Essential Guide

HIPAA compliance, patient data security top provider concerns

A comprehensive collection of articles, videos and more, hand-picked by our editors

Case study: Print in a VDI environment with HIPAA compliance in mind

The paperless physician is a pipe dream; get over it. How to print from virtualized desktops and maintain HIPAA compliance? There's an app for that.

The ultimate health IT dream is similar to what other sectors like manufacturing and government covet as they implement next-generation IT infrastructures running bigger, better data systems: the paperless office. Sadly, the reality is one can never completely get away from dead trees.

That poses a technical problem for the 21st-century healthcare worker using a mobile device, wirelessly connected to the network, working in a virtual desktop infrastructure (VDI) environment. VDI is experiencing massive growth in healthcare, as recent data shows. But maintaining the decidedly 20th-century support of printers can be a challenge for IT departments who serve that physician or nurse who must print care plans and summaries for patients to take home after their visits. Or the billing clerk who prints statements, receipts and appointment reminders. Especially in an era where HIPAA compliance adds an auditing component to further complicate matters.

One California hospital, El Centro Regional Medical Center (ECRMC), figured it all out by turning to UniPrint Infinity from ACCEO Solutions Inc. to support its Siemens Corp. Soarian Clinicals EHR. The 165-bed acute-care medical center, which implemented its EHR a year and a half ago, also supports 100 physician offices, complicating IT staff's plan to let practitioners print from their iPads, desktop computers and laptops.

The biggest monkey wrench was the requirement for remote printing. There was no way to facilitate that with how the EHR was built.
Henry Felixtechnical services manager, ECRMC

"The easiest way to provision that [EHR] system to users was with virtualized desktops," said Henry Felix, ECRMC technical services manager. But some practitioners needed to print things such as lab test results, which now comprise about 95% of the documents they need to print, mostly coming from remote physician offices.

"As we got closer to the go-live date, it was brought up very late in the game that remote physicians were going to be given access," said Felix, who characterized them as mostly primary care physicians with a few specialists mixed in. "The biggest monkey wrench that got thrown into that was the requirement for remote printing. There was no way to facilitate that with how the EHR was built because we had built it to address internal resources accessing the environment. We had the capacity for external access, but printing was not there."

ECRMC's network includes 300 virtual desktops running on VMware VDI, 900 physical desktops, 100 thin clients, 150 physical servers and 150 virtual servers (both Windows and Linux) interfacing to many printer models. UniPrint, a PDF printer driver designed for virtualized desktops, supports VMware environments as well as Citrix and Microsoft VDI.

Implementing UniPrint solved the printing access issues, allowing for remote printing in physicians' offices. The HIPAA compliance piece, however, is controlled within the EHR, Felix said. His team limited what practitioners can print from the EHR, and whenever they print a lab result or other protected piece of clinical data, Soarian adds it to the system's audit log as mandated by HIPAA.

Safety features such as multiple levels of permissions are built into the network and are verified before printing can take place, Felix said. For example, the standard office worker's "work-from-home remedy" of emailing a document to their personal address from within their virtualized desktop in order to print it on their home networks won't work from inside the EHR. However, fewer restrictions are attached to printing from other applications that do not contain HIPAA-protected data in ECRMC's VDI environment.

Furthermore, the system has features that can limit where a document is printed. While ECRMC isn't using that feature now, Felix said they're currently evaluating the idea. Instead they are limiting printing to password-protected machines that can validate who takes delivery of the printed documents, thus creating another HIPAA compliance layer.

Felix said hospitals like ECRMC that are facing this IT challenge likely will have a few remote printing options from which to choose. In his facility's case, his team evaluated three options, including VMware's native printing support. They chose UniPrint because it had the features ECRMC needed and also seemed more straightforward to implement and maintain.

On that note, he advised his peers at other hospitals, no matter which remote printing software they end up purchasing, to evaluate each product by first considering how much it will complicate their lives and cost the department.

"[Think about] just how complicated of a solution it is to support, in particular for the remote users," Felix said. "Ultimately that's going to be the common denominator. You don't want to have a massive increase in overhead for support. In this case, there really isn't any for us."

Let us know what you think about the story; email Don Fluckinger, news director, or contact @DonFluckinger on Twitter.

This was first published in November 2013

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Essential Guide

HIPAA compliance, patient data security top provider concerns

-ADS BY GOOGLE

This Content Component encountered an error
Close