For those of you that may have missed the news, earlier this year Concentra agreed to pay $1,775,200 to settle potential HIPAA compliance violations associated with the loss of protected health information (PHI) on a single stolen laptop. They then had to adopt a corrective action plan that included encryption of all “laptops, desktop computers, medical equipment, tablets, and other devices containing electronic protected health information.”
The fact that they now have to encrypt every piece of technology that harbors ePHI prompts a whole new set of questions for their IT and compliance leaders (and, let’s face it, all IT and compliance leaders) to figure out:
- What happens when an employee forgets the password to an encrypted device?
- What happens when a former employee refuses to provide the latest password to an encrypted device?
- What do you do about employees who write their passwords on a sticky note in their drawer, on the bottom of the laptop, etc.?
- What about all that data that is innocently backed up to Dropbox, iCloud, Box, etc.?
- How do we track compliance?
Let me state right now: a technology and process solution exists to answer all the questions posed above – and help not just Concentra but every healthcare organization meet and maintain compliance regulations. You can encrypt hard drives, establish a process to track passwords, make sure a secure administrator has rights to every laptop and so forth. But the question remains: how much cost will we incur to manage all of this?
Might there be a better way?
Introducing Virtualized Desktop Infrastructure
I suggest that there is. And that my solution has been around for over 40 years. And that it’s simple:
Keep the data in a secure facility. Like a data center.
Great, Bill. Problem solved. Just one question: what about all the other stuff we have to secure?
I’m glad you asked. The solution I propose actually goes one step further:
Keep the operating system, the applications and the data in a secure facility. Like a data center.
How do we do this? Simple. Use virtualization technology that has been around for 20+ years and access your desktop environment remotely, from whatever device you’d like, without the data itself ever leaving your secure data center.
This is the heart of virtualized desktop infrastructure (or VDI) and the core of HOSTING Cloud Desktop™. By securing the desktop environment in our data center while allowing access to this environment from practically any device with a screen, you can meet your compliance and data security obligations at considerably lower cost than trying to secure hundreds or thousands of distributed end points. Plus you can let your employees use whatever device they would like to work on. And you can push out application upgrades overnight. And you can resolve issues in minutes without ever having to visit the end-users’ physical locations. And you’ll know if that former salesman tried to copy your customer list before heading out the door.
Are there downsides to this? Sure. You can’t access your desktop if you don’t have network access and you still need to secure access to the datacenter (which means passwords on sticky notes are still a potential threat). But doesn’t the idea of managing confidential data from a centralized facility or facilities make more sense than trying to manage confidential data on thousands of end-devices?
It sure does to me. And everyone who’s taken advantage of the technology over the last 40 years.
Want to hear more? Watch my recent webinar, Leveraging Cloud Desktops for Business Advantage to learn additional details about VDI and how to leverage it to meet compliance requirements. We’re also happy to discuss your specific needs at any time; just contact us.