2.3. HIPAA Best Practice Recommendation: How to Audit Trumpet's Remote Access

At Trumpet, we care deeply about the security of your data and being HIPAA compliant in all things. In that spirit, we want to relay a recommendation that will help keep you in tiptop shape with HIPAA policies and best practices. The recommendation is regarding your ability to audit security events, specifically as it relates to our access to your system.

Background: Our remote access tool, ScreenConnect (by ConnectWise), is used by our team to operate and support your automation solutions on your locally hosted bot machine(s). It tracks user activity by name and shows when our team members log in and log off. These activities log events in the Windows Event Viewer. In the unlikely event of a security incident, these logs can be used by your team to audit activity on the machines. 

Recommendation: HIPAA does not have a set length for retention, but it is best practice to keep records for 6 years. We recommend consulting with your Compliance and IT teams to create processes and mechanisms for archiving these Windows event logs in accordance with this best practice.

While we cannot offer formal advice on how to capture or store these logs, we have included a screenshot of what the event log looks like inside the Event Viewer interface for your reference.

Event Viewer: Windows Logs > Application 

Event ID: 101, Level: Information, Source: ScreenConnect

Please contact customersuccess@trumpetinc.com if you have any questions.