HIPAA says the following about remote access:
- Any access from the Internet or a remote location must be encrypted. This means healthcare information going across the Internet cannot be read until it reaches the authenticated user on the other end where is it decrypted.
- Passwords should be stored in a central manageable location like a managed firewall or windows server
- Remote access is tracked and attempts to connect are also logged
- Login and Password are sent as encrypted data
- Unlimited attempts to guess or crack a password are stopped by the VPN device
If you use logmein for your remote access, then you are safe because logmein achieves all of the above.
But what about multiple office access, and the convenience of the Microsoft solution Remote Desktop Protocol (RDP)?
RDP between offices by itself is NOT HIPAA compliant, it fails on 1, 4, and 5 above. However, it can be HIPAA compliant, PCI compliant and accepted as Standard Business Security if you use RDP across a virtual private network (VPN).
So how can a healthcare facility allow remote access without violating HIPAA, PCI and other security standards?
We recommend consulting with your IT provider to make sure they have installed a firewall, which is a secure way to create an encrypted connection to your office network before initiating a remote desktop connection.
We also offer firewall monitoring that stores logs offsite, sends reports and sends alerts for threats.
Our Firewall's SSL VPN feature provides easy access to work data from any Internet enabled windows PC by downloading a small SLL VPN client.
For Physicians who need to access sensitive data from multiple locations in a hurry this product fits the bill perfectly.
Are you concerned your practice may be at risk? We can provide your practice with a comprehensive HIPAA Technology Audit for compliance in your practice.
Our HIPAA Technology Audit includes the following:
- Onsite Analysis of Existing Policies and Systems in Place
- Thorough Analysis and Deliverables Reporting our Findings
- Implementation Plan to Ensure Compliance
Get started today with a complementary phone consultation with one of our Technology and Integration Specialists.