We have been reviewing our office security guidelines and procedures to comply with HIPAA guidelines, and have found some conflicting information on what type of security we are supposed to use for remote access to our systems. Some of the guidelines have been extremely vague, while others have mentioned FIPS 1040-2 encryption. How is everyone allowing remote access into their systems? Are you using a direct Windows remote desktop (RDP), virtual private network (VPN) or a combination of both?
Thank you for your input,
Donna Gallo
SVMSMG
We use a sonicwall SSL VPN device.
It has alowed us to create a secure remote access web site.
Staff logs into the site and are presented with a group of links to internal assets.
Works on Windows, Mac, and even linux. Future versions will support IOS and Android.
For CPS the link points to a 2008 R2 rdweb session.
All is encrypted from initial connection through applications.
Do you see any issues with not using a VPN and just using a straight RDP connection? It would be much easier on the doctors, but just have reservations about the security of RDP.
RDP uses a well known encryption algorythm. Being that it is well know, it is easier to crack. Also it leaves your RDP server open for a direct attack. Either a DDOS or Login attack.
To much chance for sytem to be compromised.