Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 588
  • Last Modified:

Terminal Server and HIPAA Compliance

All:

Just wanted to find out whether or not Terminal Server is considered HIPAA Compliant.  Does any one have any information regarding this?  Also your thoughts on PC Anywhere and HIPAA Compliance

jocasio
0
Juan Ocasio
Asked:
Juan Ocasio
  • 4
  • 3
1 Solution
 
chris_calabreseCommented:
First, software is not inherently HIPAA Compliant. It depends on how you use it.

That said, PC Anywere logs only to the local computer, so if you have a log management and reporting solution (which is required by HIPAA) based on getting logs from the domain controllers, TS will work with it, whereas PCA won't.
0
 
Juan OcasioAuthor Commented:
So you are saying that my company can be HIPAA complaint while using Terminal Server?  I guess that was my real question.  We want clients to have the ability to view their accounts via Terminal Server so we want to make sure this would not have an affect with respect to HIPAA compliance.

Thanks again,

jocasio
0
 
chris_calabreseCommented:
Yes, it is possible to be HIPAA Compliant and use Terminal Server. Whether you are compliant currently or will implement TS in such a way to remain compliant, is another matter howerver.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
Juan OcasioAuthor Commented:
How would you suggest implementing TS to remain compliant?
0
 
chris_calabreseCommented:
HIPAA Security Rule is all about access control, addressing vulnerabilities, and audit log reporting.

A compliant TS implementation would limit who could connect, limit what authorized individuals could do once they connected, keep up to date on patches, and have someone reviewing the logs of who connected and what they did.
0
 
Juan OcasioAuthor Commented:
Thanks for the info!
0
 
chris_calabreseCommented:
No problem
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now