Video Suggestion: Regulatory Compliance

Would like to see you discuss what regulatory compliance (Medical aka HIPAA and Financial Services aka Sarbanes-Oxley) is all about:

  • Signed BAA (Business Associate Agreements)
  • What is PII
  • Updates and Maintenance
  • Local and Online Backups (and how Encryption: at rest and in transit come into play)
  • Remote Access Requirements and Compliance
  • Password policies and screensaver requirements
  • Sending Medical Information from Providers to Patients and requirements
  • Audit Log requirements and processing/reviewing (would like to get better ways to do this)
  • User Training
  • Compromise Disclosure Requirements
    etc

…and while you’re at it bring some attention to Connectwise Control ( Screenconnect ) and because it lacks a User login Audit log…technically it’s illegal to install or use in any business that is HIPAA and/or Sarbanes-Oxley regulated:
https://control.product.connectwise.com/communities/1/topics/65-add-the-ability-to-audit-login-failuressuccesses-for-logging-in-to-the-web-interface#

Discussing law is not my field of expertise, but Connectwise Control ( Screenconnect ) supports full logging of users so you have been misinformed on that particular part.

I’m not talking about legal discussions, just what you have to do/know as an MSP if you have any medical office/financial company as clients. If you have those clients, you already need to know about all those topics.

Those are the logs of successfully logged in users actions.

The log I’m referring to is an auditable log that has full successful and unsuccessful login attempts for any/all user ID’s. It doesn’t contain all User login attempts (successful or not) which is what a full audit log will contain.

At least there is greylisting on login attempts in screenconnect so people can’t hammer away at password guessing but for legal compliance there should be a full audit log of login attempts and their success/failure.