HIPAA Section C – Access Control § 164.312(a)(1)
Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to persons or software programs that have been granted access rights.
Access and Management: Pro, Central
- Access to host computers is protected by separate, unique passwords for the website () and each host computer.
- Access to host computers is protected by Windows or Mac authentication.
- Users can protect their account by turning on two-step verification.
- Users can authenticate to the host using one-time security codes.
Tip: Log in to your account and go to .
- Authenticate to the host using RSA SecurID two-factor authentication. Visit our help site for RSA implementation details. Windows hosts only.
- Set a lockout threshold for failed login attempts, known as Authentication Attack Blocker.
Tip: Open the LogMeIn Control Panel and follow this path: .
- All of the above also apply.
- Data is encrypted upon upload. In emergencies, authorized GoTo personnel may, with your permission, need to access the encryption keys for your files.
Support and Collaboration: Rescue
- Control access permissions at the Technician Group level. Examples: Restrict groups of technicians from using remote control, Connect on LAN, or Unattended Access. Restrict groups of technicians from using file transfer, thereby eliminating their ability to take files from remote computers.
Tip: Open the Administration Center, select a group, and follow this path: .
- The customer (end-user) must be present at the remote machine, and permit remote access.
- The customer maintains control and can terminate the session at any time.
- Force the customer to always grant or deny a technician’s request to use specific functions (remote control, desktop view, file transfer, system information, and reboot and reconnect).
Tip: Open the Administration Center, select a group, and disable the following option: .
- Access rights are automatically revoked when a session is terminated.
- Access rights are revoked after a specified period of inactivity.