Logitech<\/a> should have some. Microsoft only comes up with rules how to make teams, or azure compilant.<\/p>","upvoteCount":0,"datePublished":"2022-09-22T06:24:53.000Z","url":"https://community.spiceworks.com/t/hipaa-bluetooth-wireless-headsets-mice-keyboards/936547/2","author":{"@type":"Person","name":"strach","url":"https://community.spiceworks.com/u/strach"}},{"@type":"Answer","text":"No, I’ve never done such research. And as Bluetooth is a short distance radio communication option, I don’t see any challenges for compliance of the devices themselves. Adding comfort software services on top like auto-spelling tools could raise such questions. Inappropriate use may raise such questions and hence impose constraints to ensure compliant use.<\/p>\n
Smartphones of patients may come with Bluetooth too. But Bluetooth needs pairing. So as long as pairing of unknown patient smartphones does not get supported, and some problematic comfort services are not added, I can’t see a compliance issue with such devices.<\/p>\n
And compliance may require to have organizational means in place so that patients don’t become able to access an already paired Bluetooth device of the medical office while the assistants are assisting in patient care rooms and the reception desk might be temporarily unoccupied.<\/p>","upvoteCount":2,"datePublished":"2022-09-22T08:08:14.000Z","url":"https://community.spiceworks.com/t/hipaa-bluetooth-wireless-headsets-mice-keyboards/936547/3","author":{"@type":"Person","name":"scheff1","url":"https://community.spiceworks.com/u/scheff1"}},{"@type":"Answer","text":"
I’ve studied this, under general security, but not specifically HIPAA. In short, yes, it’s “HIPAA compliant”, meaning that the communication is encrypted (as long as it’s not a really old bluetooth device from pre-2010), because that’s pretty much the only requirement for HIPAA.<\/p>\n
Is it safe?<\/p>\n
There are risks, and the size of the risk depends on your specific environment. Can non-staff come within range of a bluetooth enabled computer or terminal? Would they be able to establish a connection to it? Are there any other opportunities for non-staff to park a device within your offices (i.e. how good is your physical security)?<\/p>\n
This is why most requests for Bluetooth devices go through an IT department; so we can gauge if the device is secure, and to make sure that the terminal/workstation is configured safely.<\/p>","upvoteCount":3,"datePublished":"2022-09-22T11:35:40.000Z","url":"https://community.spiceworks.com/t/hipaa-bluetooth-wireless-headsets-mice-keyboards/936547/4","author":{"@type":"Person","name":"benoitt","url":"https://community.spiceworks.com/u/benoitt"}},{"@type":"Answer","text":"
I probably should have said this in my original post: we are not a hospital nor a physician’s office. We are a medical device mfr & service provider. We have Sales & Service staff working from home that are communicating to patients and physician’s offices via phone, email & chat. So, we are not in full control of the physical space where the workstation is located, although we do have policies in place that require each employee to be trained on HIPAA and to certify they have a secure space to communicate with patients and that they do not allow unauthorized access to the workstation.<\/p>\n
The reality is that if a work-from-home employee connects a wireless headset, mouse or keyboard to their workstation, we currently have no way to know that. Right now, we do not have a policy against it, nor do we have a policy against supplying IT-purchased wireless headsets, etc to employees.<\/p>","upvoteCount":0,"datePublished":"2022-09-22T14:12:25.000Z","url":"https://community.spiceworks.com/t/hipaa-bluetooth-wireless-headsets-mice-keyboards/936547/5","author":{"@type":"Person","name":"billybob4140","url":"https://community.spiceworks.com/u/billybob4140"}},{"@type":"Answer","text":"
You just had to make it more complicated, didn’t you?
You’ve done your part. The policy is in place, and it’s not on you. That aside… given that the work-from-home staff is responsible for securing their environments, you could always offer guidance, or consulting options, to those who’d like assistance.<\/p>\n
But otherwise, you’ve (probably) met the HIPAA requirements.<\/p>\n
Cheers!<\/p>","upvoteCount":1,"datePublished":"2022-09-22T18:40:19.000Z","url":"https://community.spiceworks.com/t/hipaa-bluetooth-wireless-headsets-mice-keyboards/936547/6","author":{"@type":"Person","name":"benoitt","url":"https://community.spiceworks.com/u/benoitt"}},{"@type":"Answer","text":"\n\n
<\/div>\n
BenoitT:<\/div>\n
\nYou’ve done your part. The policy is in place, and it’s not on you.
