There is a question I get from healthcare IT leaders more often than almost any other: how do we justify the cost of our infrastructure when no one in the boardroom understands what it does?

My answer is always the same: they understand it the moment something goes wrong.

That is the reality of healthcare IT. We operate in near invisibility when things work and under a microscope when they do not. And nothing makes things go wrong faster, at greater scale, and with more direct consequence to patients, than the wrong decision about how to deliver your EHR.

I have spent a long time thinking about what separates health systems that recover from major disruptions quickly from those that spend days, weeks or months, clawing back to normal operations. The answer is almost always architectural. Not a vendor decision, not a budget decision, not a staffing decision. An architectural one.

“Choosing the wrong delivery model can mean higher costs, more downtime in a crisis, and frustrated end-users; choosing the right model can improve uptime, contain cyber risks, and save millions of dollars over time.” – Envision IT, Epic Healthcare Delivery Models

The stakes have changed

Healthcare has always been a high-stakes environment for IT. But the threat landscape and the regulatory environment have converged in a way that makes EHR delivery architecture more consequential than it has ever been. Ransomware attacks are not a theoretical risk. Scripps Health lost four weeks of EHR access and $112.7 million in a single event. The wave of attacks targeting our sector is not slowing down.

At the same time, proposed HIPAA updates would require health systems to restore EHR access within 72 hours of a cyber incident. That is not a standard most thick-client environments can meet. I have watched organizations do the math after an event and realize—sometimes for the first time—what their architecture actually costs them when it fails.

That moment of recognition should happen before the incident, not after.

What the CrowdStrike event taught us

The 2024 CrowdStrike outage was painful for a lot of organizations, and it was clarifying for all of us. The recovery data tells a story that every CIO in healthcare should have in front of their leadership team.

“Three engineers recovered 18,000 thin client VDI desktops in four hours. At the same organization, a team of 150 IT staff needed nearly four days to recover 2,500 Windows PCs.” — Envision IT, Epic Healthcare Delivery Models

Read that again. Three people. Four hours. Eighteen thousand endpoints.

That is not a coincidence. That is architecture. When your EHR and clinical applications are delivered from a centralized platform through a single master VDI image, recovery simply means reverting that image. It means a reboot, not a rebuild. The contrast with decentralized, locally installed environments, where every affected device must be touched individually, should be a defining data point in every EHR delivery conversation your team is having right now.

This is a business decision, not a technical one

I want to be direct about something, because I think we do ourselves a disservice when we frame EHR delivery as an infrastructure question. It is not.

Every day your EHR is inaccessible, the patient safety clock starts.You lose revenue. Canceled procedures, delayed billing, ambulance diversion, and the cost of paper fallback workflows. These are not abstractions. The moment a clinician cannot reach Epic, the financial and care impacts start to compound, and your path back to normalcy gets farther away.

The architecture decision you make about EHR delivery shapes your organization’s ability to recover when things go wrong, your security posture, your total cost of ownership, and your ability to adapt as care models and regulations continue to evolve.

That is a strategic conversation. It belongs in the boardroom, not just the server room.

Independent research backs this up. Thin client VDI environments deliver 20 to 40 percent lower total cost of ownership than full PC deployments when you account for hardware, energy, and support costs over time. IT staffing ratios shift from roughly one admin per 60 endpoints to one per 500 to 1,000. And because no patient data lives on the device itself, a lost or stolen thin client is a nuisance, not a breach.

“Broad architectural decisions often have impacts that last for years. These choices can either limit or enable the system’s ability to quickly adapt to evolving market demands, regulatory requirements, or technological advancements.” — Envision IT, Epic Healthcare Delivery Models

What I tell other IT leaders

When a colleague asks me where to start, I tell them to stop framing EHR delivery as a technology problem and start framing it as a business continuity and risk management problem. Then take it to your CFO, your CMO, and your board with that framing, using a governance framework to align disaster preparedness activities and bring operations into active tabletop business resiliency exercises.

Show them the recovery data. Model the TCO difference. Walk them through what a 72-hour HIPAA restoration requirement means for your current architecture. The conversation changes when the numbers are on the table.

We have a responsibility to the patients and clinicians who depend on these systems every single day. That responsibility does not end at the edge of the server room. It extends to every endpoint, every workflow, and every decision we make about how those systems are delivered.

The architecture decision is the most important one you will make. Make it with intention.

For an independent, data-driven comparison of EHR delivery models across cost, risk, flexibility, and operational impact, read the Envision IT whitepaper: Epic Healthcare Delivery Models.