Remote Desktop Protocol is not HIPAA compliant

However, Remote Desktop Protocol (RDP) will be HIPAA compliant if you use RDP across a Virtual Private Network (VPN) or across a Secure Sockets Layer Virtual Private Network (SSL-VPN).

HIPAA and PCI Compliance state

  • ​​any access from the Internet or a remote location must be encrypted
  • passwords must be stored in a central manageable location like a managed firewall or windows server
  • remote access must be tracked and attempts to connect need to be logged
  • username and password logins are sent as encrypted data
  • unlimited attempts to guess or crack a password are stopped by a VPN device