But otherwise, you’ve (probably) met the HIPAA requirements.<\/p>\n<\/blockquote>\n<\/aside>\n
Let the compliance officer do his audits if those working from home are complying. It’s probably not a case of the devices. It may be a case of usage.<\/p>","upvoteCount":0,"datePublished":"2022-09-22T18:45:19.000Z","url":"https://community.spiceworks.com/t/hipaa-bluetooth-wireless-headsets-mice-keyboards/936547/7","author":{"@type":"Person","name":"scheff1","url":"https://community.spiceworks.com/u/scheff1"}}]}}
Well, after over 10 years in Healthcare-related IT, I thought I had seen most of the silly compliance questions, but this is a new one…
Our Compliance Manager is questioning whether the wireless headsets, mice & keyboards are HIPAA compliant. I know the older Plantronics DECT headsets we use are, but what about the newer Bluetooth headsets? And, what about other Bluetooth devices like speakerphones, mice & keyboards? Or, how about the 2.4 Ghz mice & keyboards from Logitech & Microsoft?
Has anyone already done this research??
@Microsoft @Logitech
8 Spice ups
strach
September 22, 2022, 6:24am
2
NO idea bout mouses, keyboards, mices headsets. But cameras acording to Logitech should have some. Microsoft only comes up with rules how to make teams, or azure compilant.
scheff1
September 22, 2022, 8:08am
3
No, I’ve never done such research. And as Bluetooth is a short distance radio communication option, I don’t see any challenges for compliance of the devices themselves. Adding comfort software services on top like auto-spelling tools could raise such questions. Inappropriate use may raise such questions and hence impose constraints to ensure compliant use.
Smartphones of patients may come with Bluetooth too. But Bluetooth needs pairing. So as long as pairing of unknown patient smartphones does not get supported, and some problematic comfort services are not added, I can’t see a compliance issue with such devices.
And compliance may require to have organizational means in place so that patients don’t become able to access an already paired Bluetooth device of the medical office while the assistants are assisting in patient care rooms and the reception desk might be temporarily unoccupied.
2 Spice ups
benoitt
September 22, 2022, 11:35am
4
I’ve studied this, under general security, but not specifically HIPAA. In short, yes, it’s “HIPAA compliant”, meaning that the communication is encrypted (as long as it’s not a really old bluetooth device from pre-2010), because that’s pretty much the only requirement for HIPAA.
Is it safe?
There are risks, and the size of the risk depends on your specific environment. Can non-staff come within range of a bluetooth enabled computer or terminal? Would they be able to establish a connection to it? Are there any other opportunities for non-staff to park a device within your offices (i.e. how good is your physical security)?
This is why most requests for Bluetooth devices go through an IT department; so we can gauge if the device is secure, and to make sure that the terminal/workstation is configured safely.
3 Spice ups
I probably should have said this in my original post: we are not a hospital nor a physician’s office. We are a medical device mfr & service provider. We have Sales & Service staff working from home that are communicating to patients and physician’s offices via phone, email & chat. So, we are not in full control of the physical space where the workstation is located, although we do have policies in place that require each employee to be trained on HIPAA and to certify they have a secure space to communicate with patients and that they do not allow unauthorized access to the workstation.
The reality is that if a work-from-home employee connects a wireless headset, mouse or keyboard to their workstation, we currently have no way to know that. Right now, we do not have a policy against it, nor do we have a policy against supplying IT-purchased wireless headsets, etc to employees.
benoitt
September 22, 2022, 6:40pm
6
You just had to make it more complicated, didn’t you?
You’ve done your part. The policy is in place, and it’s not on you. That aside… given that the work-from-home staff is responsible for securing their environments, you could always offer guidance, or consulting options, to those who’d like assistance.
But otherwise, you’ve (probably) met the HIPAA requirements.
Cheers!
1 Spice up
scheff1
September 22, 2022, 6:45pm
7
BenoitT:
You’ve done your part. The policy is in place, and it’s not on you.
But otherwise, you’ve (probably) met the HIPAA requirements.
Let the compliance officer do his audits if those working from home are complying. It’s probably not a case of the devices. It may be a case of usage.
![\":stuck_out_tongue:\"](\"https://emoji.discourse-cdn.com/twitter/stuck_out_tongue.png?v=12\" "\\":stuck_out_tongue:\\"")
<\/p>\n