VMware To Offer Standard Business Associate Agreement for VMware Horizon Air
By James Millington, group product line marketing manager, End-User Computing, VMware and Josue Fontanez, product line marketing manager, End-User Computing, VMware
Today, we are excited to announce that VMware will soon be able to offer a standard Business Associate Agreement (BAA) to enable healthcare organizations to use VMware Horizon Air to realize the many benefits of having their desktops and applications delivered from the cloud. The BAA requires solution providers and healthcare organizations using their solutions to safeguard protected health information (PHI) in accordance with HIPAA (Health Insurance Portability and Accountability Act) guidelines.
Over the past year, we’ve received a great amount of interest in VMware Horizon Air, the cloud hosted offering direct from VMware that puts desktops and applications in the cloud for end-users to access using any device without sacrificing IT security or control. End-users today are multi-device users who want to be able to work from anywhere, on any device – even if that device was just released last week! According to a recent report commissioned by VMware and conducted by Constellation Research, 53 percent of respondents reported switching devices six or more times daily.
IT is under a ton of pressure to enable this diverse, mobile workforce but they have to be able to do it in a way that balances these requirements with security, operational simplicity, while also controlling cost.
There is no industry where there is more of a revolution taking place in devices and mobility than in healthcare.
Desktop-as-a-Service helps organizations that are interested in the benefits of VDI but either don’t have the upfront capital to get up and running, lack the IT skills to deploy and operate the infrastructure, or don’t have the agility to get from zero to desktop in days versus months. We are seeing these drivers in the conversations we are having with healthcare organizations right now – from rural hospitals with limited IT capacity, to health networks where hospitals are pooling resources to meet “Meaningful Use” targets. Among larger organizations, M&A activities are requiring a rapid addition of compute power to securely onboard entire teams on day 1.
It’s due to these benefits that we’ve been getting a lot of requests from healthcare organizations interested in VMware Horizon Air.
Independent HIPAA Examination Underway
While not required by regulations, the information security program for Horizon Air is also undergoing examination against the HIPAA security rule by an independent CPA firm. A satisfactory audit would demonstrate that VMware’s information security program adopted essential elements of HIPAA and HITECH (Health Information Technology for Economic and Clinical) requirements, including applicable components of:
- Administrative safeguards
- Physical safeguards
- Technical safeguards
- Breach notification requirements
While we could have completed this examination on our own as many cloud providers do, we felt that having a 3rd party complete the examination would provide an unbiased evaluation of our information security program – one that healthcare providers can entrust with their data.
If you’re at HIMSS15, stop by the VMware booth (#2268) to discuss VMware Horizon Air and the rest of VMware’s vCloud for Healthcare solutions encompassing datacenter, desktop, applications, mobile and the hybrid cloud.
We look forward to working with healthcare customers as they consider cloud-hosted virtual desktops with VMware Horizon Air.