Educause Security Discussion mailing list archives
Re: Health centers and VPN access to patient records systems
From: Nathan Zierfuss <nathan.zierfuss () ALASKA EDU>
Date: Tue, 24 Jan 2012 09:08:29 -0900
Thanks for the response. We do have a Citrix system as well and that wasn't a posible solution I had considered. It would keep the end point a managed system we know the security posture of but allow viewing/editing. I'd like to require use a university managed device as the ultimate end point as well. Thanks, Nathan On Tue, Jan 24, 2012 at 7:14 AM, McCrone, Kevin <kmccrone () ilstu edu> wrote:
We do allow remote access. To access the EHR, one must first use the campus VPN system. Secondly, they must use the Citrix system to gain access to the application or a remote desktop. Even then, only select personnel are enabled for remote access to the EHR according to their business need.**** ** ** I’d love to require a specific, controlled end point to use, such as a health-center issued laptop (for business use only) or perhaps even better, a thin client device or locked-down tablet or netbook. The reality is that once remote access is given, any client can connect – at least that is the current reality with our campus VPN technology.**** ** ** We encourage our staff to use health computers to connect and remind them that if their home system is compromised and used to connect, it could expose the University to a disaster.**** ** ** -- Kevin McCrone, Information Technology Technical Associate**** -- Illinois State University, Division of Student Affairs**** -- (309) 438-1111**** ** ** *From:* The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Nathan Zierfuss *Sent:* Monday, January 23, 2012 8:08 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Health centers and VPN access to patient records systems**** ** ** Does anyone allow campus health center staff remote acces via VPN to their patient records systems? If so, what requirements/guidelines to you use to insure the end point is secure beyond just using a secure connection? **** ** ** Nathan**** ** ** -- Nathan Zierfuss, CISSP, Information Security Officer - Technology Oversight Services, University of Alaska 910 Yukon Dr. Suite 105, PO Box 755320 Fairbanks, Alaska 99775-5320 - Phone: 907-450-8112 Fax: 907-450-8381****
-- Nathan Zierfuss, CISSP, Information Security Officer - Technology Oversight Services, University of Alaska 910 Yukon Dr. Suite 105, PO Box 755320 Fairbanks, Alaska 99775-5320 - Phone: 907-450-8112 Fax: 907-450-8381
Current thread:
- Health centers and VPN access to patient records systems Nathan Zierfuss (Jan 23)
- Re: Health centers and VPN access to patient records systems McCrone, Kevin (Jan 24)
- Re: Health centers and VPN access to patient records systems Nathan Zierfuss (Jan 24)
- Re: Health centers and VPN access to patient records systems McCrone, Kevin (Jan 24)