Health Care Industry

Industry: Email Alert RSS Feed

Right on target: a rural hospital gives its physicians remote access to patient data with an SSL VPN

Health Management Technology, May, 2005 by Richard R. Rogoski

Storing information in centralized databases can ease the retrieval and transfer of specific pieces of patient or corporate data. But accessing that data from remote sites can still present clinicians and administrators with a host of technical and security challenges.

For Gnaden Huetten Memorial Hospital in rural Lehighton, Pa., providing secure, remote access through a virtual private network (VPN) enabled physicians, nurses and hospital executives to quickly access data from off-site offices, their homes or from any location where they had Internet access.

Most RecentHealth Care Articles

With a staff of approximately 130 physicians, Gnaden Huetten offers a full range of inpatient and outpatient services through its 111-bed hospital, including a long-term care facility, a home care agency and a wellness center. In addition, a number of hospital-affiliated physicians have offices off-site.

George Sanchez, the hospital's MIS director, says that until about a year and a half ago, when Gnaden Huetten launched the secure sockets layer virtual private network (SSL VPN) offered by Seattle, Wash.-based Aventail, there was only a local area network (LAN) serving those working within the hospital. Physicians in off-site offices who wanted access to the hospital's information systems had to first purchase a license for the emulation software and then "dial into a modern pool," he says.

For the most part, doctors' offices continued to rely on phone calls and faxes to obtain patient information from the hospital's medical records and billing departments.

But the growing demand for remote access and the security requirements mandated by HIPAA drove the decision to purchase the Aventail EX-1500 SSL VPN appliance that could be installed on the hospital's existing network, Sanchez says.

Keeping It Simple

Like most small hospitals, Gnaden Huetten must do the best it can with what it has. When it came to investing in newer networking technologies, the four-person IT department, working with an operating budget of less than $100,000, had to find a solution that would be cost effective while still providing the secure, remote access required not only by clinicians, but also by the IT staff who must keep the network up and running.

Sanchez says his team looked at various solutions before choosing Aventail. Initially, Gnaden Huetten signed on for a 25-concurrent license which can accommodate 100 to 150 total users. But he notes, "What we want to do is plan for future growth by getting a second Aventail box." Due to budget constraints, however, that will have to wait until next year. Still, the single Aventail EX-1500 SSL VPN appliance now in operation "is exactly what we needed," he says.

As an encryption protocol that protects IP-based (Internet protocol) data streams, SSL VPN is designed to provide secure application-based access by creating a "wrapper" around IP packets as they travel back and forth between a Web browser and a Web server. As a result, security is assured from any remote location and not just within a network, a factor that makes the S SL VPN different from the IP security protocol VPN. Additionally, an SSL VPN allows granular control of access, thereby providing restricted use by end-users based on authorization only.

Installed within Gnaden Huetten's internal network, the Aventail SSL VPN is integrated with the hospital's main software system, Siemens INVISION RCO, as well as being integrated directly with the hospital's user database in Microsoft Active Directory, Sanchez says. The system features 128-bit encryption and is user-ID and password protected. "It authenticates against our Microsoft server," he explains.

Clientless Access

Because the SSL VPN is a Web-based solution, Sanchez's IT team created a special physician portal on the hospital's main Web site. Once physicians click on the special link marked "Physician Access," they can "pull up the hospital's system and logon to it," says Sanchez. This means physicians working outside of the hospital no longer have to call the medical records or finance departments or dial into a modern pool each time they need patient information or billing data. All that information can now be accessed from their offices or homes via a high-speed broadband connection.

Because the Aventail SSL VPN is a clientless solution that does not require specific client software to reside on individual desktops, the operating, OnDemand software is automatically downloaded each time the application is launched. Not only does this facilitate end-user access, but the system also requires less technical support and fewer IT dollars, according to Sanchez. Before Aventail, if there was a problem with client software, a member of the IT staff would have to go to the doctor's office, determine what the problem was and fix it. "Now, all maintenance is done centrally," he says.

However, Gnaden Huetten did opt to deploy the Aventail Connect client to its corporate and management laptops, "which allows us to skip having to download the OnDemand software," while still maintaining maximum flexibility and access to all applications, Sanchez adds.


 

BNET TalkbackShare your ideas and expertise on this topic

Please add your comment:
  1. You are currently: a Guest |
  4.  

Basic HTML tags that work in comments are: bold (<b></b>), italic (<i></i>), underline (<u></u>), and hyperlink (<a href></a)

advertisement
Click Here

Brought to you by CBS MoneyWatch.com

advertisement
  • Click Here
  • Click Here
  • Click Here
advertisement
Click Here

Content provided in partnership with Thompson Gale