Home Forums Discussions General Discussion Does anyone ever remote access Amazing charts

I love logmein. Is that not really secure? I though it was. It asks me for a password everytime.

I think people have different ideas about what is secure - my hospital made it a royal pain to log onto their system with incomprehensible passwords x 2 and logging onto their remote serve who then used CITRIX to log onto the other server - what it succeded in doing was making it so I never logged on and would let my documents requiring signatures really stack up (which when I signed and 100 of them printed at medical records made them really crabby).

I think the 2 passwords required at Logmein is great - feel like fear of some HIPAA police make people paranoid. I also think there are too many "experts" on HIPAA - some don't really have a clue.

Bert, actually it was $7,850 but who's counting. Things cost more up north. The report was 85 pages and a CD. I lot was fluff but I did get some valuable info. A lot of the recommendations were policies that we do but haven't been spelled out on paper or in the employee handbook. We are a small FP clinic in Anchorage - 6 FTE providers. These guys knew their stuff.

Yes I think some of it is overboard, but, if something happens I think it helpful that we have had a security assessment and a "plan" to fix things. Just so long as we follow our new plan I think I'll put disk encryption on the list for when we do our next upgrade. I was buying new stuff at Dell and saw they included that on their new laptops.

Adam, I'll look at the report again Monday and see what it said about Logmein.

JNOlte,

Well, thanks for laying the groundwork for everyone else. I do think one of the consistent things for all "agencies" is having a written plan, whether it's immunizations or HIPAA or whatever. They love the written plan.

Regarding gotomypc not being secure enough,
"All data is protected with AES encryption using 128-bit keys. Dual passwords and end-to-end user authentication. Optional One-Time Passwords provide maximum security."

I've used the onetime password feature before, pretty neat. You print out a list of 100 tertiary passwords and keep in on your person. every time you login you use one of these passwords (which then immediately expires) in addition to the primary and secondary password. Therefore keystroke loggers are foiled if you are using some unsecure computer. Seems pretty secure to me!

I am not putting down/trashing anyone's security, but IMHO a reasonable goal is to protect against improper disclosure of patient data using "reasonable measures."

Can the CIA hack into my data? Probably. Could a determined thief assisted by a team of East European computer geeks crack my code? Yep, if any of these groups were interested enough.

But in all likelihood the data is safe from the more likely threats, such as a nosey employee, cleaning lady, or patient; or the casual computer snatcher. And I recently discovered that Indiana has the most stringent, most penal law regarding protection of electronic patient data out of all 50 states--yet I would meet their criteria.

Everything uses basic encryption (AES etc etc) and the computer is bolted down VERY firmly. I have good locks on my door and video surveillance.

Update - Okay I looked through the report again. The issue the security police had was with the VPN. They say Microsoft PPTP has issues associated with its use as a VPN solution and should be replaced with a more robust method of remote access. They reference www.sans.org/resources/malwarefaq/pptp-vpn.php and www. schneier.com/paper-pptpv2.html. Cisco, OpenVPN can be configureed to suport both certificate and pssword authentication.
We have a Cisco ASA router but we were using Microsoft PPTP so need to enable Cisco's VPN.
They also rec a proxy server to reduce risk and data loss by logging and analysis.

Nice router!

J, this is all good information, but my guess is < 5% of the people on this board (including me) will have a clue as to what you just said.

I use VPN access. Works well, except it requires a certain screen resolution which I don't have so the field is slightly smaller than AC. That issue does not interfere with what I need to do anyway.

For those of you using logmein , I have just learned that you can add a secondary password on your host computer that is only stored on that computer. When you log in remotely, the system asks for 3 random characters of your secondary password, and makes you choose them from a drop down list using the mouse(not pressing any keys). Therefore keystroke loggers at pubic internet cafes are foiled. Nice option and is free. It is buried in the advanced security section on preferences on the logmein program running in the tray.

Thanks Ken,

That is just way too cool. I just added that to mine. I can't believe even IT comes with the free version.

I just have two questions:

1) How does Logmein make money when their free version is so good. I know you can transfer files and stuff, but that isn't necessarily worth paying for the pro version.

2) How in the world does GoToMyPC stay in business with Logmein available?

I think the IT section is temporary. After time they will start charging for it. They upgraded their interface a couple months ago with that addition. I must admit it is nice (that's how I found my 6 G backup drive was full)

Logmein free doesn't print. There are workarounds but it is worth the money just to remote print. It automatically makes your remote printer the default printer when you log in. No muss no fuss. It is nice in transferring small files, you can drag and drop as well as manage through a detail like screen. Nice but not worth the money

I think GoToMyPC does a lot more advertising. Can't understand how they compete. Even their regular prices are higher last time I looked.

I choose to support it because it is so good and use the pro version. I do need to print locally (from the hospital, second office, home) for prescriptions and print notes, etc. It makes it oh so much more convenient. I also use logmein ignition which allows you to access your computer even faster without having to use a browser. I suggest you give it a try, but be warned it is addictive.

Bert,
I think that logmein makes money by bringing people in with the free and then getting them to convert to pro.

I agree, gotomypc does a lot of advertising and so they must stay in business that way.

As far as remote printing, I have my Brother All in One connected to the host computer so I can print to fax and fax to the hospital, although I agree remote printing feature is nice (used to have that when I was a gotomypc subscriber)

Agreed, except that even I (who almost ALWAYS pays for the pro version of everything or the pay version) cannot find enough features in the pro version that is worth it.

It seems that a lot of features should only be involved in the pro version or pay version, whatever it is called. For instance, you would think they would limit you to so many hours.

LOL. Wendell I was referring to Ken's great tip on the 2nd password. Looking back, I can see how it may be taken as IT as in Information Techonology. Either way, your comment is helpful and probably true.

Can you guys explain to me how remote printing is helpful for you. I have just never seen the need. Maybe if you gave me some examples. Thanks.

Sorry to resurrect an old post.

I print prescriptions, Op notes, H&P, Orders (which thankfully my hospital takes on my letterhead. It is nice to go to the hospital, see a patient, log on through logmein ignition, access AC, type my note, print it, type prescriptions, type a letter to the PCP, etc so the referring physician has it available right away. And while you are at it, I fax a note to their office so they get it before they even get to the office)
etc.
I could do without it, but it is "so nice" to have it. (picture Ferris Bueller saying it)

Not for everyone, I know.