Understanding Remote Desktop with HIPPA Compliance

Sam Guiliano
by (86 posts) under Healthcare IT
0 Comments
  • Security Increasingly Critical in Healthcare
  • Client Needs System for Nationwide Remote Desktop
  • Perspective of Complete Healthcare Solutions

Security Increasingly Critical in Healthcare

To understand data breaches, just follow the money. Hackers can now sell your healthcare records for 10 times what they can get for your credit card. As medical records increase in value, more hackers are setting their sights on medical companies; their efforts are often successful, since many firms use outdated equipment and don’t invest substantially in security.

“As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit,” explained TrustedSEC CEO Dave Kennedy, adding that the information is typically used to conduct medical fraud.

Hackers have been disproportionately targeting healthcare companies for years, but their efforts are clearly accelerating. In 2009, 20% of HIPAA “covered entities” reported an attack in a survey by the Ponemon Institute. By 2013, 40% of companies said that they had experienced a breach.

Larry Ponemon, the founder of the institute, commented that 2014 was even more devastating for healthcare security: there were more successful assaults and more data exfiltrated per assault.

Intermountain Healthcare CIO Mark Probst noted that his hospital chain defends against thousands of cyber attacks every week.

Furthermore, Ponemon revealed that 9 out of every 10 healthcare firms had patient records compromised or stolen in 2012 or 2013.

Currently, healthcare experiences more attacks than both finance and military organizations combined.

Healthcare security and HIPAA compliance are points of focus for us at Atlantic.Net. Here is a sample chat we had with a prospective client interested in setting up nationwide access to a compliant system via remote desktop.

*** Note that various details are changed for privacy, clarity, etc. ***

Client Needs System for Nationwide Remote Desktop

Healthcare Client:

I have an application I’d like to have hosted with a HIPPA Compliant Server. My users will access the program from various locations throughout the U.S. via Remote Desktop.

Hosting Consultant:

Thank you for contacting Atlantic.Net. A few questions:

  • How many internal users do you have? (Each internal user will need an “Encrypted” VPN to connect to the platform.)
  • What is your total storage requirement?
  • Are you “encrypting” the data before it is stored on the HIPAA hosting platform?
  • On the database side, is there a high amount of Read/Writes on a daily basis?
  • Do you require any database software (we can only provide MySQL and MSSQL)?
  • Do you have both a Web and Database front end?

Attached is the BAA and the HIPAA certification.

Healthcare Client:

  • A “group” is considered anywhere from 2-100 individuals who work for the same medical practice. They can be at several different physical locations, and they will share the same databases. There will be a few groups to start, with a steady increase.
  • 30 MB per group.
  • Typical user will log in first thing in the morning and access the program 10-30 times a day. Very low bandwidth per group.
  • Users will access the server/application via Remote Desktop. I am assuming the application and the databases will be separated.

Hosting Consultant:

OK, thank you for your responses.

Attached is the formal HIPAA-compliant pricing proposal. The smallest amount of Storage Space we can provide is 500 GB. The most cost effective way we have of providing Application and Database servers (to meet HIPAA requirements) is by using a dedicated server and creating two Virtual Machines inside the server. We are including ( 5 ) Encrypted VPN’s with our proposal; if you need extra VPNs, they are $ XXX per month, per VPN. The dedicated server comes with ( 2 ) RDP licenses; if you need extra ones, they are $ XXX per month, per RDP license.

We require all of the services that are listed on the proposal in order to provide you with the business associate agreement. Below is a list of the supporting documents we are providing for your review.

  • Fully Managed Hardware Firewall
  • Encrypted VPNs
  • Intrusion Detection System
  • Fully Managed Daily Backup

Healthcare Client:

Thanks for your quick reply. Please let me digest this information – I’m sure I’ll have some questions for you afterward.

Hosting Consultant:

Are you still looking for HIPAA Compliant Hosting services?

Healthcare Client:

I am still considering this. The project timing is not 100% defined. Do you have a few references who are current users that I can contact? Thank you.

Hosting Consultant:

We have many HIPAA hosting customers, but all of our customers have NDAs. We do have some customers who have provided us with permission to use them as a reference, and you can contact these customers anytime.

Please see the attached list.

Perspective of Complete Healthcare Solutions

One of our most vocal supporters is Complete Healthcare Solutions.

“Atlantic.Net’s reputation for 100% up-time, their secure infrastructure and expertise in Healthcare IT were key components in finalizing our partnership,” said the firm’s VP of product development, Joseph Nompleggi.

Check out our full range of Cloud Hosting Solutions today.


Related Posts

Stay Connected With Us