Assistance Publique-Hôpitaux de Paris (AP-HP) is a university hospital trust made up of 39 hospitals across the Paris region. The trust has 100,000 members of staff and 50,000 workstations and treats more than 10 million people every year. Each of the patients passing through the trust’s doors is assigned a digital patient record that must be accessible across the trust’s care facilities.
“We have been focused on rolling out Electronic Patient Records (EPRs) across all our hospitals since 2013,” explains Guy Bensoussan, Head of AP-HP’s Infrastructure Solutions Center. But, to implement the project successfully, it was necessary to completely redesign the flow of data, its security and accessibility, as well as to future-proof the infrastructure’s scalability.
More and more cybersecurity threats are targeting healthcare providers and hospitals globally. In France, recent media reports have shown a dramatic increase in ransomware attacks targeting hospitals, with thousands of employees forced to revert to physical record keeping as infected computers were rendered temporarily unusable. Healthcare professionals are reacting and looking to redesign infrastructure with security as a top priority to mitigate these risks.
AP-HP selected a healthcare software provider and its software package.
With 22 modules (medical record, prescription, emergency treatment, for example), the software provides a comprehensive patient handling solution which follows the patient’s journey, and shares the patient record with all the medical staff involved in their treatment. To operate the record successfully, a secure, sustainable, and agile infrastructure and IT system were needed. AP-HP turned to Citrix, which had formed part of its IT environment for many years.
The first task was to deliver the same software as a virtual machine on the trust’s 1,400 Citrix servers dedicated to this application. Citrix DaaS is then used to enable secure access to workstations across the network.
“The Citrix client is deployed uniformly across our workstations using SCCM. The security policy is therefore respected and complies with recommendations,” emphasizes Bensoussan. The rest of the security is handled by the Citrix Virtual Apps servers: load balancing between servers, intelligent management of network traffic, management of servers under maintenance. All of this contributes to a better user experience.”
By running virtualized apps on servers rather than workstations, Citrix solutions deliver genuine flexibility. As Bensoussan explains, “From a security management perspective, it’s far easier to update servers with new access policies than to update 50,000 ‘physical’ machines.”
AP-HP can also adjust the processing power of the servers installed in its data centers based on usage. There is high demand for access to EPRs in the morning, with a spike equating to 17,000 concurrent client requests, which then tails off during the rest of the day. AP-HP has 24,000 Citrix licences for these concurrent client requests. As a result, some servers do not run at night and others are updated. “This is a really positive aspect,” says Bensoussan, “as we experience frequent attacks, maintaining an optimal IT system is crucial. As for shutting down servers at night, this allows us to save significant amounts on our electricity consumption.”
Within the Citrix ecosystem, the publication servers are monitored to know the different response times of each of the application layers and systems in real time. This simplifies the work of production teams in the event of an incident.
If server activity is high, it triggers the production of logs that provide a record of events. This data is transferred to the IT system and analyzed in real time. If a malfunction is detected, the IT team can respond immediately. In addition, Dynatrace software is used to monitor the performance of the software application. For ‘Anywhere Access’, AP-HP also uses Citrix ADC to provide secure external access through additional layers of security including one-time passwords.
Between 2019 and 2020, there was a significant increase in demand for external access when off-site, peaking in the spring of 2020. Citrix ADC was then widely deployed and offers AP-HP staff the ability to access published applications. This means radiologists can now view imaging data from the EPRs in their offices and from their homes, carry out remote appointments and complete reports when off-site. In the face of lockdown or travel restrictions, this means all staff that are non-essential to the continuity of care are able to access the apps, tools and systems they need to perform their jobs from the safety of their own homes which greatly contributes to a better employee experience.
AP-HP is now continuing to consolidate its IT system by installing an SSL VPN using Citrix ADC. For IT, this means that Bensoussan’s teams are able to take their workstations home and work remotely on a secure connection.
Recently, the trust has also added Citrix PVS (Provisioning Services). This software streaming technology uses a shared image to deploy patches, updates and other configuration information on multiple servers. At the given time, the image is published and all servers reboot from the new image. The same software now runs across 39 AP-HP hospitals, with minimal effort and the guarantee of using identical servers.
Overall, the support provided by Citrix Professional Services has helped to streamline the process of defining and implementing the project. For the trust’s locations, this means staff are now equipped with easy access to electronic patient records and can maintain productivity, even in times of disruption. Guy Bensoussan concludes, “Citrix is unquestionably a key partner in helping to meet our current needs, but also in delivering secure and sustainable workplace and IT systems for the future.”