Securing ePHI with Server-Based Computing
By: Chris Cline on Wednesday, February 22, 2012

In 2011, we saw a huge increase in the number of major breaches of Protected Health Information (PHI) due to the loss or theft of unencrypted devices. The largest of these breaches was experienced by Sutter Health of California which suffered the theft of a computer containing more than four million patient records. The data for about 3.3 million of these patients included their names, addresses, dates of birth, phone numbers and email addresses. The remaining 943,000 records also contained medical diagnoses and services provided.

With such a huge risk of data loss from just one end-user device, it may be a good time to reevaluate the client/server infrastructure in the offices of healthcare providers.

Server-based computing has been around seemingly forever. Anyone who has ever interacted with a "terminal" or "green screen" has used server-based computing. There was no data processing or storage on the end-user device; it was all handled by the server on the other end of the connection.

The advent of PC-based computing, especially in private physician practices, came about largely because end users needed more functionality than a terminal alone could provide, and also because it became increasingly difficult to purchase replacements for failed devices. Unfortunately, the adoption of PCs in medical practices has contributed heavily to the decline in the overall security of patient information.

Server-based computing can really be thought of as a "remote desktop." The desktop that you are interacting with is actually hosted on another system in a remote location. Depending on the type of system that is implemented, the desktop will provide the end user with either dedicated or shared computing resources such as memory, processor and storage.

The traditional server-based computing systems from Citrix and Microsoft are systems that share computing resources among the connected users. Because of limited server resources and the need for high availability, these systems provide end users with limited customization, and system maintenance can affect a large number of those users.

A growing technology, VDI or Virtual Desktop, is another type of server-based computing system that provides dedicated computing resources to the end user. This means that a user is provided with a remote desktop session into a dedicated operating system with dedicated processor, memory and storage. With the resources being dedicated, the user has the ability to make customizations that would not be possible on a shared resource system. Any issues with the system that require troubleshooting by the IT staff only affects that end user and no one else as this is an isolated system.

This solution helps fulfill some of the regulatory requirements for data security because:

  1. The centralized data processing and storage capability allows end users to use "thin" devices that are not capable of data storage. This removes the possibility that patient information can be accidentally or maliciously stored on an end user device.
  2. The server-based computing infrastructure is in a central location (main office, datacenter, etc.) so the physical access to these systems is limited.

Learn more about cloudSHIFTSM Desktop – virtual desktop services from mindSHIFT Technologies

For more information on ePHI, read my previous post: "Do you know where your ePHI is?"

Chris Cline is a Senior Sales Engineer at mindSHIFT Technologies, Inc., based in our Morrisville, NC office.



Charter Schools classroom network e-Rate PARCC Measures of Academic Progress E-rate Modernization Order K-12 schools USAC Universal Service Administrative Company National Education Technology Plan Every Student Succeeds Act Talkin' Cloud MSPmentor Managed IT Services VoIP Business Phone Systems CRM Customer Relationship Management security encryption BYOD mobile devices tablets cell phones IT security penetration testing pen testing vulnerability assessment vulnerability testing security audit Anti-virus malware ransomware Mobile device management MDM tablet security mobile phone security smartphone security Password security best practices Trade associations IT support computer management cybersecurity business continuity disaster recovery data backup virtual desktop cloud desktop Cloud computing backup apps applications business growth Enterprise Web Protection Enterprise Threat Protection cybercrime spyware advanced persistent threats malvertising watering holes threat intelligence Nonprofit organizations charities Financial services secure desktop Wi-Fi data security phishing managed service provider MSP Computer support computer consultant tech support Hybrid cloud public cloud private cloud APTs AWS Amazon Web Services Sitecore CMS content management systems personalization social engineering spear phishing cyber security cyber safety email security VDI desktop in the cloud Windows Server 2003 Hosted Exchange Office 365 IT outsourcing outsource IT IT services cloud services cloud hosting desktop managed services Law firm IT Legal IT LegalTech IT Services for Law Firms SharePoint SharePoint migration SharePoint 2013 SharePoint 2010 SharePoint 2007 professional services infopath managed services legal IT solutions Small Business IT SMB IT Windows Server 2003 EOL cloud servers WinShock Windows vulnerability disaster planning disaster preparedness hurricane season email backup server backup cloud backup email encryption data encryption data breach HIPAA Heartbleed OpenSSL website security Windows XP desktop as a service DaaS software application hosting ISV SaaS Bring your own device smartphone hacker smartphone malware IT consulting IT strategy IT Management Services desktop virtualization Education IT Solutions IT management IT staffing Intranet Office 15 migration Collaboration Business Intelligence Apple® iOS 7® operating system iPhone® 5s iPhone® 5c iPhone® 4g iPhone® 4s iPad® 2 iPad mini iPod® touch hosted cloud services data center IT support healthcare IT ePHI enterprise mobility management tablet pc security app security smart phone compliance hosted mobile device management SaaS MDM mobile content management MCM cloud mobile device management mobile application management Sitecore CMS Content Management System Telligent social marketing social media communities desktop backup laptop backup IBMi Power Systems iSeries AS/400 System I Power 7+ AIX Maxava iTera Mimix Vision Solutions Sitecore CMS 6.5 Hosted Desktop compliance Document Management Virtualization videos customer testiomonials Green IT cloudshift Protected Health Information regulatory compliance Desktop vitrualization EHR Electronic Health Records