/policies/,/policies/administrative/,/policies/administrative/uw-health-administrative/,/policies/administrative/uw-health-administrative/administration/,

/policies/administrative/uw-health-administrative/administration/151.policy

201705150

page

100

UWHC,UWMF,

Policies,Administrative,UW Health Administrative,Administration

UW Health Wireless Security and Access (1.51)

UW Health Wireless Security and Access (1.51) - Policies, Administrative, UW Health Administrative, Administration

1.51

Page 1 of 3


Administrative (Non-Clinical) Policy
This administrative policy applies to the operations and staff of the University of Wisconsin Hospitals and
Clinics Authority (UWHCA) as integrated effective July 1, 2015, including the legacy operations and
staff of University of Wisconsin Hospital and Clinics (UWHC) and University of Wisconsin Medical
Foundation (UWMF).

Policy Title: UW Health Wireless Security and Access
Policy Number: 1.51
Effective Date: 06/01/2017
Chapter Administration
Version: Revision


I. PURPOSE

This policy identifies the controls used to maintain and protect UW Health wireless network systems in
and around UW Health managed facilities.

II. SCOPE

This policy covers the UW Health internal wireless network (defined to exclude guest wireless) and the
devices that connect to it. This policy does not extend to devices that use wireless signals exclusively
from commercial cellular carriers. Refer to the Mobile Device Policy for more information about the
latter devices.

III. DEFINITIONS

802.1x security: A standard for controlling network access, predominantly in wireless networks. The
network port remains disconnected until after authentication is complete.

Internal 802.1x authenticated wireless: These networks function similarly to UW Health wired
networks. They utilize 802.1x security and require authentication. Authorized users or devices must have
a defined group membership for their account to authenticate. These wireless networks are encrypted and
only UW Health owned and managed wireless devices are allowed to connect with these networks.

Internal pre-shared key wireless: These networks are for wireless devices that cannot support advanced
authentication like the above. They are segregated from the rest of the internal network and have access
only as it supports their function. These wireless networks are also encrypted.

Guest wireless: This wireless network is used by guests of UW Health, including patients, vendors,
technicians, and others. Users of this network are only allowed to access servers over the ports used for
the web, secure web, and other common Internet protocols. Internal UW Health resources are inaccessible
from the guest wireless network except through standard remote access mechanisms that are accessible
from the public internet. This wireless network is not encrypted.


Page 2 of 3

Rogue access point: These are wireless access points that are operating without UW Health approval.

IV. POLICY ELEMENTS
A. Access
1. Wireless networks offer access to many of the same resources as wired networks, with the
convenience of mobility within the business environment covered by the wireless network.
However, wireless networks differ from wired networks in availability, utility, and
vulnerability, so they require additional controls on their use and management.
2. Only devices owned and managed by UW Health are permitted to connect to the UW Health
internal wireless network, without exception. UW Health offers free public wireless access
via a separate network for devices not owned and managed by UW Health.
3. Wireless access to the Internet is subject to the policy standards in:
a. UW Hospital and Clinics Administrative Policy 1.29 – Use of Internet Technology via
Hospital Resources
b. UW Medical Foundation Acceptable Use Policy
B. Security and Availability
1. UW Health Information Services provides wireless networking in all UW Health facilities
where it is reasonable and feasible to do so. The presence of other wireless networks in the
non-UW Health managed facilities of business partners may preclude UW Health wireless
network availability.
2. There are several wireless networks available in UW Health facilities and some have different
levels of security and functionality. Access is provided to these networks via unique wireless
SSIDs. Wireless access falls into three general categories (see the Definitions section for an
explanation of each):
a. Internal 802.1x authenticated wireless
b. Internal pre-shared key wireless
c. Guest wireless
3. Note: Rogue access points are not recognized or supported by UW Health IS. Access to
networks via rogue access points is prohibited and they are terminated when discovered.
V. REFERENCES

 UWHC Policy 1.29 – Use of Internet Technology via Hospital Resources
 UW Health Mobile Device Policy 1.46 - Mobile Device Access to Corporate Data Systems

VI. COORDINATION

Sr. Management Sponsor: UW Health IS CTO
Author: UW Health IS Director – Systems Security
Reviewers: UW Health IS Directors; UWHC Internal Auditor

Approval committee: UW Health Administrative Policy & Procedure Committee



Page 3 of 3


SIGNED BY

Elizabeth Bolt
UW Health Chief Administrative Officer

Revision Detail
Previous revision: 09/01/2014
Next revision: 06/01/2020