Baptist Health saves 4,400 hours annually with Azure Virtual Desktop

App login times at Baptist Health could be up to 3 minutes each, and for some apps, clinicians had to load roaming profiles on each device during a shift. Manual software installations and configurations were time-consuming.

Baptist Health implemented Azure Virtual Desktop on Azure Stack HCI, integrated with Epic. It also began a migration to Windows 11 and deployed Azure Stack HCI for centralized management and visibility into its IT environment.

Reduced login times (a low of 5 seconds) equal USD$1 million a year in savings. The IT team automated software installations and configurations, freeing up time for more high-value tasks. IT software and service issue fixes are remote.

Baptist Health has been recognized nationally for everything from outstanding achievements in cardiology to IT improvements in patient care. Of the center’s pioneering approach, Aaron Miri SVP, Chief Digital & Information Officer at Baptist Health, says, “We involve the clinical care givers in our IT strategies and solutions, earning their trust. Our caregivers want to partner with us.”

Hospitals are complex environments where minutes—and even seconds—can make the difference in patient outcomes. To address this, Baptist Health clinicians use a variety of line of business (LOB) applications to add efficiencies to their workflows. These apps include Nuance Dragon Ambient eXperience (DAX) Copilot, an AI powered, voice enabled solution from Microsoft that automatically documents patient encounters. Baptist Health also runs Epic, an electronic health record (EHR) product, as a software as a service (SaaS) solution, accessed through a third-party platform hosted on-premises.

Across departments like Cardiology, Labor and Delivery, and Emergency, nurses and doctors need different LOB applications and work from multiple locations during a shift, requiring them to log in to their apps each time they switch devices. Clinicians use these apps to update patient charts, view scans, and consult test results. In the past, each new app login took up to three minutes, which prompted Baptist Health to seek a new solution.

The Baptist Health IT team wanted to continue improving security, whether that meant ensuring sensitive data was no longer stored on devices or enhancing disaster recovery. The team sought a more flexible virtual desktop infrastructure solution with an updated operating system, standardized devices, and centralized management. Baptist Health also wanted to improve mobile access, so clinicians could keep up with their work on the go using smart phones.

Azure Virtual Desktop is a big win, giving clinicians more time with patients while supporting security and stability for our large clinical electronic health record system.

Aaron Miri, Chief Digital & Information Officer, Baptist Health

Solution for a cloud-first organization

To improve control over remote desktop configuration and management, Baptist Health chose Azure Virtual Desktop on Azure Local to run IT workloads like Epic SaaS. Several Certified Microsoft Partners helped with the implementation, which began in the Emergency department and is progressing one department at a time.

The Baptist Health IT team uses the solution to host virtual machine (VM) or containerized workloads, connecting on-premises systems to Azure for cloud-based services, monitoring, and management. The team does this through a single management experience in Windows Admin Center, using the Cluster Manager extension on the Azure Portal. IT staff also strengthened disaster recovery with Azure Local, automating failover to restore production quickly in the event of an outage. Staff members migrate sessions, including high-compute workloads like major image transfer files, between nodes to do maintenance without affecting performance. To gain visibility into its infrastructure, Baptist Health relies on Azure Local insights with Azure Monitor Agent. IT staff send logs and data to a Log Analytics workspace, tracking things like login activities and credential changes with sign-in and audit logs. Baptist Health uses these logs, created by Microsoft Defender, to help prevent, detect, and minimize the impact of data compromise.

To improve role-based access to apps and identity management, the team uses Microsoft Entra ID to provision apps. Miri especially appreciates being able to publish all the hospital’s apps while including role-appropriate choices in a particular image, reducing the clutter of extra icons.

Baptist Health also began the migration from Windows 10 to Windows 11 Enterprise Multi-session in a cloud configuration, to be completed in late 2024. Baptist Health configures devices with Windows endpoint security settings and automatically updates them through Windows Update for Business. The organization added virtualization-based security in Windows 11 Enterprise Multi-session for enhanced kernel protection against potential threats. These built-in features, like kernel access security, Group Policy Objects, Microsoft Intune policy, and Windows Firewall, help strengthen security at the device level. “Microsoft Defender runs natively on Windows Firewall. Combine that with other Windows 11 features, and you have a modern desktop that’s more secure,” says Miri.

