Kelsey-Seybold Clinic, based in Houston, Texas, plans to complete its Windows 10 migration by the third quarter of this year.
Healthcare Organizations Face Hurdles as They Move to Windows 10
The IT team at Kelsey-Seybold Clinic has a straightforward mandate: Don’t get in the way of the brief time physicians have with patients. So when the time came to migrate the Houston-based healthcare system’s computers from Microsoft Windows 7 to Windows 10, the IT staff made it as seamless for users as flipping a switch.
“But that didn’t occur without planning,” says Martin Littmann, CTO and CISO at Kelsey-Seybold.
The organization has spent two years preparing for Jan. 14, 2020 — the day Microsoft will end support and security updates for Windows 7. It has required infrastructure upgrades, training and painstaking work to ensure that applications will be compatible with the new operating system when the migration occurs. But failure to make the transition can leave organizations vulnerable to security threats, application performance issues and costly fixes.
“Microsoft allowed us to live in Windows 7 for a long time,” says Mo Garza, manager of desktop systems at Kelsey-Seybold. But, he adds, “it’s come down to staying current and securing your environment. Falling too far behind could be catastrophic to an organization.”
The migration is particularly complex for healthcare organizations, because they must ensure that their electronic medical records systems will function properly with Windows 10 and that any changes they make will comply with stringent privacy regulations, explains Laura DiDio, principal of research and consulting firm ITIC.
“Often, their existing environments may be held together with Krazy Glue. However clumsy, it works, and they know where all the pitfalls are and how to fix it if something goes wrong,” says DiDio. “Windows 10 is unknown territory.”
Due to the complexities, DiDio advises healthcare organizations to hire a third party to help with the migration. “That’s money well spent if your staff isn’t up for it,” she says. “I wouldn’t fool around with this in healthcare.”
MORE FROM HEALTHTECH: How Windows 10 can improve healthcare collaboration and communication.
Kesley-Seybold Makes Room for Migration
Kelsey-Seybold began its Windows 10 migration project in 2017 with a head start. The organization upgraded to a virtualized data center in 2010, then spent years converting to virtual desktops. Of its 6,600 desktops, 4,697 are now accessed via thin clients, and Kelsey-Seybold migrated them from Windows 7 to 10 after they were virtualized.
But the migrations haven’t been easy. Kelsey-Seybold’s environment includes 1,557 physical desktops and 366 laptops, as well as virtual nonpersistent and persistent desktops that utilize thin client devices.
In all instances, the IT department must ensure that any changes made to a user’s profile (users’ desktop configurations are saved from one session to the next) and settings are maintained across all platforms to keep users current as they move across the clinic’s campuses. This is extremely important in the nonpersistent environment, as virtual machines are always scrapped and reprovisioned at logoff. This approach requires the IT team to create different plans to migrate and maintain the various environments, Littmann says.
To further complicate matters, many of Kelsey-Seybold’s virtual desktops are in exam rooms, and the rest are dedicated to workers. While the exam room computers use a standard set of applications, employees have different needs.
“The complexity comes when you’re having to manage a single image that gets presented to over 4,000 computers, and while those users have some similarities, like Office and Outlook, they use many different applications,” Garza says. “Once we were able to solve that, it allowed us to update that image without having to interrupt everybody’s workload to reinstall every piece of application or software every time we changed something.”
By June, the organization had only 300 physical clients that hadn’t been migrated to Windows 10. The clinic plans to complete the migration by the third quarter of 2019, but some desktops will remain on Windows 7 due to application requirements that aren’t compatible with the new OS, Littmann says.
The Kelsey-Seybold IT team also is upgrading Microsoft Office and moving its anti-virus protection to SentinelOne. The organization still runs McAfee in its Windows 7 environment because it’s easier to maintain the current anti-virus on those machines than to implement a new system in the old OS, says Garza.
The upgrades are all contingent on the Windows 10 migration. “The OS is part of the DNA of the technology infrastructure,” says Littmann. “If you’re not keeping your OS healthy, then everything that connects to it is going to suffer as a result.”
Michigan Medicine Sees Opportunity in Device Replacement
Like Kelsey-Seybold, Michigan Medicine’s Window 10 migration coincided with a major upgrade. Seventy percent of the Ann Arbor medical center’s 35,000 computers were up for replacement. When faced with putting Windows 10 on unsupported hardware, the center instead opted to replace the computers to ensure the OS and hardware would have support from the manufacturer.
“The problem we had is when you get to our size, and 70 percent of your endpoint devices need to be replaced, that’s a significant financial investment,” says John McPhall, senior director of architecture and operations for Health IT and Services (HITS) at Michigan Medicine.
By pairing the two upgrades, the organization was able to deploy devices with Windows 10 on them from the start. But it also complicated matters because the IT department didn’t have the staff to physically upgrade the computers instead of just pushing out the OS upgrades remotely. “The complexity of our project significantly increased because we had to have resources on the ground to facilitate the hardware replacement,” says McPhall.
The medical center hired a third party to warehouse the new devices, unbox and dispose of packaging, install the organization’s image, deliver the devices and assist with deployment.
For the upgrade, HITS created three teams: one for the hospitals located on the main medical campus, another for offsite clinic locations and a third for research and education offices. Like many healthcare systems, Michigan Medicine’s research divisions have been hard to convert because they use older, specialized instruments that are incompatible with new operating systems.
Number of applications, some of which are not compatible with Windows 10, used by Kelsey-Seybold Clinic employees
A major challenge with such a large upgrade is keeping tabs on device inventory, particularly when devices are frequently moved between departments, says McPhall. Serendipitously, HITS had just completed an 18-month network access control project, so every machine connecting to the network was registered and validated in its inventory system.
“Because of NAC, we now know what machines we have, where they are and what condition they’re in,” he says. “It’s been invaluable in making our Windows 10 migration smoother.”
READ MORE: Device security must be top of mind for providers during a Windows 10 migration.
Allegro Pediatrics Considers Security
Allegro Pediatrics began its Windows 10 migration by happenstance. The privately owned Bellevue, Wash.-based pediatric practice, which operates nine clinics, started buying laptops with Windows 10 preinstalled for new doctors and for those who needed hardware refreshes. “Most people wouldn’t think of doctors as beta testers, but it worked,” says Brock Morris, CIO and chief marketing and communications officer.
The upgrade shifted into high gear when Allegro Pediatrics needed to replace the 100-plus tablets used by its medical assistants. The organization’s leaders debated retaining Windows 7 for manageability, “but it came down to putting Windows 10 on these for security reasons,” says Morris.
Allegro delivers all of its applications, including its medical record software, via Citrix, so protected health information isn’t stored on devices, but the BitLocker drive encryption in Windows 10 provides another layer of security, he explains.
The provider settled on Lenovo Yoga 2-in-1 convertible laptops because of their flexibility and durability, and they worked with a Citrix vendor to roll out the devices.
“It was one of the easiest transitions I’ve ever been part of, and Windows 10 contributed to that,” says Morris.