PDF《VMware vCloud?》

increasing mobility is making it difficult for IT teams to provide secure and compliant access from a growing variety of endpoint devices. To overcome these obstacles, healthcare providers are adopting virtualization and vCloud for Healthcare to help their IT teams better manage complete system support while ensuring continuous compliance. Virtualization creates pools of virtual hardware resources and provides secure, compliant logical partitions. With logically partitioned critical-care systems on fewer, more powerful and intelligent servers and devices, IT administrators can remove complexity and enhance security, because they are introducing a centralized management layer between the hardware and care systems. Using virtualization as a means to deliver patient-care systems enables a consolidated view of risk, a key capability for effective compliance. In hospitals around the world, virtualization benefits are also extending to the point of care. Virtual desktop infrastructure (VDI) solutions, such as VMware? AlwaysOn Point of Care?, provide secure and mobile access to patient-care systems, enabling clinicians and caregivers to securely access patient data from nearly any device inside or outside their hospital. Remote clinics and employees, including ICD-9 and ICD-10 coders, also benefit by gaining reliable, consistent access to all applications available to them in a virtualized workspace. w h i t e p a p e r /

4 VMware vCloud for Healthcare and HIPAA/HITECH The primary concern for healthcare IT will always be providing continuous patient-care services. As specific services are delivered, however, IT teams must now ensure that they can account for every patient data detail as it is accessed and updated by various caregivers―or face brand-damaging, public penalties and fines. To meet these stringent PHI requirements, healthcare IT teams need a complete, integrated, industry-focused virtual and cloud infrastructure solution that supports always-available applications, changing requirements and compliance mandates across mobile workstations and the data center. Reviewing HIPAA and HITECH As most healthcare providers know, when HIPAA was enacted in 1996, it called for administrative, technical and physical controls for PHI (defined as any identification or information related to a person'

s health, treatment or payment for services). Later, because of computerized physician order entry (CPOE) systems, HIPAA was expanded to include electronic personal health information (ePHI)―the transmission of PHI created, received and maintained electronically. When the HIPAA rules were updated in

2009 by a section of the American Recovery and Reinvestment Act (ARRA) titled the HITECH Act, major changes included increasing financial penalties, broader definition of scope for compliance (e.g., Business Associate Agreement) and a breach disclosure requirement for any incident involving more than

500 patients. Since the rules were finalized and a specific body has been providing oversight, many expensive, high-profile fines have been assessed.1 With PHI at the heart of both HIPAA and HITECH, healthcare providers need to establish a clear scope as a foundation for audits, notifications and disclosures. Because PHI involves not only technology, but also the people and tasks involved in storing, processing or transmitting data, HITECH states that all health service entities that access, maintain, retain, modify, record, store, destroy, or otherwise hold, use or disclose PHI in either paper or electronic form (e.g., EMRs) must be regulated. At a high level, the following entities are included: healthcare providers, healthcare clearinghouses, health plans and business associates―all of which can benefit from vCloud for Healthcare to help establish HIPAA- and HITECH-compliant infrastructures. Introducing vCloud for Healthcare The value of virtualization to reduce capital and operating expenses is readily apparent, with more than half of x86 physical servers already virtualized. Yet vCloud for Healthcare goes beyond traditional cost savings to support the entire healthcare IT environment―from point-of-care applications to the most critical patient-care systems. Hospitals of all sizes can benefit from vCloud for Healthcare, the only fully featured and integrated solution to include everything healthcare IT needs for building and managing agile, reliable cloud infrastructure that helps transform the cost, quality and delivery of patient care (see Figure 1). vCloud for Healthcare includes technologies that address critical healthcare IT concerns: ? Clinical point of care C Save time and improve workflows with secure authentication (e.g., the touch of a finger or tap of a badge) to clinical workspaces and patient-care applications (required for meaningful use). ? Application management and catalog services C Streamline processes with efficient self-service access and management of approved end-user applications. ? Mobility collaboration C Improve connected care with access to patient-care applications, including EMRs and CPOE systems, from any device, anywhere. ? Care systems analytics C Reduce downtime of critical patient-care applications and remediate issues before they affect end users (required for meaningful use). ? Industry security compliance C Enable proactive regulatory compliance for the cloud and deliver dynamic clinical IT services in a trusted infrastructure.