- Remote Desktop Protocol and HIPAA Compliance
- Client Needs System for Nationwide Remote Desktop
- Perspective of Complete Healthcare Solutions
- Security Increasingly Critical in Healthcare
RDP Servers and HIPAA Compliance
Remote desktop protocol (RDP) can be made HIPAA compliant with the help of a HIPAA-compliant hosting company. Healthcare security and HIPAA compliance are points of focus for us at Atlantic.Net. Here is a sample chat we had with a prospective client interested in setting up nationwide access to a compliant system via remote desktop protocol (RDP).
Client Needs System for Nationwide Remote Desktop
I have an application I’d like to have hosted with a HIPAA Compliant Server. My users will access the program from various locations throughout the U.S. via Remote Desktop.
Thank you for contacting Atlantic.Net. A few questions:
- How many internal users do you have? (Each internal user will need an “Encrypted” VPN to connect to the platform.)
- What is your total storage requirement?
- Are you “encrypting” the data before it is stored on the HIPAA hosting platform?
- On the database side, is there a high amount of Read/Writes on a daily basis?
- Do you require any database software (we can only provide MySQL and MSSQL)?
- Do you have both a Web and Database front end?
Attached is the BAA and the HIPAA certification.
- A “group” is considered anywhere from 2-100 individuals who work for the same medical practice. They can be at several different physical locations, and they will share the same databases. There will be a few groups to start, with a steady increase.
- 30 MB per group.
- Typical user will log in first thing in the morning and access the program 10-30 times a day. Very low bandwidth per group.
- Users will access the server/application via Remote Desktop. I am assuming the application and the databases will be separated.
OK, thank you for your responses.
Attached is the formal HIPAA-compliant pricing proposal. The smallest amount of Storage Space we can provide is 500 GB. The most cost effective way we have of providing Application and Database servers (to meet HIPAA requirements) is by using a dedicated server and creating two Virtual Machines inside the server. We are including ( 5 ) Encrypted VPN’s with our proposal; if you need extra VPNs, they are $ XXX per month, per VPN. The dedicated server comes with ( 2 ) RDP licenses; if you need extra ones, they are $ XXX per month, per RDP license.
We require all of the services that are listed on the proposal in order to provide you with the business associate agreement. Below is a list of the supporting documents we are providing for your review.
- Fully Managed Hardware Firewall
- Encrypted VPNs
- Intrusion Detection System
- Fully Managed Daily Backup
Thanks for your quick reply. Please let me digest this information – I’m sure I’ll have some questions for you afterward.
Are you still looking for HIPAA Compliant Hosting services?
I am still considering this. The project timing is not 100% defined. Do you have a few references who are current users that I can contact? Thank you.
We have many HIPAA hosting customers, but all of our customers have NDAs. We do have some customers who have provided us with permission to use them as a reference, and you can contact these customers anytime.
Please see the attached list.
Perspective of Complete Healthcare Solutions
One of our most vocal supporters is Complete Healthcare Solutions.
“Atlantic.Net’s reputation for 100% up-time, their secure infrastructure and expertise in Healthcare IT were key components in finalizing our partnership,” said the firm’s VP of product development, Joseph Nompleggi.
Security Increasingly Critical in Healthcare
To understand data breaches, just follow the money. Hackers can now sell your healthcare records for 10 times what they can get for your credit card. As medical records increase in value, more hackers are setting their sights on medical companies; their efforts are often successful, since many firms use outdated equipment and don’t invest substantially in security.
“As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit,” explained TrustedSEC CEO Dave Kennedy, adding that the information is typically used to conduct medical fraud.
Hackers have been disproportionately targeting healthcare companies for years, but their efforts are clearly accelerating. In 2009, 20% of HIPAA “covered entities” reported an attack in a survey by the Ponemon Institute. By 2013, 40% of companies said that they had experienced a breach.
Larry Ponemon, the founder of the institute, commented that 2014 was even more devastating for healthcare security: there were more successful assaults and more data exfiltrated per assault.
Intermountain Healthcare CIO Mark Probst noted that his hospital chain defends against thousands of cyber attacks every week.
Furthermore, Ponemon revealed that 9 out of every 10 healthcare firms had patient records compromised or stolen in 2012 or 2013.
Currently, healthcare experiences more attacks than both finance and military organizations combined.
*** Note that various details are changed for privacy, clarity, etc. ***
Check out our full range of VPS Hosting Solutions today.