Remote Desktop Protocol is not HIPAA compliant
However, Remote Desktop Protocol (RDP) will be HIPAA compliant if you use RDP across a Virtual Private Network (VPN) or across a Secure Sockets Layer Virtual Private Network (SSL-VPN).
HIPAA and PCI Compliance state
- any access from the Internet or a remote location must be encrypted
- passwords must be stored in a central manageable location like a managed firewall or windows server
- remote access must be tracked and attempts to connect need to be logged
- username and password logins are sent as encrypted data
- unlimited attempts to guess or crack a password are stopped by a VPN device
