Remote Access
Secure, Remote Access To Patient Data Doesn’t Have To Break The Bank
Hospitals continue to expand their operations outside their traditional walls. And when those operations extend to remote clinics, physicians' offices, or to staff such as transcriptionists, those sometimes far-flung users require the ability to access HIS system patient information in a secure, convenient, and cost-effective manner.
Historically, the simplest method was to simply place some modems on the network and let the users dial in. Reports were faxed or printed and mailed. Larger clinics were serviced by dedicated lines and multiplexers. As user requirements changed, these connections may have migrated from serial to TCP/IP connections to give broader access to network offerings.
But two issues are causing hospitals to again examine the correct way to provide access to users from the outside.
The first issue facing hospitals, as mentioned above, is that the number of outside users (and the subsequent cost) is increasing dramatically. The second issue that has to be addressed is the increasing concern over (and legislative review of) security and patient confidentiality. Users are recognizing that direct dial-up and faxing methodologies are facing increased scrutiny regarding their ability to protect patient data. But users are also recognizing the possibilities offered by a newly emerging and ubiquitous medium, the Internet.
Certainly, the Internet has been around for quite a while, but over the past five years, it has become increasingly embraced by all facets of the healthcare community. Where it was once rare to have an Internet connection at a home or office, it is now assumed to be a given. Where making network connections and transmission rates were once cumbersome and slow, respectively; now Internet access is increasingly available at stupendous speeds. And where users were once satisfied with dial-up, they now demand connections at DSL and Cable speeds.
In order to accommodate these requests, hospitals are looking at security structures that allow them to utilize the Internet. What they have found is a mixed bag of options. The primary options are: Virtual Private Networks (VPN), Thin-Client (Windows Terminal Server/Citrix), or Interbit Data’s NetSolutions. All offer varying degrees of capabilities, cost, and complexity. Ultimately, no single solution may fulfill all user requirements; still, it is important to recognize the strengths and weaknesses of each of these approaches.
VPNs: There’s No Substitute For Horsepower
Virtual Private Networks have been around for several years. There are various flavors, from proprietary to so called standards-based; some are hardware based, some are software based. Typically, hardware-based VPNs -- easily installed, though costly -- are deployed at remote sites rather than for specific remote users. Software-based VPNs, in contrast, may be deployed more broadly, though they raise more support challenges. All VPNs function similarly to create a secure and encrypted connection from the client side to the host side. Once created, the connection can be defined to allow access to any and all network-available services, as if the user were on the local network. There are, however, several caveats.
First, as they say with automobiles, there is no substitute for horsepower. VPNs do nothing to throttle the bandwidth demands of applications; in fact, they add overhead. This means that, depending upon the applications, VPNs may be most useful where users have broadband (fast) connections. In the MEDITECH world, this severely limits the usefulness of VPNs in Client-Server environments, even with a three-tier architecture.
Secondly, software-based VPNs require systems-level device drivers and software, which, at worst, may be incompatible with a user’s PC; at best, they may modify the user’s configuration, changing settings for other software and utilities on the PC. Typically, this leads to users relying on a hospital’s technical staff for installation and ongoing support.
Lastly, in addition to the technical support issues on the user side, managing a largescale VPN infrastructure on the host side can also be a daunting task. While VPNs offer the highest degree of flexibility in offering services to remote users, the flexibility may not be required by a majority of the users.
NetAccess and Thin-Clients: Advantage in Price/Performance?
The Thin-Client solution, now formally supported by MEDITECH, may offer the greatest combination of performance and flexibility for remote access. A wide variety of software clients exist and overall bandwidth utilization is minimized – offering adequate performance at dial-up speeds and excellent performance at broadband speeds.
Deploying a Thin-Client environment, however, does require additional security in the form of encryption. This is accomplished via a Citrix-type product, a VPN, or NetAccess. The downside is somewhat similar to VPN. It can be technically difficult to support. Using the standard Citrix-type encryption requires opening up well-known services on your firewall. Using a VPN means experiencing the same difficulties described above. Lastly, the VPN solution may again be overkill for many of your users.
NetAccess from Interbit Data, on the other hand, is designed to provide a high level of security with a minimal support requirement on the part of the hospital. It can be used in conjunction with Web-based front-ends (the MEDITECH Internet Gateway, UCR’s NetResults, etc), Thin-Client, and/or MEDITECH workstation. NetAccess is self-installing and now utilizes standard (128-bit) SSL technology to encrypt data between the client and the host system(s). User access can be restricted to particular PCs, preventing unauthorized sharing of software. Unlike VPNs, there are no system-level drivers, little overhead, and little or no impact on users’ PCs. NetAccess can satisfy the requirement of 80% of your users with almost no technical support required from your staff.
Fax Facts
All of the above methodologies offer the user the ability to print information on demand. This is the ideal situation – why send users information that they may not want or need? As you already know, you have users who state this as their preference: “Just send me the report”. So, what do you do? Typically, you fax. But when you fax, you only know (at best) that the report has gone to a phone number. You believe the phone number is the right person, but sometimes it isn’t. You have to rely on the remote user to have paper in the machine and to properly protect the data that comes out. Interbit Data’s NetPrint Plus product helps to reduce these concerns and better documents the process of report distribution, giving you the ability to print (remotely), distribute PDF files, e-mail results or fax.