Start by developing a reasonable wireless policy that supports the organization’s mission but protects information assets. Be sure that the draft policy is reviewed by organization leadership, including at least one physician, to get buy-in. That policy should prohibit establishment of access points by anyone other than designated staff (security or IT) in order to ensure proper control and configuration in accord with the information security program. Develop written procedures for submitting and handling requests for wireless use. Then disseminate this new information through training mechanisms to all affected, particularly the physician community and any others likely to want wireless networking. Finally, monitor compliance through procedures such as periodic war driving.
