Kaweah Delta makes security and compliance easy with Citrix and Imprivata OneSign
- Siemens Soarian Clinicals
- Siemens Invision Financials
- Citrix XenApp published desktops
- AppSense DesktopNow
- Streamlining access for roaming care providers
- Simplifying HIPAA and privacy compliance
- Encouraging adoption of CPOE, bedside charting initiatives
- Times savings of 30-45 minutes per day per clinician
- Enhanced security and HIPAA compliance
- Reduced Citrix resource utilization
Kaweah Delta Health Care District in California’s San Joaquin Valley combines an extensive rural clinic system with a state-of-the-art medical center to offer advanced technologies such as robotic surgery. More than 6000 people access its applications, including affiliated physicians and their staff, contractors, student nurses, etc.
The IT team has the challenge of making sure that everyone has easy access to the growing number of healthcare-related applications while protecting the privacy and security of data. Says Nick Volosin, Director/Technology Officer at Kaweah Delta, “Our security and compliance strategy is to make it easy for people to do the right thing, and difficult to do the wrong thing. Using Imprivata OneSign with Citrix helps us do just that.”
Securing the virtualized desktop environment
Desktop virtualization has long been part of Kaweah’s IT strategy. The hospital started using Citrix virtualization solutions in 1995 to give physicians remote access to applications. Physicians soon noticed that their virtual desktops (served from the data center servers) were faster than the local desktops in the hospital campuses. Today, Kaweah uses Citrix extensively to deliver virtual desktops and applications to both remote clinics and workstations on the hospital floor.
Initially, Kaweah linked each virtual desktop to a physical system. Each client system, whether in a patient room or nursing station, ran a single virtual desktop. This approach simplified application and client support and offered people a consistent interface across different clients.
However, as the number of devices grew, so did the overhead involved in supporting the virtual desktops. A single typical unit of 36 beds could have 70 devices supporting it, including devices in patient rooms, workstations outside rooms, nursing stations, medication rooms, etc.) This meant spinning up 70 virtual desktops to support 36 patients and far fewer staff.
More importantly, it took time for people to find and log into their own applications from the virtual desktop. Each virtual desktop had all of the applications that might be used at that location. Because clinicians change locations frequently, they would sometimes leave themselves logged into multiple devices – minimizing the running application to ‘hide’ it from view instead of properly closing it out. This was a serious issue for the compliance department; the difficulty of logging in and out of applications put compliance at risk. Kaweah needed to make it easier for people to do the ‘right’ thing, which in this case meant logging out of applications when they changed locations.
The Imprivata OneSign solution
After evaluating a variety of password managers and scripting solutions, Kaweah chose Imprivata because of its tight integration with Citrix. Imprivata Virtual Desktop Access (VDA) enables fast, secure No Click Access® to Citrix XenDesktop and Citrix XenApp. Imprivata manages the login to the virtual desktop as well as all of the component applications within the desktop.
With Imprivata and Citrix, everyone has a personalized “My Kaweah” (MyKD) desktop that follows them as they move between locations. After authenticating once per shift with a password, clinicians can connect to their virtual desktop by simply tapping a badge to a reader. They can similarly tap the badge to log off again, or Imprivata can lock down the virtual desktop automatically after a preset period of inactivity.
The Imprivata/Citrix joint solution works with all of the client devices that clinicians use, although only the devices on the clinic and hospital floors have the badge readers. For example, many physicians like to use tablets on their rounds. Using Imprivata OneSign, physicians are able to retrieve their MyKD desktop on the tablet without being required to enter user names and passwords for each application.
The solution saves everyone time. Nurses average 100 tap-ins or tap-outs per shift, eliminating many manual logins and logouts. Physicians can find the applications they need quickly on their personalized desktops, without paging through other applications. Volosin estimated that clinicians save between 30-45 minutes per day with Imprivata OneSign integrated with virtual desktops.
Enhancing security and compliance
This personalized virtual environment helps Kaweah meet its objective of making compliance the ‘easy choice’ rather than an extra effort. With the tap-in/tap-out capability, care providers are no longer tempted to stay logged on when they leave a location.
With the previous ‘device-centric’ configuration, every device had all of the applications that different people might need running on it. Now, users only see the applications they are authorized to use on their desktops, reducing the possibility of inappropriate access to a colleague’s logged in application.
If a workstation is left unattended, Imprivata will automatically lock down the desktop after a configurable period of time. The length of time varies according to where the workstation is (in a patient room, at a nursing station, in a private office, etc.) to ensure this “walk-away security” feature does not interrupt clinical workflows.
Imprivata OneSign also logs and audits all application access. Says Volosin, “The compliance department is very happy.”
The cost benefits of “user-centric” desktop virtualization
By shifting its desktop virtualization to focus on the individual rather than the device, the hospital has realized a dramatic reduction in server utilization and Citrix license consumption. A typical unit of 36 beds might have 70 devices, but far fewer concurrent users. Even during shift changes, there are a maximum of 25 concurrent users on that 36-bed unit – dropping to around 15 in mid-shift. This frees up 45-55 virtual desktops and their associated licenses and server resources.
“Our virtual desktop initiative is much more affordable on the back end using Imprivata than it was with our old model of shared kiosks,” says Volosin. “With these efficiencies, we can repurpose our licenses and infrastructure to extend Citrix desktop virtualization to other business areas.”
User-centric desktop virtualization also reduces desktop support costs. Supporting users is simpler, because the help desk can simply shadow the user’s desktop and see any problems, regardless of the client devices. And as older PCs age out, the IT team can replace them with thin clients or zero clients, further lowering client support costs.
Supporting current and future IT initiatives
Because of the need for application access from any location, the Imprivata/Citrix solution helps Kaweah eliminate barriers for other technology initiatives, including computerized physician order entry (CPOE), bedside charting and medication administration check (MAK).
Signing in and out of the computer in the patient room was an obstacle to bedside charting for some nurses. Today, that obstacle is gone, as connecting in the patient room requires only a tap of a badge. Volosin says, “Using Imprivata eliminates some of the resistance to new technologies. We’re asking nurses and physicians to do more real-time computer entry with CPOE and other technologies, which can be done quickly and securely thanks to Imprivata. It truly is an enabling technology for these and other IT initiatives, and we consider Imprivata to be an important partner in our long-term strategy.”