Home > Blogs > VMware for Healthcare IT

Hyper-converged makes Fujifilm Synapse PACS a Snap

Fujifilm’s Chief Storage Architect Esteban Rubens is delivering a very compelling architecture to improve patient care by simplifying their imaging platform using hyper-converged infrastructure powered by VMware SDDC.

By using VxRail, new systems can be deployed in minutes, the ongoing maintenance is greatly simplified, and the total cost of the system is lower than alternative architectures.

VMworld 2016 Session Voting open May 3 – May 24

Working in healthcare IT we often do things a little bit different.  We may not create monstrous development environments, and our application deployments may happen less often on average than our counterparts in manufacturing, but our applications are often on the front lines of patient care.  Since joining VMware as a Healthcare IT professional I have had the privilege of speaking to many healthcare providers, and payers, and one single theme seems to come to mind.  It is all about the patient experience, about changing the way people interact with their healthcare provider, simplifying the process, enabling the provider to spend more time with the people and less time on administrative tasks.

Last year I wrote about the process of how a session goes from concept to what you see on the stage.  This year we have seen a significant increase in sessions being submitted with healthcare themes.  A small part of this has been due to the growth of our healthcare team here at VMware, we have welcomed some incredible talent in many areas.  A larger part of this has been more interest in getting the message of what VMware is doing to help improve healthcare to a broader audience.  More submissions means more conversations, more ideas being shared, more feedback, and more of us focusing on solving more problems.  The best part is seeing an increase in customer panel sessions where you, our customer, comes and talks about the transformation of patient care.  These sessions are particularly interesting because they are more honest, and often times show the struggles, and victories our customers are dealing with.

This year, we have around 40 sessions in the voting pool which are healthcare focused.  Certainly there are other amazing speakers and worthy sessions, but for those of us in the healthcare field it is a perfect time to come talk to peers, learn more about what is working, and what could be improved on.  Share your stories, your feedback, and meet the VMware healthcare team, and help us continue to improve the patient experience.  To vote go to http://www.vmworld.com/uscatalog.jspa?search=healthcare.  Login in the upper right hand corner, and vote for what you want to see.

Of course no VMworld would be complete without the Hands On Labs, and this year we are working to bring healthcare presence to every aspect of the conference.  Our Hands On Labs will be featuring a number of healthcare specific labs with our healthcare specialist team standing by to assist you with any questions.  Our teams have gone to great lengths to make these available as a part of the conference, and to give you the best opportunity to experience the technology hands on.  As always this is your conference, so vote for the sessions you think will be helpful, but then come visit us.  As presenters, there is no greater feeling than meeting people, answering questions, hearing stories, and making new friends.  If you have a story you think is compelling, reach out to your VMware team so we can get you into one of these sessions.  As always hoping to see you there, and make sure you vote.

Improve Reliability by Shrinking Datacenter Fault Domains with Software

Security and Reliability are the primary objectives of all Healthcare infrastructure. Reliability is a complex emergent property of all of the underlying required components. Today, Blade Chassis and Shared Storage represent large Fault Domains that are no longer necessary, and it’s time to take a good hard look at our datacenter design decisions because we can make the Fault Domains smaller, resulting in more reliable infrastructure and more stable critical service delivery. Software-defined storage allows us to shrink the largest Fault Domains in the datacenter today: Blade Chassis and Share Storage Frames.

I recently had a conversation with a Healthcare CTO who had twice experienced a significant outage that took time to recover. As so many Healthcare customers do, they use Blades in Chassis connected by Fibre Channel to several Shared Storage Frames. They have twice experienced Chassis failure that caused a significant service interruption. In each instance, vSphere functioned by design: seeing the loss of the Hosts, HA restarted the affected VMs on remaining hosts. Each time, that activity overwhelmed the remaining Hosts and caused service delivery issues.

Most in the room agreed that these issues are best addressed by capacity and resource pool priorities to prevent the ill effects of resource scarcity in the future, but it got me thinking more about Fault Domains in general: Shared Storage and Blade Chassis are the biggest Fault Domains in the datacenter today, and we must look at architectures and technologies that allow us to reduce that exposure.

Fault Domains

A Fault Domain defines the maximum scope of an outage that can be caused by a component failure.

In your laptop or phone, the Fault Domain is essentially the entire device: the failure of the screen, the battery, the storage, the memory, even the buttons renders the device unusable for all practical purposes.

In our server infrastructure, Servers, Chassis, and Shared Storage are the Fault Domains to consider. (We’ll ignore power, cooling, and networking for this discussion; they are absolutely critical, but there is little that can be done beyond present best practices to make them more reliable.)


Server failures will happen in the datacenter as a result of component failures within them. That is one of the reasons vSphere is the platform solution of choice in the Datacenter: vSphere HA automatically restarts affected VMs and their services in the event of a server failure. As long as there is sufficient capacity on the remaining Servers, the scope of the impact is limited to the systems that were running on the server that failed; the recovery is automatic and quick.

Engineering around a single server failure requires service redundancy at a higher level, which is accomplished through a variety of methods beyond the scope of this discussion such as Load Balancing, Clustering, or VMware Fault Tolerance.

The Fault Domain of a single server is a generally accepted risk in the datacenter. Where applications allow us to efficiently engineer around it, we do, and where we cannot, VMware allows the service outage to be brief and limited to few services.


Because VMware required Fibre Channel and Shared Storage in the beginning, Blades arose as a way to reduce that cost by consolidating the Fibre Channel ports needed to connect at the Chassis, but that savings comes at a price: a misconfiguration or failure of a Chassis component can cause an interruption of 14 to 16 servers running 150 to 800 VMs. That is a lot of services and a lot of standby capacity necessary to restore those services.

Blade Chassis are large Fault Domains in the datacenter today. What do we get for this large scope of service impact? About 10% savings on compute capital, some operating efficiencies (mostly driver and firmware remediation) and an easier way to manage Fibre Channel connectivity to Shared Storage.

VMware HA can absolutely take care of all of the systems that were on the servers in the failed Chassis, but that requires compute policy management for high and low priority systems or an entire chassis of spare compute capacity. That’s either extra planning or a lot of idle compute and licensing.

The solution is simple: software-defined storage and rack-mount systems or smaller blade enclosures with fewer nodes shrinks the fault domain and reduces the impact of hardware component failures, reducing the spare capacity necessary to maintain service levels.

Shared Storage

Shared Storage from every vendor is designed to be redundant unto itself so that the failure of any component within does not affect the delivery of its storage services, but Shared Storage arrays can and do fail completely and catastrophically, resulting in painful and prolonged outages.

SANs are without a doubt the largest Fault Domain in the datacenter today, and just about every IT leader can tell you at least one very unpleasant story. We hear them all the time, and our support organization usually assists with the recovery efforts.

The solution is simple: Software-defined Storage shrinks the Fault Domain to a single server for hardware failure and a single vSphere cluster for catastrophic software failure. Since most customers build in eight to twelve node clusters, a software-defined storage cluster worst case outage is smaller than that of a shared storage array or existing blase chassis.

Final Thoughts

Fault Domains matter, and VMware can shrink yours with VSAN clusters. We can also dramatically improve your performance, scalability, and lower your cost in the process. It’s the most value we can bring to your datacenter today: cloud scale behavior and economics on premise in your datacenter.

Healthcare Security and Storage: Transformation Better Together

2016 CHIME CIO PrioritiesWe recently polled our Healthcare CIOs as part of our CHIME membership. Their top two priorities for 2016 align perfectly to our security and storage offerings: ‘Security and Compliance’ and ‘Reducing Costs/Financial Restraints’.

The pivot from traditional infrastructure to software-defined security and storage addresses the top two priorities exquisitely, allowing Healthcare providers to reduce the attack surfaces leveraged by modern phishing and malware attacks as well as dramatically reducing the TCO per application and solving a host of other storage challenges in the process.

Healthcare Infrastructure Needs

  • Security: Patient Information and Systems
  • Reliability: Consistently available, self-healing, continuous between sites
  • Performance: Delays reduce productivity and affect satisfaction
  • Value: Persistent pressure, flat budgets despite growth

Healthcare needs an application platform that addresses its most profound infrastructure challenges: security, reliability, continuity, and value. In order to deliver those outcomes, we need new capabilities that take full advantage of your virtual infrastructure as the hub of information in your environment and apply policies where they matter most: to the applications themselves.

VMware marshals your most sensitive Healthcare data all day long: on its way to and from storage and with other systems inside and outside of our environment. That makes VMware the most efficient place to implement security and storage policy, and in doing so, we can simultaneously reduce the risk of the modern breach, add reliability and performance to the storage on which all applications depend, and reduce the total cost per application. And as we look to a future where the boundaries of the datacenter become increasingly flexible, and we look to leverage compute from a variety of cloud providers, we need to apply the policies to the applications directly, to the VMs themselves, to ensure that wherever the applications and data move, the security and performance policies move with them.

Security and storage are the two critical infrastructure components most in need of overhaul, and the technologies necessary to address so many of the modern challenges are already available, delivering an application platform with better security, greater reliability and performance, and lower total cost on the order of 30-50%. It’s powerful, it’s simple, it’s affordable, and it’s in production right now.


Recent headlines tell intimidating stories about ransomware holding patient data and critical systems hostage with encryption until a fee is paid to obtain the decryption key. Prior to that, stories of high profile health record breaches dominated. Breaches are an outcome of present architecture limitations, and what is missing from the headlines are recommendations that point to architectural solutions to reduce the attack surface of applications and systems that house PHI.

Breaches are most often effected by phishing and malware that then exploits the typically absent internal boundaries between systems in an environment. An important element of any modern security strategy requires that we draw purposeful lines around our applications and systems to control what traffic is permitted on a very granular scale, but that requires that we have a new security capability, a new place to effect policy. VMware is already in the path of that data and is the most logical place to implement that policy.

Traditional policies are based on IP and Port, and defining a complete list of permissible traffic in an environment using IPs and Ports is simply infeasible to build and manage. As a result, no one does it – that is why phishing and malware work.

Securing the internal environment requires policy be applied to applications directly. Since nearly all applications run inside VMware VMs, that is the best place to apply those policies. And because we manage the VMs, we can apply new kinds of security policy: we can apply sophisticated policy to groups of VMs by naming convention, group membership, tags, OS versions, etc. It’s an entirely new way to implement internal Zero Trust where traffic can only flow when specifically permitted. We can also apply policy to AD users and groups so that only traffic by authenticated users will flow.

This outcome of Zero Trust is the result of using NSX Distributed Firewall, a core feature of the VMware ESXi hypervisor that runs almost all of your critical applications, and this is a key component of a modern comprehensive security policy.


Nearly all VMware infrastructure today leverages shared storage and fibre channel.

Nearly all VMware infrastructure leverages shared storage, fibre channel.

Healthcare is one of the few industries that has lives at risk in the event of system failures, which makes the application platform absolutely critical to the delivery of care. With that in mind, we should focus on the elements of infrastructure most prone to issue and that can be simplified through innovation and transformation.

Almost all virtual infrastructure today leverages shared storage; it was an essential component of architecture that in itself has become a single point of failure whose risk requires significant capital to mitigate. The era of shared storage is rapidly coming to a close because it is complex and expensive: it accounts for roughly 50% of virtual infrastructure capital, and by its very nature, it is prone to failure with very high operating cost. The policies to manage storage are so distant from the applications themselves that when things go wrong, it takes three different skill-sets to fully surround the potential issues and resolve them.

With lives on the line, why would we allow that to continue if we have a better way?

By moving storage into the compute layer, we reduce complexity and cost while increasing reliability and performance.

By moving storage into the compute layer, we reduce complexity and cost.

VMware VSAN is the solution to the reliability. It’s a core capability of the VMware hypervisor, and by moving the storage into the compute layer and allowing VMware to manage it all directly, we gain new redundancy options, new business continuity options, reduced complexity, and we apply storage redundancy and QOS policies directly to the VMs. There is so much less to go wrong in this distributed storage model, and it is the way all virtual infrastructure will be built. Our customers who have transitioned to this design, some of whom have been operating this way for more than two years tell us they cannot imagine running their infrastructure any other way.


By moving the storage up into the compute, VMware can make critical decisions about how to cache it for rapid repeated retrieval. It still lands on the same spindles and flash as it would with a SAN, but by moving storage to the compute layer and giving VMware control, we get great performance benefits and gain scale benefits by distributing the Iops among the compute nodes.

A modern SAN is designed to scale, but the storage processors in a SAN become bottlenecks over time. Eventually, we reach a point where our applications are performing more transactions than our SAN can process, regardless of how much flash is present behind the processors. This creates significant growing pains as both capital spend and operating complexity.

Distributed storage, on the other hand, scales with you. A modern compute node using NVMe Flash as a cache drive can sustain ~120,000 Iops. As our applications grow and we add compute nodes, we are consistently adding additional Iops, up to 120,000 per node. This architecture by its very nature addresses the single greatest performance challenge of shared storage, and as flash become increasingly affordable, spindles are fading in favor of higher Iops infrastructure without the SAN bottlenecks that have plagued us for years, delivering three to ten times the Iops presently available in customer environments.

VMware VSAN alleviates so much of the performance challenges of storage architecture. The idea that there are no LUNs and no tiering is a radical concept for storage engineers, but it works so much better. My customers who run hybrid configurations using a combination of flash and spindles report no performance challenges for nearly two years.

Value and Cost Control

Did I mention this improvement in reliability and performance also costs less? By simplifying the entire stack, we eliminate capital infrastructure and commodity hardware markup. When we consider the total capital cost of virtual infrastructure, hosts with shared storage cost about 30-50% less per VM than using our distributed storage solution. This is leading to a rapid evolution of infrastructure architecture that began over two years ago but has accelerated dramatically in the last six months. With the ubiquity of commoditized compute and local storage that complies with Ready Nodes (from Cisco, Dell, Fujitsu, Hitachi, HP, Huawei, Inspur, Lenovo, Quanta, Sugon, and SuperMicro), and the launch of VxRail/VxRack HCI from VCE/EMC, there are so many excellent platform options to gain all of these benefits and realize substantial savings.

With these savings so very real and these benefits so very tangible, why would you build your infrastructure any other way?

The Solution: NSX and VSAN

VMware’s Security and Storage solutions are wonderful complements, addressing so many of the infrastructure challenges in Healthcare today. The savings versus your current model will fund the new capabilities, reduce the attack surface of applications, and resolve critical storage challenges all as part of a single transformation event. Healthcare applications have never had such a secure, reliable, performant, and cost effective platform.

Securing and Simplifying M&A with NSX

Securing and Simplifying Mergers and Acquisitions with NSX
You have just been pulled into the planning process for the most recent M&A.  Hundreds of items need to be addressed… The first question is always “when will the new executive team have access to email and critical corporate business systems?”  Followed quickly by “how long will it take and how much will it cost to merge their systems into ours?”

M&A activities are complicated, fast paced and emotional times for organizations.  The temptation to move fast and merge the organizations often leads to technical and cultural missteps that threaten the success of the merger.  Financial pressures grow, costs are estimated, monitored and managed putting pressures on already overburdened IT shops to work their magic.  Being able to merge networks and systems in a timely and secure manner is a key part of controlling these costs.

The Risks
You have walked through and seen the IT operations of the newly acquired organization, but do you really know what is under the covers?  Sure they look like they have some semblance of ITIL process and a half way organized data center, but what about the discipline in day to day operations that are so important to maintaining a safe, secure and clean IT environment?  Do you really know if they have sound policies and procedures, solid security technologies and defenses or have they educated their users on the shared security responsibility?  A lapse in any one of these areas or a thousand others could mean that their systems are compromised with malware or have undetected data breaches.  Do you really want to risk bringing an unknown system directly onto your network and risk exposing your corporate data?

The ongoing financial and operational pressures of M&A can often times put IT shops in the position to move fast and risk the integrity of their existing systems.

Protecting with VMware NSX
The benefits of the Software Defined Data Center (SDDC) are many.  Defining, creating and managing in software allows for nimble and more cost effective operations than the traditional hardware based approach of data center operations.  This holds true for networking and network security.  Inside your data center NSX allows applications to be firewalled from each other (micro-segmentation), securing the east-west traffic and allowing only authorized communications between internal systems.  NSX operates inside your already deployed VMware hypervisor, so the foundation is there today. In addition to security, NSX also provides software based load balancing, routing and switching.


During M&A, the micro-segmentation approach allows for additional benefits.  First, your own internal data center infrastructure and east-west traffic is secured.  This lessens the risk that a compromised system brought in during the M&A process can infect your existing systems.  Secondly as part of the M&A work you can extend this NSX protection into the acquired data center prior to connecting them to your network.  This allows the IT shop to add another level of security by micro-segmenting the acquired data center and gaining greater visibility into the infrastructure.  Applying NSX partner applications such as Trend Micro Deep Security provides additional peace of mind by adding intrusion detection/infection prevention scanning, log scanning, and automatically isolating infected machines prior to merging the networks.

Simpler Network Extension
After ensuring that your networks and systems are protected from the unknowns of the acquired data center you will then have to figure out the combining of the two IP network spaces.  One option is to provide new IP addresses to the acquired systems.  This is a very labor intensive and tricky operation that could have major disruptions to patient care and business operations.  The IT team will need to touch each system in this case and the risk is that poorly engineered critical systems will break because of hard coded IP addresses in systems and integrations.

With SDDC and VMware NSX the network can be dynamically changed in software, rather than at the machine level.  The acquired systems maintain their original IP addresses and are encapsulated with the new IP addresses.  This allows for the simpler integration of systems into your network without the IT staff manually changing IP addresses and risking the availability of critical applications.

Efficient Operations and Better Outcomes
VMware NSX is already making a large impact in security and network operations across the healthcare industry.  Reducing risk, simplifying the operational component of mergers and driving down costs are all powerful benefits of NSX in healthcare.  At the end of the day healthcare is about managing the health and improving outcomes for patients. Anything we can do to make operations simpler, adoptable and cost effective allows our organizations to focus on the most critical aspect of healthcare, the patients.

IT is the Foundation, not the Point of Healthcare Information Technology

Four key themes continue to resonate with healthcare provider CIOs in almost every meeting that I’ve had this year:

Empowered Clinicians – Right information, right device, right time

Engaged Patients – Enable patients to manage their own care

Support a Community – Scale to support a community not just a hospital

Secure Patient Information, Persistent Availability – Intrinsic security, stability, performance, and agility

Yet, as much as CIOs want to focus on these key areas, many cannot because they don’t have the right technical foundation in place to enable these complex, highly-integrated initiatives.

The last several years have seen most provider organizations implement systems and technology at a break-neck pace to support a wide range of initiatives. This includes internal projects, expansion and service line development, Federal initiatives, Meaningful Use and on-again, off-again, on-again ICD-10. They’ve seen their organizations stretched, and operational costs swell, while systems complexity has increased exponentially. The healthcare organizations we work with are focusing on driving value out more mature EHR deployments through analytics, and driving down the operational costs that have crept up as many legacy systems and processes haven’t been able to be retired at a pace commensurate to implementations Meanwhile, healthcare security risks are increasing at a disproportionate rate compared to other industries nationwide. To make matters worse, many provider organizations do not have a solid infrastructure to rely upon as they begin these initiatives.

The transition to software-defined infrastructure through the widespread use of virtualization technology from the data center to the desktop is well underway, and will continue to accelerate in the coming year to enable provider organizations manage spiraling infrastructure expenses as well as increasing healthcare security concerns. Most notable, healthcare IT will increasingly leverage a software defined data center architecture, with network virtualization as its foundation, to deploy clinical systems as services that are continuously available, highly secure and rapidly scale as business dictates.

Most organizations have a single core EHR, but they also have multiple other clinical applications which are required to manage ancillary functions or specialties. These applications have to work together, but by their very nature, increase IT complexity and create security vulnerabilities. By creating a software-defined foundation by virtualizing the network, healthcare IT can deploy security that is native to the infrastructure and can facilitate highly secure, micro-segmented East-West server-to-server communications between every clinical system. Network virtualization and the software-defined data center enables provider IT teams to deploy a Zero Trust network architecture, only allowing explicitly permitted communication between disparate systems. This enables an unparalleled level of secure clinical computing.

VMware sees the opportunity to break down the silos within healthcare IT and change how infrastructure is managed enabling, organizations to focus on patients, not IT. Software-defining IT enables clinical applications to be deployed as a service where security, monitoring and management are fundamental to their delivery, not bolted-on afterwards. This reduces the need to focus on managing physical devices and physical security. Instead, IT can focus on clinician performance employing tools to actively manage overall system performance, as well as that of a single user, with the same toolset. After all, the point of healthcare information technology is to enable the clinician to care for the patient in the most efficient, effective way possible – even to the point of keeping them out of a traditional care setting – not technology.

Hands on with Secure Healthcare Desktops

        Security breaches cost healthcare companies millions of dollars every year.  We continue to become more innovative with our security, but often times focus on the server and perimeter networks.  When it comes to the desktop, security is all to often a small piece of a larger design, something focused only on the operating system.  The best way to design a better secure desktop experience is to get hands on experience with secure healthcare desktops. VMware Healthcare would like to enable you to experience a secure desktop to improve security without sacrificing performance by experiencing our new Healthcare Secure Desktop hands on lab.  Join us and look at Just-In-Time application deployment, Identity based dynamic firewall services, and compliance and regulatory data security to see how VMware’s secure healthcare desktop can help you.

Just-In-Time Application Deployment

        By abstracting the application from the virtual desktop image, VMware App Volumes enables stateless pools of virtual desktops.  Within this section of the lab, you will see how providing applications in real time will help providers, simplifying your desktop engineering and management process.

Identity Based Dynamic Firewall Services

     Moving the security as close to the user as possible allows for threats to be stopped before they can propagate.  The Identity based dynamic firewall services portion of the lab demonstrates delivery of dynamic access controls based on a logged in user, even in a stateless virtual desktop infrastructure, adapting to changing requirements.

Compliance and Regulatory Data Security

     Security goes far beyond simply firewalls and applications.  Compliance monitoring and remediation of violations become far more important in the heavily regulated healthcare world.  The final portion of the lab demonstrates a realistic response to policy violations, triggering automated actions preventing data loss and compliance violations.

     Albert Einstein said, “We cannot solve our problems with the same thinking we used when we created them.”  Security in healthcare is a growing problem, solving it is going to require healthcare IT professionals to rethink architectures, and test out new and innovate ideas.  Get hands on experience with secure healthcare desktops and prevent security incidents before they occur.  Take advantage of VMware Healthcare’s Hands on Lab environment today, and learn how you can deploy secure healthcare desktops in your environment.

Introducing the Digital Clinical Workspace

You may be reading this blog post (please, let somebody be reading this blog post) on your:

  • work computer (this is research)
  • tablet device while sitting having breakfast (assuming you’re single)
  • cell phone while driving on a bus or a train

You may be using a browser, or a mobile app. Collectively, being able to access information when we want it, how we want it lets us use our time to its fullest potential – gathering knowledge, applying it to situations to accomplish goals. The device we use is whatever is most convenient for the task that you want to do, or just what we have to hand. It’s how everything is done now – right?

Not in the industry where split second informed decision making is more important than any other.

I started in the application virtualization industry 15 years ago. Even then, the message was about remote access to applications and information. So why then, 15 years later do so few doctors have always on anytime anywhere access to patient information? And no, a nurse describing symptoms or test results of over the phone does not count.

I get it, remote access to a paper chart was a fax machine – but we’ve been digital for a while now haven’t we? And yes, there are most certainly security concerns of what devices are accessing or storing protected health information (PHI). And there is certainly a generational shift in the attitude to and comfort with different mobile devices (Damn it Jim I’m a Doctor, not an IT guy!). And yes, healthcare IT is under a tremendous amount of pressure to deliver the projects that will meet Meaningful Use goals. But the benefits to patient care of always on access are self evident and the platform to deliver this same user experience – the one that we demand is available across all of our devices so we can see what a friend of a friend had for dinner last night – is available to healthcare.

Anytime anywhere access to PHI

VMware Workspace ONE unifies user, desktop and mobile management to enable a Digital Clinical Workspace that moves with care providers throughout their day.  From the out of hours emergency call to the bedside consult, the Digital Clinical Workspace enables secure simple access to patient information from the right device for the right task at the right time.

Although healthcare is still dependent on Windows applications, there’s a huge amount of innovation taking place in mobile apps and mobile devices for both providers, and patients. When that emergency call comes in the Digital Clinical Workspace enables providers to securely access the right information from the right application be it Windows mobile or web, and from the right device. Whether they are in a deer hunting stand in Vermont (true story), on a family fishing day on a boat on a lake (true story) or in the parking lot having just left for the day (of course a true story).  EMR vendors and startups alike are innovating for providers and patients re-examining clinical workflows and the equipment required – do I really need to push round a WOW or can I replace that with a small handheld device and a lightweight label printer?

Transforming the patient experience

Hang on. Did I say patients? Twice? Yes I did. CMS has tied reimbursement to HCAHPS scores with 2 percent being at risk by 2017. Patient engagement will be a big theme at HIMSS next week. Mobile devices and applications are being used to transform the patient experience. On Tuesday James Sturiano from Ohio Health and Frank Nydam from VMware will present on how Ohio Health are Using Mobile Apps to Create Active Patient Engagement. A mix of patient specific information through Epic MyChart Bedside and entertainment such as Netflix and Angry Birds is being used to alleviate the inevitable stress that comes with a hospital admission and start patients on their way to understanding their care to facilitate engagement and ultimately lower re-admission rates.

HIMSS 2016

At the VMware booth (booth #2221) this year, we will be demonstrating how the Digital Clinical Workspace, enabled by Workspace ONE and vCloud for Healthcare is enabling  leading healthcare organizations globally to mobilize healthcare in this transformation for both providers and patients. Together with partners including Dell, Imprivata, Clockwise MD and Gozio Health we will be demonstrating how the Workspace ONE platform goes beyond desktop virtualization providing the management, security and flexibility to deliver Windows, web and mobile applications to any device any where, helping healthcare organizations transform the cost, quality and delivery of patient care.

Healthcare M&A, the New Norm

Mergers and Acquisitions (M&A) are happening more routinely and quicker than ever in healthcare.  These events are extremely complex and challenging for people, process and technology.  With the right foundation and operational models in place IT can greatly reduce the risk, cost and complexity of these changes.  Executing on a Software Defined Data Center (SDDC) and Virtual Desktop Infrastructure (VDI) are the foundational platforms that enable this.

In 2015 alone there are huge mergers in the payer space with the Aetna purchasing Humana and Anthem announcing they will be buying Cigna.  Healthcare systems are heavily involved in M&A as well.  This year Barnabas Health and Robert Wood Johnson Health System in New Jersey combined systems, forming New Jersey’s largest health system.  Community Health Systems is spinning off 38 smaller facilities and forming Quorum Health Corporation with the goal of creating a company that can acquire hospitals in small markets.  Hundreds of smaller acquisitions never make the news, but they are just as disruptive to those practices and healthcare systems.

M&A Challenges

These mergers and spins are very challenging for organizations.  Supply chains, HR, financial reporting, payer relationships, governmental reporting and all other processes are impacted.  What is one key area that underpins each and every one of these operations in a modern healthcare system?  You guessed it, IT.  Add the complexities of merging disparate systems along with the stress and emotions that can accompany these deals, and you have a recipe for a very complex and risky program.  If not executed well the IT mergers can be a source of patient care issues, large scale security risks, large financial impacts and lead to long term challenges in the merging of cultures.

From an IT perspective no matter how large or complex the transaction there are four basic questions that have to be answered for every merger:

  • How quickly can I get the newly acquired leadership onto e-mail?
  • How quickly can we connect the network to enable the sharing of business critical applications and data?
  • How much will the IT integration cost?
  • How do I comply with local, state, federal and accrediting organization’s data retention standards?

vCloud for Healthcare – Enabling M&A

VMware is uniquely positioned in technology and healthcare to enable quicker, smoother and more secure transitions for organizations going through M&A activities.  The vCloud for Healthcare architecture with its Software Defined Data Center (SDDC) architecture can eliminate physical moves and wrap those efforts into software based activities.  These activities are supported by

  • Security
  • Compliance
  • Mobility
  • Private Cloud
  • Hybrid Cloud
  • Public Cloud
  • Underpinned by Network, Compute and Storage virtualization technologies


M&A activities are disruptive to even the most efficient operationally sound organization.  Decoupling IT operations from the physical world, moving the infrastructure management into software allows for flexibility, agility, security, and reporting like we have never had before in the industry.

Over the next several blog posts I will expand on how each of these technologies build a platform that allows for the flexibility and agility needed to take IT infrastructure worries out of M&A.

The Healthcare Security Conundrum

It seems like ages ago the HIPAA guidelines were adopted. It got a bit more complex as the HITECH requirements and financial implications increased. Following that, Meaningful Use Stage 2, encryption and the like is creating some additional technical challenges. Protecting patient data and secure it using best practices that your organization can muster has been the goal. Fast-forward to today, all of the rules still apply, but the game has changed, hacking and breaches from unidentified and even foreign organizations and their intent is even murkier has raised the ante. They know the value of healthcare records and they have had some success at capturing them.

There was a Dustin Hoffman movie from the 1976, ‘Marathon Man’ (yes I am exposing my vintage); the simple question by the antagonist was ‘is it safe’? Poor Dustin Hoffman did not know what, where, how, why and when. He, as well as the audience was the receiver of the pain and fear. We find ourselves a similar situation; instead of diamonds it is our health records at risk. There is financial value in our health records, but the bad actors may not be out for only financial gain, it also affects brand value and reputation. The risks and stakes are high and the intruders may already be in our systems just looking around for something interesting.

So the ‘fear, uncertainty and doubt’ routine has reached our executives and they want to know ‘What can we do to prevent this from happening to us?’ Our teams are doing their best to train our consumers of IT services not to ‘click on that link’. The intrigue and creativeness of the hackers are sometimes unbelievable.

There are many examples both inside healthcare and other industries; however, healthcare is a target since the value of a health record is more than just a credit card number. In case you are interested: (HHS Breach Report). The net result is the top ten breaches for the last about 3 years is responsible for 136 million records. At a value of $ 150 per record has a potential street value of $20 billion.

Hence the fact that healthcare is a target.

How does VMware approach this area:

First, it is not a product; it is an approach, a layered approach that involves different organizations. Not one company can solve this complex area alone.

Our approach starts with an assessment to help to understand your security risks. We also work with several organizations that can help you assess your risk. We provide free tools to provide some immediate feedback. We follow that with a ‘Hardening Guide’, which is a step-by-step approach to remediating the risks to your virtual environments. One of the capabilities allows for workloads be better isolated through distributed firewall. This approach may include hardware, software and or services.

We have just completed a white paper for you to explore the VMware concept of Security and Network Virtualization for Healthcare (VMware Healthcare Security Whitepaper) and although we may not be able to catch the villain of this story, but we can ‘protect our house.’