Faster roaming access for more efficient patient care

Login times have gone down to a low of 5 seconds. Across 1,200 devices so far, this reduction in login times adds up to USD$1 million in potential savings annually. Dr. John Vu, an oncologist at Baptist Health, says, “I can roam between devices seamlessly. All the apps and files I had open on the previous device are there on the screen again. It saves me 5 minutes per patient and improves the quality of our interaction—I can focus on the patient.”

Baptist Health also expects to lower operating expenses over time with the solution. Ryan Hooley, Senior Director of Enterprise Architecture at Baptist Health, says, “Running Azure Local on-premises lets us use capital expenditure for those server assets. That’s our biggest cost-savings gain. We can run Azure Virtual Desktop on-premises, extending our host pools into the cloud and reducing login times for clinicians.”

The IT team configures applications according to the needs of each department. “Azure Virtual Desktop is a game changer. We get more value from the features of our existing apps, while supporting efficiency,” says Miri. “Data is no longer stored on the device, which adds a layer of security.”

Clinicians now have mobile access with security and auditing capabilities. Baptist Health uses Azure Virtual Desktop to provide a full IT experience on clinicians’ smartphones, secured without the need for a virtual private network. Dr. Vu says, “If it’s after hours but a patient is having severe nausea and vomiting, I just log in from my phone, press the ‘Refill’ button, and the patient gets more anti-nausea medicine that day.”

Improved management, disaster recovery, and visibility

Centralized management features enable the IT team to respond to issues and distribute updates much faster. “In the past when an app or service had an issue, it took days to touch every device and install updates,” says Miri. “Today we can fix many issues remotely, with two clicks, or simply swap out the device and reimage it.”

The IT team builds scripts to automate device installations, updates, and configurations, freeing up time for more high-value tasks. IT staff can also troubleshoot issues on devices remotely. Baptist Health also customizes Azure Virtual Desktop for various department workflows and user requirements by converting the components to code and pipeline, using Azure Pipelines. “We layer LOB applications and workflows on Azure Virtual Desktop as a base image, to accommodate department workflows. We can automate this process with Azure Virtual Desktop API, versus manually configuring systems and desktops individually,” says Hooley.

For high resilience and disaster recovery, Azure services run natively on Azure Local and direct overflow traffic from Baptist Health’s private cloud to the Azure cloud when demand peaks. Baptist found this helpful when it moved Epic from an on-premises data center to the cloud. “Azure Local helps our key tier-one apps be more responsive, and we get built-in disaster recovery. Our number one job is to be there for our community, so this stability is crucial,” says Miri.

For identity and access management, Baptist Health uses Microsoft Entra ID authentication and role-based access for Windows 11 and Windows 10 devices and virtual desktops, to make sure clinicians have access to just the apps (and icons) they need to do their jobs.

A future-facing IT approach

Baptist Health plans to put its entire enterprise data warehouse into Azure and manage the warehouse with native Azure tooling and Azure Pipelines. “We are Azure-first, and we intend to put every workload we can in Azure Local and the Microsoft Cloud,” says Miri.

Baptist Health sees the solution as adding flexibility that helps clinicians and patients. “Azure Virtual Desktop is a big win, giving clinicians more time with patients while supporting security and stability for our large clinical electronic health record system. It supports a fast, secure, reliable IT environment,” says Miri.

Discover more about Baptist Health on LinkedIn, X/Twitter, and YouTube.

In November 2024, Microsoft announced that “Azure Stack HCI” would be renamed “Azure Local”. For more details, see Renaming Azure Stack HCI to Azure Local - Azure Local | Microsoft Learn.

Microsoft products and services (1) are not designed, intended, or made available as a medical device, and (2) are not designed or intended to be a substitute for professional medical advice, diagnosis, treatment, or judgment and should not be used to replace or as a substitute for professional medical advice, diagnosis, treatment, or judgment.