By Dan Gospe
HIPAA Compliant Remote Access from Anywhere
With so many options for remote access on the market, accessing your dental office remotely has never been easier. Here are some things to keep in mind for your remote access software, to ensure your continued HIPAA compliance.
Encrypted Connection
In order to maintain HIPAA compliance as you remotely connect to your dental practice, you’ll need to make sure that your connection is encrypted. As such, your standard RDP (built into the Windows-OS) is not compliant out-of-the-box. By default, RDP can only be used within a secure network – meaning, that you can connect from one PC to another within the office, but under the standard configuration, taking your connection off-site will break compliance.
Most remote access software suites do provide encrypted connections, but before you sign on, get it in writing! Which brings us to our next item:
Business Associate Agreement (BAA)
You will need, in writing, a signed BAA with your software provider for remote access. Any remote access software that claims HIPAA compliance should include a BAA at no cost. Make sure you read it over; ideally, your remote access software provider should not have any access to your PCs – make sure you get it in writing for your HIPAA compliance binder.
Audit Trails
A compliant remote access software suite must include unique IDs and Passwords for each employee that will use the software to connect. The software also needs to be able to report on who accessed what, and when. This kind of reporting is required by HIPAA, as it is necessary to report on any data breach that may occur through the remote access service.
VPN Considerations
Remote access software does come with a caveat; there must be an available or virtual PC on the network to connect to. Because of this, you may instead consider a HIPAA compliant VPN connection instead.
VPN connections connect your PC or Laptop to your entire network remotely, which means as far as the computer you are using knows, you are physically in the office.
To outfit a VPN style connection to your office, it’s best to source a laptop or PC that you will use for remote access – this remote access PC will need to have your practice management and imaging software physically installed on it. A VPN solution is powerful, but it will introduce some performance issues as well as security concerns.
Your laptop or PC using VPN will need a much higher level of security systems than your other PCs to maintain security and compliance. Among the requirements are a password management policy, two-factor authentication, encryption and anti-virus, to name a few.
VPN connections can also introduce high network latency, which means performance may not be as fast as the remote access option explained above. Depending on what tasks you will perform remotely, performance may not be a factor in considering a VPN.
Conclusion
HIPAA compliant remote access software is available from many vendors, and provides better performance over a VPN. A VPN, however, is more powerful as it virtually attaches your device to your office network, which creates a much more seamless connection.
For a professional recommendation based on your needs, contact dmi Networking to discuss your overall goals.