First off, I don't want to do this, but the doctors want us to do what they like, and they like another hospital that does this.
The doctors want a computer that is always logged in, they want to walk up to the computer click on the application and then only log on to that application. The doctors are accessing protected information at these workstations. My boss wants to use citrix with thin clients at these workstation. If we use Citrix presents its own problems. My biggest concern is, with Citrix any user could click reconnect on the agent software and they would then have control of every session that was logged on using this system login account. That would allow them access to many patients records as if they were another doctor, invalidating our audit trail, and at the same time violating HIPAA.
Is there a good way to set up shared workstations like this?
As for an answer, I want to know how to make our citrix workstation idea work, but any idea that could make our doctors happy and still maintain HIPAA compliance would be welcome.