Remote desktop is, by default, not HIPAA compliant
With today’s workload, long hours, and pressure to get more done in less time, remote access to your work computer can be a life saver. The remote access we will be discussing in this article is accessing your work desktop, files, printers, and applications. There are a number of options, some are better than others.
HIPAA says the following about remote access:
Any access from the Internet or a remote location must be encrypted. This means healthcare information going across the Internet cannot be read until it reaches the authenticated user on the other end where is it decrypted.
Passwords should be stored in a central, manageable location like a managed firewall or windows server.
Remote access is tracked and attempts to connect are also logged.
Login and Password are sent as encrypted data.
Unlimited attempts to guess or crack a password are stopped by the VPN device.
There are a number of solutions that are HIPAA compliant out of the box. If you use logmein for your remote access you can stop reading, logmein achieves all of the above. VNC and TeamViewer can be configured to be HIPAA compliant with some changes to there default installation.
But what about multiple office access, and the convenience of the Microsoft solution Remote Desktop Protocol (RDP)? Citrix is an “upgraded” fuller featured version of remote desktop and does not need VPN or the overhead of RDP.
RDP between offices or from home to the office by itself is NOT HIPAA compliant, it fails on 1, 4, and 5 above. However, it can be HIPAA compliant, PCI compliant, and accepted as Standard Business Security if you use RDP across a virtual private network (VPN).
So how can a healthcare facility allow remote access without violating HIPAA, PCI, and other security standards?
We recommend installing a firewall, in particular a Sonicwall Firewall. The Sonicwall line of firewalls come with an SSL VPN, which is a secure way to create an encrypted connection to your office network before initiating a remote desktop connection. Sonicwalls are affordable for almost any business starting at about $800.00. We also offer Basic Sonicwall monitoring that stores logs offsite, sends reports, and sends alerts for threats.
Sonicwall’s SSL VPN feature provides easy access to work on data from any Internet enabled Windows PC by downloading a small SSL VPN client. For Physicians who need to access sensitive data from multiple locations in a hurry this product fits the bill perfectly.
If your practice is at risk, please contact us. We offer a free initial consultation and can offer a total HIPAA compliance package.