General discussion

Locked

hipaa compliance

By sharon ·
I've done some research, but cant find the answer to my question. Can anyone help? we have tightvnc installed on all client machines for support reasons, and it has been recently brought up that this may be a hipaa violation. Our i.t. department doesnt think that it is, because it is password protected, and only 3 members of our staff can access clients machines with it. Basically, we can't do anything with tightvnc that we couldnt do by walking up to a computer and logging in. Any thoughts?

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by sgt_shultz In reply to hipaa compliance

i think it is a fair question. you may never get an answer but IT dept ought to have written response on file imho. password is nice. hope it is strong password. betcha there are guidelines to secure vnc beyond password. level of encryption/authentication and taking it off default ports and maybe implementing call back or something would be in order. hours vnc server is allowed to be available, like that. how are vnc patches to be monitored/applied. plus nicities like: crashing system makes everybody wait for admin in the morning. and idle users logged off automatically after not very long. hole big enuf to drive a truck thru, imho. nobody expects IT dept to be lawyers. don't point out not secure. don't start a fight. just point out possible liabilitys and offer suggestions to fix/mitigate. you write the stuff. leave blank what you can't guess, just call it strawman to get the juices flowing. i always present in report folder with DRAFT all over it and red pen for everybody along with their copy. should document stuff like following mfg's suggestions to secure, or accepted best practices to secure, having written user policy which holds educates users to possible threats and declares them responsible for maintaining strong secret password etc etc. hiipa good move in direction of lowering health care costs, yes? rdl
try to hack in yourself if you think you can without getting in trouble. maybe ask forgiveness not permission

Collapse -

by sharon In reply to

Poster rated this answer.

Collapse -

by JediMaster2003 In reply to hipaa compliance

They are somewhat right. As long as both parties are aware of the connection and a Policy is in PLACE for the JUSTIFICATION and USAGE of this VNC line your IT Department will be in compliance. See the following link for more info; http://www.hipaadvisory.com/action/security/intersectdepend.htm

Collapse -

by sharon In reply to

Poster rated this answer.

Collapse -

by sharon In reply to hipaa compliance

This question was closed by the author

Back to Networks Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums