4-page Case Study - Posted 1/29/2008
Views: 297
Rate This Evidence:
Healthcare Provider Helps Ensure Critical Data Security with Server Solution
Holzer Clinic has been dedicated to providing the highest-quality healthcare services to residents of Ohio and West Virginia since 1949. Its 1,000 employees provide care for more than 500,000 patient visits each year. However, the staff was frustrated with the slow data authentication system, which caused several minutes’ delay in accessing critical patient data. Also, without onsite IT staff or dedicated server rooms in several of its locations, the company needed to shore up its physical servers and data security. Holzer Clinic decided to implement Windows Server® 2008 with Read-Only Domain Controller. Partnering with CDW to plan and implement its deployment, Holzer Clinic plans to migrate all its applications to the server solution during 2008. As a result, the company has realized an immediate increase in employee efficiency, minimized security vulnerabilities issues, and improved the user experience.
Situation
Holzer Clinic offers a wide range of healthcare and rehabilitative services, including by-appointment, walk-in, and urgent care, and receives more than 500,000 patient visits each year. Based in Gallipolis, Ohio, the company has nine clinics throughout Ohio and West Virginia. After starting as a single medical facility in 1949, the company has steadily grown by opening new clinics and purchasing several independent physicians’ practices. It is now one of
 |
We are depending on Windows Server 2008 for the stability and availability of our electronic medical records and other mission critical systems. |
 |
|
Mark Harvey
Chief Information Officer, Holzer Clinic |
|
|
the largest group practices in the region, employing more than 800 support staff and 120 board-certified physicians.
The employees and physicians at Holzer Clinic are responsible for sensitive data, including patient information, confidential medical records and test results, and insurance data. The company relies on an electronic medical records (EMR) system to keep track of patient data. Holzer Clinic supports its EMR system with a network composed of 90 servers and 1,000 desktop and portable computers. Its primary data center is centralized in Gallipolis and includes a Microsoft® SQL Server® 2005 database software cluster. Clinics located close to Gallipolis connect to the data center through fiber optic lines; more remote clinics connect through T1 lines.
Safeguarding critical patient information is a top priority, but Holzer Clinic faces challenges at some of its clinics. Several of its smaller facilities do not have a dedicated server room and the server rack is located behind the reception desk. Although there has never been a security breach at Holzer Clinic, the company wanted to bolster its physical security and ensure reliability. According to Mark Harvey, Chief Information Officer of Holzer Clinic, “Our EMR system puts us miles ahead of the vast majority of medical practices in the country. But if it’s not available, or the performance is poor, we can’t deliver care to the people who depend on us.”
Branch offices relied on a flat network that required users to authenticate over a private network to the domain controller at the centralized data center. “In the clinics furthest away from the data center, employees would have to wait several minutes to authenticate and see their desktop, resulting in frustration and lost productivity,” explains Mark Oliver, Systems Engineer at Holzer Clinic. In an effort to speed authentication, the company investigated adding domain controllers to its computers running the Windows Server® 2003 operating system at each of the branches connecting through T1 lines, but the physical security vulnerability was too great a risk, considering the potential exposure of sensitive data. It needed a new way to manage user identity and access to information, while eliminating physical security risks and amplifying user productivity.
Solution
Holzer Clinic is on the leading edge of technology, recognizing the important role it takes in providing the highest-quality care. “Making medical records available electronically in order to provide better patient care is a top priority for Holzer Clinic,” says Tim Boucher, Microsoft Consulting Engineer at CDW. “As a leader in industry, the company welcomes new technology solutions that can help it meet its goals.” As such, the company investigated an upgrade from Windows Server 2003 to Windows Server 2008 as soon as the new operating system was available.
|
Windows Server 2008 with RODC was an obvious solution for us. |
|
|
Mark Oliver
Systems Engineer, Holzer Clinic |
|
|
Holzer Clinic teamed up with its trusted technology partner CDW to plan for and implement the upgrade. A Microsoft Gold Certified Partner, CDW has been providing IT solutions to its clients since 1993 and has a long-time relationship with Holzer Clinic. Together, Holzer Clinic and CDW evaluated the company’s network infrastructure to determine the best deployment scenario.
Holzer Clinic decided to implement Windows Server 2008 with Read-Only Domain Controller (RODC)—a significant new feature. Instead of the writeable domain controllers used previously in locations where physical security might pose a problem, the company can deploy a domain controller at its dispersed clinic locations that hosts read-only partitions of the Active Directory® Domain Services database. As a result, Holzer Clinic can help ensure server security and better safeguard sensitive patient information. “Given the importance to Holzer of protecting sensitive data in branch locations, Windows Server 2008 with RODC was an obvious solution for us,” says Oliver. CDW helped Holzer Clinic through the design, implementation, testing, and production phases.
Holzer Clinic deployed one instance of RODC to production in November 2007. It plans to deploy up to 15 servers running Windows Server 2008 companywide, and four instances of RODC to its clinics that are furthest away from the data center. It will use Windows Server 2008 to support its entire infrastructure, including print servers and file servers. The company is running Windows Server 2008 on HP Blade servers with Quad-Core Intel Xeon processors.
As part of its initial deployment, the healthcare provider quickly deployed Internet Information Services (IIS) 7.0, a service within Windows Server 2008. In only one week, Holzer Clinic and CDW tested and deployed the new Web server, and it now powers the company Web site.
In addition to RODC, Holzer Clinic plans to deploy Terminal Services Gateway in its branch clinics. Using this role service in Windows Server 2008, authorized remote users at Holzer Clinic will be able to connect to resources on the company’s internal network from any Internet-connected device. For instance, instead of using a virtual private network (VPN) client, doctors can instead access the corporate network from their computer at home, along with line-of-business applications, while sensitive data remains in a location with enhanced security.
Benefits
As a result of implementing Windows Server 2008, Holzer Clinic has increased its peace of mind when it comes to server security at its branch locations. In addition, it is already witnessing a rise in employee productivity and satisfaction.
Minimized Security Vulnerabilities
By implementing the RODC feature, with plans to deploy four more instances, Holzer Clinic is confident in its physical security for servers. With the new RODC functionality, the company can rely on faster authentication without the security risk that comes with a writeable domain controller. “In remote clinics where the company does not have dedicated server rooms, the RODC offers an added layer of protection and peace of mind,” says Oliver.
Reduced System Downtime
Holzer Clinic has clustered its instances of SQL Server 2005, with plans to complete clustering efforts across its entire application infrastructure. By using failover clustering, in addition to being able to consolidate nodes, Holzer Clinic will be able to provide an extra layer of protection that will help it reduce system downtime in the event of scheduled maintenance or a server failure.
|
It’s simple, users are a lot happier now. |
|
|
Mark Oliver
Systems Engineer, Holzer Clinic |
|
|
“Now, with failover clustering, we can help ensure that our systems are both available and resilient,” explains Oliver. Adds Harvey, “We are depending on Windows Server 2008 for the stability and availability of our electronic medical records and other mission critical systems.”
Improved Employee Efficiency
Previously, employees at distant clinics experienced long wait times when logging on to computers on the network. In the case of the clinics furthest from the main data center, it could take several minutes to authenticate a user—minutes that could be spent caring for patients or on other critical tasks.
Because the RODC feature stores user credentials after initial authentication, subsequent logon attempts can be serviced by the local RODC, mitigating the effects of latency or network connectivity issues. Now, the clinics have fast, reliable remote authentication services. Instead of waiting several minutes to log on, Holzer Clinic employees see their desktop in a matter of seconds—and they don’t have to wait to get started with their day.
Improved User Experience
In addition to improving the logon efficiency for remote authentication, Holzer Clinic is using the new solution to increase employee satisfaction. Waiting for several minutes to log on proved to be a source of frustration—one that is eliminated with quicker authentication. “It’s simple,” says Oliver, “users are a lot happier now.”
The physicians no longer have to stay tethered to the office or to a company computer. Holzer Clinic can grant, and restrict, access to company resources using the Terminal Services Gateway feature for anywhere a user is located. Instead of using a remote-access VPN, which requires specific desktop client software, physicians can work on patients’ charts or access medical records with enhanced security in the comfort of their own home from their own computer. Overall, with the new solutions, doctors can focus on patient care, not the technology.
Windows Server 2008
Windows Server 2008, with built-in web and virtualization technologies, enables you to increase the reliability and flexibility of your server infrastructure. New virtualization tools, web resources, and security enhancements help you save time, reduce costs, and provide a platform for a dynamic and optimized datacenter. Powerful new tools like IIS 7.0, Server Manager, and Windows PowerShell, allow you to have more control over your servers and streamline web, configuration, and management tasks. Advanced security and reliability enhancements like Network Access Protection and the Read-Only Domain Controller option for Active Directory Domain Services harden the operating system and protect your server environment to ensure you have a solid foundation on which to build your business.
For more information, go to:
www.microsoft.com/windowsserver2008
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:
www.microsoft.com
For more information about CDW products and services, call (608) 288-3000 or visit the Web site at:
www.cdw.com
For more information about Holzer Clinic products and services, call (740) 446-5411 or visit the Web site at:
www.holzerclinic.com
