UCLAHealthSecure
The following instructions are taken from the UCLAHealthSecure Wireless Network webpage.
Overview
The UCLAHealthSecure wireless network provides secure, encrypted access to Mednet internal resources and the internet for devices with the appropriate wireless capabilities. In compliance with UCLA Health Device and Media Encryption Policy HS-9453-C, computers and other devices used for university business must be encrypted.
Coverage Areas
UCLAHealthSecure Wi-Fi will be broadcast in all UCLA Health IT-managed network locations. Coverage areas include:
- CHS
- Ronald Reagan UCLA Medical Center
- Ronald Reagan Medical Plaza 100, 200, 300
- Santa Monica UCLA Medical Center & Orthopaedic Hospital
- UCLA Health Clinics
- Wilshire Center
Requirements
Internet and Full Access to Internal Resources
Full access to internal resources while on the UCLAHealthSecure wireless network is available for the following:
- Mobile devices enrolled in mobile device management software
- Encrypted laptops/desktops with Trellix and OnGuard installed and status is “healthy”
Temporary Access to Internet Only – Mobile Devices
Internet only on the UCLAHealthSecure wireless network will be temporarily available for Android and iOS mobile devices that are not being used for university business and not enrolled in mobile device management software.
Please remember, mobile device management software is required for mobile devices that are being used for any university business. The MEDGUEST wireless network will continue to be available for guest access to the internet.
How to Get Access to UCLAHealthSecure
If you require full access to internal resources while on our network, please use the instructions below.
Personal Mobile Devices
In order to connect to UCLAHealthSecure on your personal mobile device and access resources that are only available on our internal network, mobile device management software must be installed.
Learn More about mobile device management software >>
- Mobile device management software download for iOS
- Mobile device management software download for Android
After enrolling in mobile device management software on iOS devices, including iPads, wait up to one hour to automatically begin using UCLAHealthSecure. No set up or login credentials are required.
After enrolling into mobile device management software on Android devices, you will need to select UCLAHealthSecure for your Wi-Fi connection from the “Wireless & Network” section found in your device “Settings.” You will be prompted to provide your login credentials. View Instructions >>
Personal Laptops/Desktops
Step #1. Encrypt your computer with an approved encryption application
- Review our Device Security Toolkit for step-by-step instructions.
Step #2. Download and install OnGuard
OnGuard will verify the encryption status of your laptop/desktop.
Step #3. Connect to UCLAHealthSecure from UCLA Health buildings (e.g., hospitals, clinics, DGSOM)
Overview
The SemelSecure wireless network takes computing beyond the office, or the lab PC, by offering the UCLA Health community fast, secure and convenient WiFi access to the UCLA Health network (Mednet) and the Internet from multiple wireless access points located in 300 Medical Plaza and Semel building only.
Who can use it?
SemelSecure offers UCLA Faculty, Staff and Affiliates secure WiFi access to Mednet and the Internet. Access is available as follows.
- Access for supported notebooks and computers with the appropriate wireless capabilities
- Access to Mednet network systems and resources including the Internet and any affiliate network connectivity
- Software installation and basic configuration by a trained Semel IT technician
Beginning December 30, 2020, SemelSecure access will be available for devices with the appropriate wireless capabilities.
Coverage Areas
- Semel Building
- Medical Plaza 300
Benefits
- VPN client is not required
- A variety of wireless devices can now connect to the Mednet wireless network
- Secure, encrypted access to Mednet and the Internet using WiFi standards-based authentication and encryption
Requirements
- A valid AD domain account
- Computer or mobile device with a WiFi Card (802.11a/b/g/n) capable of supporting the WPA2 Enterprise standard
- WPA2 Enterprise configuration settings
- 1X (PEAP)
- AES Encryption
- MS-CHAP-V2
Wireless Support
Devices must be configured in advanced before being able to connect to the SemelSecure wireless network depending on the wireless device and operating system.
For wireless support, please contact Semel IT at NPIHDesktop@mendet.ucla.edu.
Instructions
Choose your device for instructions:
1) Click on the Wi-Fi icon on the lower right corner of your taskbar to view available wireless networks.
2) Select SemelSecure and click “Connect.”
3) For user name, enter “ad\” and then your AD username (e.g. “ad\jbruin”). For password, enter your AD password.
5) If it was successful, you will get a notification on the top scroll bar with the following message: “Connection Successful.” Click “Finish.” You are now connected to SemelSecure.
1) Click on the Wi-Fi icon on the upper right side of your taskbar to view available wireless networks.
2) Select SemelSecure.
3) For user name, enter “ad\” and then your AD username (e.g. “ad\jbruin”). For password, enter your AD password.
4) Select “Join.”
5) If it was successful, you will get a notification on the top scroll bar with the following message: “Connection Successful.” Click “Finish.” You are now connected to SemelSecure.
1) Open the Wi-Fi settings to view available wireless networks.
2) Select SemelSecure.
3) For user name, enter “ad\” and then your AD username (e.g. “ad\jbruin”). For password, enter your AD password.
4) Select “Join.”
5) If it was successful, a checkmark will now appear next to SemelSecure indicating that you are now connected to the network.
1) Open the Wi-Fi settings to view available wireless networks.
2) Select SemelSecure.
3) Make sure the EAP method is “PEAP.”
4) For Identiity, enter “ad\” and then your AD username (e.g. “ad\jbruin”). For password, enter your AD password.
5) Choose “Don’t validate” for CA certificate.
6) Select “Connect.”
7) If it was successful, “SemelSecure” will now be listed under “Current network” and it will now indicate that you are “Connected” to the network.
Policies & Guidelines
Health Science Network Security policies are guided by HIPAA and California Privacy laws. They are meant to protect the privacy and security of all data that is created, collected, stored and disseminated throughout the UCLA community.
HIPAA and California Privacy Laws
We encourage you to read the HIPAA and California Privacy Laws Guide to help you understand what information is protected under federal and state privacy laws. This guide also explains patient privacy rights, your role as a workforce member in maintaining privacy of protected health information for patient care, teaching, research, fundraising, marketing and media and the consequences for non-compliance.
The HIPAA Privacy regulations pertain to information in any form – electronic, written, verbal and other media.
Key IT Policies Regarding Security
- HS 9450 – HIPAA Security
- HS 9451- Use of Electronic Information by UCLA Healthcare Workforce (Employees)
- HS 9452 – User Accounts (Authorizing ePHI Access by UCLA Healthcare Workforce Members; Passwords)
- HS 9453A – Use of Electronic Mail in Communication of Patient Identifiable Health Information (PHI)
- HS 9453D – Remote Access
- HS 9455 – Security Assessment and Management Plan
- HS 9456 – Physical Security of Electronic Resources
- HS 9457 – Information Technology Security
- HS 9459 – Security Incident Reporting
Acceptable Use of Wireless
UCLA Semel provides wireless services for the benefit of UCLA Health faculty, staff and patients. Current UCLA Health Wireless Guidelines prohibit the usage of unauthorized wireless access points inside the facilities of UCLA Health for the following reasons:
- The presence of unauthorized and unmanaged wireless access points leave UCLA Health network vulnerable to intruders who may access private information and violate HIPAA guidelines.
- The presence of unmanaged wireless access points can impact the performance of authorized wireless devices, thus causing potential disruption of services to individuals sharing the sanctioned system.