Virtual desktop infrastructure (VDI) can help alleviate some of the challenges facing remote clinics. First, though, you have to understand the scope and cause of the problems.
Health care IT professionals are under siege from a series of fast-paced government regulation changes and ever-increasing cyber threats. Large health networks are having trouble keeping up, especially as their networks become far-flung. Keeping data secure in a large hospital setting is hard enough, but smaller, remote clinics provide a bigger challenge, especially with electronic health records (EHRs), the new set of codes known as ICD-10, and changes to the Health Insurance Portability and Accountability Act (HIPAA) also on the way. How do you serve remote clinics with the same standards of technology and security?
An easy target
For the first time in over a decade, there were more data breaches in the health care sector than the business sector. There were 267 breaches last year (and each breach has to affect at least 500 patients to be reported) and that number accounted for 43 percent of all breaches. Why is health care such a target?
Obviously, the first reason is the monetary value of health records. Another reason is that when it comes to remote clinics, most doctors — especially those in small practices — simply don’t think of security as a major part of their jobs. As Michael Bruemmer, vice president of Experian’s Breach Resolution Center, told Information Week, “Part of the problem is that many participants in the health care industry, such as individual doctor’s offices, don’t think of themselves as being in the data management business, so they are inadequately prepared to protect data against the threats that exist today.”
In fact, the No. 1 cause of data breaches by far in the health care industry is loss and theft of laptops and portable storage devices. Accounting for 41 percent of breaches, these two causes are uniquely a problem for remote clinics where data is often divorced from major networks and must be transported via portable data or kept on devices that leave the safe hands of the main hospital.
In addition to the security concerns, remote clinics offer a logistical nightmare. Because of the lack of in-house IT personnel, remote offices are more difficult to migrate to updated software. This poses security and interoperability risks. It also adds management expenses. Sending IT professionals to the field when remote clinics could be miles away or even out of state is a major hassle and expense.
This is exacerbated by the fast pace of change in health care IT know where EHR and ICD-10 require constant upgrades and changes to comply with Meaningful Use standards and other government regulations.
Turning to the cloud
With that in mind, many healthcare networks are turning toward cloud and software as a service (SaaS) options for EHR and other major deployments. Cloud options offer cheaper upfront costs and a standard experience across the network. They make upgrades simple as they are achieved by the host.
But there’s a problem with cloud solutions — the HIPAA Omnibus Rule. The Omnibus Rule says that health care providers share responsibility with cloud providers in case of a breach. This creates a unique problem. When a breach is entirely the fault of the cloud vendor, it is still the health care provider’s fault. Of course, this is true of all sorts of vendors, so it isn’t unique to the cloud. But it means that health care organizations need to be careful when choosing a cloud solution.
Another way to solve both the security and the constant upgrade problem is with VDI. VDI offers improved security by removing much of the data and access from the physical machine. A lost laptop that accesses secure data via VDI is less vulnerable. Access from terminals can be more easily managed, and data can be wiped from a machine without endangering the data on the servers.
VDI improves end point security, so that someone gaining access to a terminal is less likely to be able to gain access through the network to other sensitive data. VDI is especially secure if you try to pool virtual machines so someone who compromises a terminal isn’t likely to be able to do it repeatedly. VDI also solves many of the management hurdles. Single instances of constantly updated desktops can be sent to any terminal in a remote office so that the experience is constantly the same as in the main center. Updates to operating systems, key systems like EHR, and security can all be updated across the entire network at once.
Obviously, no system is completely secure. VDI won’t solve every problem. Data will still be lost, but the goal of any system is to limit the damage. VDI can effectively do that as part of a comprehensive multi-layered security system that takes into account that medical professionals don’t care to be trained in data security as much as they should. And VDI can also solve many of the other problems of managing multiple remote offices while saving money. It might just solve several of your pain points at once.