Educause Security Discussion mailing list archives
Re: Health centers and VPN access to patient records systems
From: "McCrone, Kevin" <kmccrone () ILSTU EDU>
Date: Tue, 24 Jan 2012 16:14:48 +0000
We do allow remote access. To access the EHR, one must first use the campus VPN system. Secondly, they must use the Citrix system to gain access to the application or a remote desktop. Even then, only select personnel are enabled for remote access to the EHR according to their business need. I'd love to require a specific, controlled end point to use, such as a health-center issued laptop (for business use only) or perhaps even better, a thin client device or locked-down tablet or netbook. The reality is that once remote access is given, any client can connect - at least that is the current reality with our campus VPN technology. We encourage our staff to use health computers to connect and remind them that if their home system is compromised and used to connect, it could expose the University to a disaster. -- Kevin McCrone, Information Technology Technical Associate -- Illinois State University, Division of Student Affairs -- (309) 438-1111 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Nathan Zierfuss Sent: Monday, January 23, 2012 8:08 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Health centers and VPN access to patient records systems Does anyone allow campus health center staff remote acces via VPN to their patient records systems? If so, what requirements/guidelines to you use to insure the end point is secure beyond just using a secure connection? Nathan -- Nathan Zierfuss, CISSP, Information Security Officer - Technology Oversight Services, University of Alaska 910 Yukon Dr. Suite 105, PO Box 755320 Fairbanks, Alaska 99775-5320 - Phone: 907-450-8112 Fax: 907-450-8381
Current thread:
- Health centers and VPN access to patient records systems Nathan Zierfuss (Jan 23)
- Re: Health centers and VPN access to patient records systems McCrone, Kevin (Jan 24)
- Re: Health centers and VPN access to patient records systems Nathan Zierfuss (Jan 24)
- Re: Health centers and VPN access to patient records systems McCrone, Kevin (Jan 24)