Why use VPN in healthcare?

What is a VPN?

A Virtual Private Network (VPN) is a way of securely connecting from your computer to a server on the Internet, so that the two computers can talk to each other through an encrypted “tunnel”. For more information about the technical aspects, take a look at https://www.whatismyip.com/what-is-a-vpn/

A VPN is usually set up by your organization, university or healthcare region, as a way to securely connecting to their servers so that you can, for instance, download files that have been shared with team members. It is a way of working through the firewall restrictions that keep members of the public out. It will also help to prevent sensitive patient data from being intercepted en route.

Why not just use https?

You will notice that some web sites start with https:// instead of http:// — the extra ‘s’ indicates that the information is encrypted using SSL to and from your computer. This is a useful step and is better than no SSL. In some ways, you might think of it like open wifi compared to secure wifi where you need to login with a password.

Last year, the standard for SSL (called OpenSSL) was hacked, which caused a few worries. It has been fixed and for some things, SSL is just fine. But for sensitive patient data, it may be better to move things up a notch and use a fully encrypted VPN tunnel.

How do I use VPN?

You will need a VPN server to connect to. Ask IT support in your organization about how to set this up. They may well do it for you but a simple VPN is not hard to setup. They may also send you a file to download and install on your computer – this is often preconfigured but if not, you may just need to enter some settings.

Once your VPN app or client is set up on your own computer, you should run it first before you connect to your organization’s server. Leave the VPN tunnel connected while you are working. If you close it down too soon, you will also lose your browser connection to the secure server and may lose what you were working on.

Will I need a security dongle?

It used to be quite common to need one of those funny plastic key shaped dongles in order to connect to a VPN. This is now much less common. Many VPN tunnels do not need them. For more secure connections, your organization may still ask you to use a generated RSA token. This is a 6-digit number, which used to be read off the LCD display of the dongle. Now you can simply install an RSA SecureID app on your phone, which does the same thing.

Will I be completely anonymous when using a VPN?

Not really. Your communications between your laptop and the organization’s server will be hidden from the outside world, but your org will still know who you are. Your location and IP address may be hidden – this factor has been quite popular with Netflix users. Connecting to Netflix via a VPN means that they can pretend that they are located in the USA and therefore get better channel offerings than the rest of the world. Two big caveats about that: (1) Netflix is now wise to this; (2) do not use your healthcare VPN tunnel to do this – you will get a nasty note from your network administrator.