How virtual desktop implementation addresses health care regulations

Deploying EHR systems and locking down patient data are two pillars of HIPAA compliance and meaningful use. Virtual desktop implementations can help health care providers get both.

This Content Component encountered an error

Streamlining network administration, increasing mobility for employees and aiding disaster recovery are typical justifications for a virtual desktop implementation, but health care providers have a couple more to consider: meaningful use and Health Insurance Portability and Accountability Act (HIPAA) compliance.

In some cases, a virtual desktop implementation also can enhance systems' interoperability. Meaningful use technically doesn't require it, but interoperability has been called a central goal of the Office of the National Coordinator for Health Information Technology, or ONC.

Implementing electronic health record (EHR) systems, however, is a criterion of meaningful use. Desktop virtualization can enable EHR implementations and help sustain their success by giving administrators the ability to perform maintenance remotely.

Virtual desktop implementation enables EHR rollout, interoperability

"Management's a heck of a lot easier," said Michael LaForge, network administrator at Columbia Memorial Hospital. LaForge is using VMware Inc.'s VMware View virtual desktop infrastructure software to support systems from Medical Information Technology Inc., or Meditech; Spacelabs Healthcare; and Allscripts Healthcare Solutions Inc. within Columbia's main hospital in Hudson, N.Y. The software also supports a new eClinicalWorks LLC EHR system for 200 clinicians in 25 locations across three counties.

Inside the hospital, LaForge boiled 200 virtual desktops down to three masters. This makes updates to the operating system or clinical applications much quicker than when they were loaded on traditional desktop machines.

The organization's virtual desktop implementation started as a way to promote interoperability by giving emergency department and critical-care unit staff access to all their clinical applications, including EHR and picture archiving and communication systems (PACS), on single machines, LaForge said.

When a trauma case comes in, staff need access to the PACS system immediately.

Mark Carlile, manager of desktop support, Alameda County Medical Center

Previously, critical-care unit physicians could access X-rays only in a special viewing room. Virtualizing the PACS terminal along with the EHR system on a single desktop eliminated that inconvenience. Now a critical care nurse can see a patient's emergency department charts before the patient even arrives in the critical care department, LaForge said.

Busting PACS out of a previous setup that limited viewing to a small number of terminals also was the main reason Alameda County Medical Center in California decided to virtualize desktops with Citrix Systems Inc.'s XenDesktop, said Mark Carlile, the facility's manager of desktop support.

Carlile described Alameda County Medical Center as a small hospital: For example, there isn't a radiologist on staff 24 hours a day. He added, however, "We have a Level 2 trauma center here. We get a lot of business. When a trauma case comes in, [staff] need access to the PACS system immediately."

The medical center is in the midst of a three-year transition to a Siemens AG EHR system, which it plans to roll out to facilities on six campuses: the hospital, three clinics, a long-term rehabilitation center and a psychiatric facility. Carlile expects to run the EHR software in a virtualized environment. This will reduce the amount of data sent over the wide area network, he said.

Achieving HIPAA compliance thanks to desktop virtualization

With their authentication technology, virtual desktop implementations help control the flow of patient data and verify who is using which applications at which time. The technology also gives IT administrators peace of mind if computers are lost or stolen: No data is stored locally, and users must log in to access remotely stored patient data, so a data breach can be stopped cold.

Compliance with HIPAA privacy requirements was not a main driver when Columbia Hospital started its first virtualization tests six years ago, LaForge said. But now that strengthened HIPAA rules carry heavier penalties, his virtual desktop implementation fit right in with the facility's privacy compliance efforts, he said.

"We were going down this road of our network upgrade for a very long time," LaForge said. "We were looking at it primarily from the aspects of ease of administration, ease of rollout and just replacing the old equipment. We knew where we wanted to go with it, and the fact that the security architecture and just the underlying architecture of it address so many things like HIPAA -- that was a bonus for us."

Let us know what you think about the story; email Don Fluckinger, Features Writer.

Dig deeper on Electronic health record (EHR) implementation

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

-ADS BY GOOGLE

SearchCompliance

SearchCIO

SearchCloudComputing

SearchMobileComputing

SearchSecurity

SearchStorage

Close