BMN Blog

MAR 30
Managing Vendors' Remote Access - Who's That Knocking on the Door?

Most medical practices have permitted key business partners to access critical IT systems remotely. This is usually done to provide fast and efficient support of these systems. It could be an EMR vendor that needs to access a database, or perhaps a third-party IT service provider that will access systems for updates. Regardless of the requirement, every form of remote access that is provided to an outside party is a potential risk.  

As part of ongoing risk management, practices should evaluate the remote access that has been given over time to make sure any vulnerabilities are minimized. Questions that should be asked of vendors in order to determine the level of risk include:

  • Are employees of the vendor required to have complex passwords for access to the remote tool? And are passwords required to be changed on a frequent basis?
  • Is multi-factor authentication required for log-ins to the remote tool by vendor staff?
  • Does the remote tool have auditing and logging capabilities to review any activity that takes place using the service?
  • Does somebody at the practice have the ability to allow or deny remote access or is access given without any specific consent?
  • Is the remote connection encrypted end-to-end?

Practices should also review their offboarding policies to ensure that any remote tools that may have been used by vendors (or staff) are removed when a relationship is terminated. Remote access should only be facilitated via secure technologies that are designed to be used within a highly-secure business environment.

Evaluating remote access as part of an ongoing vendor management program can help minimize the risk of unauthorized access. If you're currently planning your next IT Risk Assessment, I would strongly consider including as part of your evaluation an analysis of the current remote access tools to determine if changes should be made.

Nic Cofield is an IT specialist with Jackson Thornton Technologies.

Bookmark and Share
Powered by Bondware
News Publishing Software

The browser you are using is outdated!

You may not be getting all you can out of your browsing experience
and may be open to security risks!

Consider upgrading to the latest version of your browser or choose on below: