PCAnywere / UltraVNC and HIPPA

[bob4432]

a doctor friend wants to be able to control his office machine over the internet, but the programs must be hippa compliant. does anybody know of a remote control suite that is? i see the new pcanywhere 11.5 offers 256bit AES which seems like enough, but i am not sure what the hippa law requires...anybody?

 

[bob4432]

anybody?

 

[DeckardBlade]

I couldn't tell you with absolute certaintity -- sad being that I'm HIPPA certified (blocked out as much of that test from my memory as possible). But, I work in an insurance company that must abide by those guidelines as well and we use Altiris / WinVNC / and Remote Desktop from XP for people to remote in and it doesn't seem to cause any issues. As long as all the data stays on the office machine, I think you're fine. Some one else may have some better insight though.

-DB

 

[sourceninja]

HIPPA requires 128bit encryption on public networks for transmission of data (or so i'm told). Now, if he does a dial up connection to his box via pcanywhere or the likes he needs no encryption.

Its been about a year sense I last worked at WebMD, but I can tell you that we did modem to modem dialing into customer's and we did not use any encryption. I brought this point up and was told it was not required unless it was over the Internet. I do know they were looking to change to some other program and use the Internet when I was leaving.

I'd say as long as its encrypted you are ok. The law only really says you have to make a conscious effort to keep the data secure.

 

[torpid]

When we read hipaa it had no specific requirements as far as number of bits or algorithms. feel free to read it yourself. It was intentionally worded in generalities to prevent favortism. Also, the actual procedures he uses are a lot more important than the technology, such as making it password secured and the like.

 

[mechBgon]

Originally posted by: torpid
When we read hipaa it had no specific requirements as far as number of bits or algorithms. feel free to read it yourself. It was intentionally worded in generalities to prevent favortism. Also, the actual procedures he uses are a lot more important than the technology, such as making it password secured and the like.

Aha, someone who spells HIPAA right I would suggest to the doctor that he skip the whole idea. Creating an open door into the work network isn't something I'd like to be the guy responsible for having set up, no sir. :Q

 

[bob4432]

Originally posted by: mechBgon

Originally posted by: torpid
When we read hipaa it had no specific requirements as far as number of bits or algorithms. feel free to read it yourself. It was intentionally worded in generalities to prevent favortism. Also, the actual procedures he uses are a lot more important than the technology, such as making it password secured and the like.

Aha, someone who spells HIPAA right I would suggest to the doctor that he skip the whole idea. Creating an open door into the work network isn't something I'd like to be the guy responsible for having set up, no sir. :Q

although i can't spell hipaa correctly, the doctor himself was going to set it up ~SCARY~