@JaredBusch said in Remote Access & HIPPA:
@Dashrender said in Remote Access & HIPPA:
@rjt said in Remote Access & HIPPA:
I would second what @JaredBusch said about the HIPAA site and automatic control of the desktop. I would hope if you need control after hours, you could simply reboot the machine and then no consent is necessary.
You either have consent on or off, you don't flip flop without having what seems like a clear workaround to what is supposed to be a security benefit.
I have not, yet, looked back at the MC consent setup once it was implemented. Assuming it was done correctly, consent is permission based, so you could have an account that does not require consent. But you would need auditing on any use of the account.
I was pretty much assuming the use of two accounts - or (more crazily) log in with admin - change the permission, etc... but again, that would be crazy.
But the ability to do that more or less defeats the purpose... because you can choose to be a bad guy and just change that setting as you want and see what you want.... yeah logs are supposed to show what you're doing - but still.
But you have clients who have you in that spot, do you have a during hours and after hours account you use to support them?