Solved

Terminal Server and HIPAA Compliance

Posted on 2006-07-17
7
574 Views
Last Modified: 2010-04-11
All:

Just wanted to find out whether or not Terminal Server is considered HIPAA Compliant.  Does any one have any information regarding this?  Also your thoughts on PC Anywhere and HIPAA Compliance

jocasio
0
Comment
Question by:Juan Ocasio
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 17125730
First, software is not inherently HIPAA Compliant. It depends on how you use it.

That said, PC Anywere logs only to the local computer, so if you have a log management and reporting solution (which is required by HIPAA) based on getting logs from the domain controllers, TS will work with it, whereas PCA won't.
0
 
LVL 14

Author Comment

by:Juan Ocasio
ID: 17125859
So you are saying that my company can be HIPAA complaint while using Terminal Server?  I guess that was my real question.  We want clients to have the ability to view their accounts via Terminal Server so we want to make sure this would not have an affect with respect to HIPAA compliance.

Thanks again,

jocasio
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 17125879
Yes, it is possible to be HIPAA Compliant and use Terminal Server. Whether you are compliant currently or will implement TS in such a way to remain compliant, is another matter howerver.
0
Webinar June 1st - Attacking Ransomware  

The global cyberattack that corrupted hundreds of thousands of computer systems on May 12th had a face, name, & price tag that we’ve seen all too often in recent years: Ransomware. With the stakes – and costs – of a ransomware attack higher than ever, is your business prepared ?

 
LVL 14

Author Comment

by:Juan Ocasio
ID: 17126425
How would you suggest implementing TS to remain compliant?
0
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 125 total points
ID: 17130117
HIPAA Security Rule is all about access control, addressing vulnerabilities, and audit log reporting.

A compliant TS implementation would limit who could connect, limit what authorized individuals could do once they connected, keep up to date on patches, and have someone reviewing the logs of who connected and what they did.
0
 
LVL 14

Author Comment

by:Juan Ocasio
ID: 17132404
Thanks for the info!
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 17132434
No problem
0

Featured Post

How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
A hard and fast method for reducing Active Directory Administrators members.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question