How to Make an RDP (Remote Desktop Protocol) Server HIPAA Compliant

• Remote Desktop Protocol and HIPAA Compliance
• Client Needs System for Nationwide Remote Desktop
• The perspective of Complete Healthcare Solutions
• Security Increasingly Critical in Healthcare

RDP Servers and HIPAA Compliance

Remote desktop protocol (RDP) can be made HIPAA compliant (HIPAA Compliant RDP Server Hosting) with the help of a HIPAA-compliant hosting company. Healthcare security and HIPAA compliance are points of focus for us at Atlantic.Net. Here is a sample chat with a prospective client interested in setting up nationwide access to a compliant system via remote desktop protocol (RDP).

Client Needs System for Nationwide Remote Desktop

Healthcare Client:

I have an application I’d like to have hosted with a HIPAA Compliant Hosting Server. My users will access the program from various locations throughout the U.S. via Remote Desktop.

Hosting Consultant:

Thank you for contacting Atlantic.Net. A few questions:

• How many internal users do you have? (Each internal user will need an “Encrypted” VPN to connect to the platform.)
• What is your total storage requirement?
• Are you “encrypting” the data before storing it on the HIPAA hosting platform?
• Is there a high amount of Read/Writes daily on the database side?
• Do you require any database software (we can only provide MySQL and MSSQL)?
• Do you have both a Web and Database front end?

Attached are the BAA and the HIPAA certification.

Healthcare Client:

• A “group” is considered from 2-100 individuals working for the same medical practice. They can be at several different physical locations, sharing the same databases. There will be a few groups to start, with a steady increase.
• 30 MB per group.
• A typical user will log in first thing in the morning and access the program 10-30 times a day. Very low bandwidth per group.
• Users will access the server/application via Remote Desktop. I am assuming the application and the databases will be separated.

Hosting Consultant:

OK, thank you for your responses.

Attached is the formal HIPAA-compliant pricing proposal. The smallest amount of Storage Space we can provide is 500 GB. The most cost-effective way to give Application and Database servers (to meet HIPAA requirements) is by using a dedicated server and creating two Virtual Machines inside the server. The dedicated server comes with ( 2 ) RDP licenses; they are $ XXX per month per RDP license if you need extra ones. We include ( 5 ) Encrypted VPNs with our proposal; if you need additional VPNs, they are $ XXX per month per VPN.

We require all of the services listed on the proposal to provide you with the business associate agreement. Below is a list of the supporting documents we provide for your review.

• Fully Managed Hardware Firewall
• Encrypted VPNs
• Intrusion Detection System
• Fully Managed Daily Backup

Healthcare Client:

Thanks for your quick reply. Please let me digest this information – I’m sure I’ll have some questions for you afterward.

Hosting Consultant:

Are you still looking for HIPAA Compliant Hosting services?

Healthcare Client:

I am still considering this. The project timing is not 100% defined. Do you have a few references who are current users that I can contact? Thank you.

Hosting Consultant:

We have many HIPAA hosting customers, but all customers have NDAs. We have some customers who have provided us with permission to use them as a reference, and you can contact these customers anytime.

Please see the attached list.

The perspective of Complete Healthcare Solutions

One of our most vocal supporters is Complete Healthcare Solutions.

“Atlantic.Net’s reputation for 100% up-time, their secure infrastructure, and expertise in Healthcare IT were key components in finalizing our partnership,” said the firm’s VP of product development, Joseph Nompleggi.

Security Increasingly Critical in Healthcare

To understand data breaches, follow the money. Hackers can now sell your healthcare records for ten times what they can get for your credit card. As medical records increase in value, more hackers set their sights on medical companies; their efforts are often successful since many firms use outdated equipment and don’t invest substantially in security.

“As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit,” explained TrustedSEC CEO Dave Kennedy, adding that the information is typically used to conduct medical fraud.

Hackers have disproportionately targeted healthcare companies for years, but their efforts are accelerating. In 2009, 20% of HIPAA “covered entities” reported an attack in a survey by the Ponemon Institute. By 2013, 40% of companies said they had experienced a breach.

Larry Ponemon, the institute’s founder, commented that 2014 was even more devastating for healthcare security: there were more successful assaults and more data exfiltrated per assault.

Intermountain Healthcare CIO Mark Probst noted that his hospital chain defends against thousands of cyberattacks every week.

Furthermore, Ponemon revealed that 9 out of every ten healthcare firms had patient records compromised or stolen in 2012 or 2013.

Currently, healthcare experiences more attacks than both finance and military organizations combined. Here are some essential resources that could assist you with setting up your RDP server, but to ensure HIPAA compliance, you need to add a comprehensive security apparatus around your RDP servers.

How to Configure Windows RDP Server

Remote Desktop Scenario using a Cloud VPS

How to Remote Desktop into Your Windows Server

 

*** Note that various details are changed for privacy, clarity, etc. ***

Check out our full range of VPS Hosting Solutions today.