-compliance is assigned to the health care provider, it would be wise to consult with an attorney to determine whether using this modem as a firewall is sufficient.  

As far as your extra firewall (should you and your attorney find it to be necessary), the internal firewall should be disabled prior to installation.  This is done by logging into the router and assigning the new firewall as the DMZ host.  You can access the modem's configuration page by surfing to http://192.168.1.254 on a connected device.  Once there, click on the "Home Network" box at the top and then "IP Passthrough" to the right.  Select the firewall from the menu and apply changes.
0
 
LVL 20

Assisted Solution

by:ElrondCT
ElrondCT earned 200 total points
ID: 22614133
While the DSL modem probably has an incoming firewall that would meet any requirements, it exercises no control over outgoing connections. Anyone who is concerned about HIPAA compliance should have a firewall on the computer that verifies that programs requesting Internet access are legitimate. I use and recommend ZoneAlarm (www.zonealarm.com), but there are others, both paid and free. (Note that the firewall built into Windows doesn't provide this level of protection.) This protects against a virus-type program getting on your system and surreptitiously sending out data from your system.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question