Atlantic.Net Blog

How to Make an RDP (Remote Desktop Protocol) Server HIPAA Compliant

Sam Guiliano
by Atlantic.Net (86posts) under HIPAA Compliant Hosting
  • Remote Desktop Protocol and HIPAA Compliance
  • Client Needs System for Nationwide Remote Desktop
  • Perspective of Complete Healthcare Solutions
  • Security Increasingly Critical in Healthcare

RDP Servers and HIPAA Compliance

Remote desktop protocol (RDP) can be made HIPAA compliant with the help of a HIPAA-compliant hosting company. Healthcare security and HIPAA compliance are points of focus for us at Atlantic.Net. Here is a sample chat we had with a prospective client interested in setting up nationwide access to a compliant system via remote desktop protocol (RDP).

Client Needs System for Nationwide Remote Desktop

Healthcare Client:

I have an application I’d like to have hosted with a HIPAA Compliant Server. My users will access the program from various locations throughout the U.S. via Remote Desktop.

Hosting Consultant:

Thank you for contacting Atlantic.Net. A few questions:

  • How many internal users do you have? (Each internal user will need an “Encrypted” VPN to connect to the platform.)
  • What is your total storage requirement?
  • Are you “encrypting” the data before it is stored on the HIPAA hosting platform?
  • On the database side, is there a high amount of Read/Writes on a daily basis?
  • Do you require any database software (we can only provide MySQL and MSSQL)?
  • Do you have both a Web and Database front end?

Attached is the BAA and the HIPAA certification.

Healthcare Client:

  • A “group” is considered anywhere from 2-100 individuals who work for the same medical practice. They can be at several different physical locations, and they will share the same databases. There will be a few groups to start, with a steady increase.
  • 30 MB per group.
  • Typical user will log in first thing in the morning and access the program 10-30 times a day. Very low bandwidth per group.
  • Users will access the server/application via Remote Desktop. I am assuming the application and the databases will be separated.

Hosting Consultant:

OK, thank you for your responses.

Attached is the formal HIPAA-compliant pricing proposal. The smallest amount of Storage Space we can provide is 500 GB. The most cost effective way we have of providing Application and Database servers (to meet HIPAA requirements) is by using a dedicated server and creating two Virtual Machines inside the server. We are including ( 5 ) Encrypted VPN’s with our proposal; if you need extra VPNs, they are $ XXX per month, per VPN. The dedicated server comes with ( 2 ) RDP licenses; if you need extra ones, they are $ XXX per month, per RDP license.

We require all of the services that are listed on the proposal in order to provide you with the business associate agreement. Below is a list of the supporting documents we are providing for your review.

  • Fully Managed Hardware Firewall
  • Encrypted VPNs
  • Intrusion Detection System
  • Fully Managed Daily Backup

Healthcare Client:

Thanks for your quick reply. Please let me digest this information – I’m sure I’ll have some questions for you afterward.

Hosting Consultant:

Are you still looking for HIPAA Compliant Hosting services?

Healthcare Client:

I am still considering this. The project timing is not 100% defined. Do you have a few references who are current users that I can contact? Thank you.

Hosting Consultant:

We have many HIPAA hosting customers, but all of our customers have NDAs. We do have some customers who have provided us with permission to use them as a reference, and you can contact these customers anytime.

Please see the attached list.

Perspective of Complete Healthcare Solutions

One of our most vocal supporters is Complete Healthcare Solutions.

“Atlantic.Net’s reputation for 100% up-time, their secure infrastructure and expertise in Healthcare IT were key components in finalizing our partnership,” said the firm’s VP of product development, Joseph Nompleggi.

Security Increasingly Critical in Healthcare

To understand data breaches, just follow the money. Hackers can now sell your healthcare records for 10 times what they can get for your credit card. As medical records increase in value, more hackers are setting their sights on medical companies; their efforts are often successful, since many firms use outdated equipment and don’t invest substantially in security.

“As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit,” explained TrustedSEC CEO Dave Kennedy, adding that the information is typically used to conduct medical fraud.

Hackers have been disproportionately targeting healthcare companies for years, but their efforts are clearly accelerating. In 2009, 20% of HIPAA “covered entities” reported an attack in a survey by the Ponemon Institute. By 2013, 40% of companies said that they had experienced a breach.

Larry Ponemon, the founder of the institute, commented that 2014 was even more devastating for healthcare security: there were more successful assaults and more data exfiltrated per assault.

Intermountain Healthcare CIO Mark Probst noted that his hospital chain defends against thousands of cyber attacks every week.

Furthermore, Ponemon revealed that 9 out of every 10 healthcare firms had patient records compromised or stolen in 2012 or 2013.

Currently, healthcare experiences more attacks than both finance and military organizations combined.

*** Note that various details are changed for privacy, clarity, etc. ***

Check out our full range of VPS Hosting Solutions today.

Start Your HIPAA Project with a Free Fully Audited HIPAA Platform Trial!

HIPAA Compliant Compute & Storage, Encrypted VPN, Security Firewall, BAA, Offsite Backups, Disaster Recovery, & More!

Start My Free Trial

Looking for HIPAA Compliant Hosting?

We Can Help with a Free Assessment.

  • IT Architecture Design, Security, & Guidance.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now!
Stevie Gold Award Med Tech Award

SOC Audit HIPAA Audit HITECH Audit

Case Studies

White Papers


HIPAA Partners

Recent Posts

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G2.1GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year

New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4


London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom