Not every HIPAA hosting inquiry is about servers; sometimes it is about people. This request came from a medical clinic with eleven remote employees. The team needed a HIPAA-compliant virtual desktop solution that would give staff centralized access to RingCentral, Google Workspace, and ICA Notes.

The employees were located in the United States and Costa Rica. The clinic wanted secure access, U.S.-based connectivity, encrypted storage, and a simple way to disable access quickly when an employee leaves. Here, the customer was not asking us to host a custom application; instead, they needed a controlled workspace where remote staff could do their jobs securely.

In this article, we will discuss another Request For Quote (RFQ) we recently received from a potential new customer, explain how one email request turned into a bespoke HIPAA Hosting solution, and onboard a new customer with Atlantic.Net.

The Customer’s Main Concern

The customer knew exactly what they needed before reaching out to our pre-sale team. The clinic’s priorities were clear:

  • Compliance
  • Security
  • Ease of management
  • U.S.-based access
  • Fast user offboarding

Those are the right priorities for a remote healthcare team, especially when users are working from different locations. The risk is not only where the application runs, but also where the work happens. Are files being downloaded to local devices? Are users connecting from unmanaged networks? Can access be removed quickly? Does the clinic know where sensitive work is taking place?

A HIPAA-compliant virtual desktop can help by providing users with a central, controlled environment to work from, rather than relying solely on local endpoints.

The Virtual Desktop Environment

The proposed direction was to deploy a virtual desktop for 11 users in U.S. data centers. The U.S. location was essential because some of the customer employees were located outside the United States. The clinic wanted connections to the compliance infrastructure to be exclusively from U.S. IP addresses, so the hosted desktop environment had to provide customers with a U.S.-based access point.

From the user’s perspective, the model is straightforward:

  • The employee connects securely to the virtual desktop.
  • The work is done within the hosted environment.
  • Approved applications are accessed from the desktop.
  • Sensitive files that must remain inside the HIPAA environment stay there.
  • The clinic manages user access centrally.

This is one of the core values of using a virtual desktop model. It provides a distributed team with a more controlled environment in which to work.

Application Ownership

The clinic needed access to numerous shared applications, including RingCentral, Google Workspace, and ICA Notes. They also confirmed that they wanted to manage those applications themselves. Application management is an important scope detail to understand.

Atlantic.Net’s role would be to provide the HIPAA-compliant virtual desktop environment and the service’s included hosting controls. The clinic would remain responsible for the applications, including installation, updates, licensing, configuration, and day-to-day administration.

This was a great match, and it keeps responsibilities clear.

  • If RingCentral needs an update, the clinic owns that.
  • If Google Workspace permissions need to change, the clinic is responsible for making those changes.
  • If ICA Notes needs configuration, the clinic is responsible for it.
  • If a desktop user needed access provisioned or removed, that belongs in the virtual desktop access process.

A good virtual desktop deployment depends on having this kind of clarity before the service is built.

Storage Requirements

The clinic did not need a large storage footprint. Most documentation lived in Google Workspace, so the virtual desktops only needed enough encrypted storage for system operations, application installs, and any sensitive files that needed to remain inside the HIPAA-compliant desktop environment.

Some clinics need heavy file storage in the desktop environment. Others mainly need a secure workspace for SaaS applications and only a modest amount of encrypted desktop storage.

This clinic did not need a large archive; instead, they opted for protected workspace storage that suited how their users worked.

User Access and Offboarding

The clinic specifically wanted the ability to disable access quickly when an employee leaves. Not only is this essential for HIPAA-Compliance, but it’s also one of the strongest reasons to consider a virtual desktop model.

In a remote team, offboarding can become messy if users have worked from personal devices, saved files locally, or accessed systems from unmanaged environments. A hosted desktop provides the clinic with a central place to revoke access to the work environment.

There is one important caveat: application access must still be managed separately. Deactivating the virtual desktop account prevents the user from entering that hosted workspace. But if the same user also has separate accounts for Google Workspace, RingCentral, or ICA Notes, those accounts must be disabled through the clinic’s application management process.

We advised the customer that this should be part of the clinic’s offboarding checklist and suggested that the virtual desktop provides the clinic with a stronger control point. It does not replace every application’s user management, but it simplifies the process.

Support and Scalability

The clinic also asked about setup, support, and scalability. For an eleven-user deployment, the quote needed to cover the current user count, U.S. deployment, encrypted access, encrypted storage needs, and the support model.

Scalability had to be handled practically because the clinic should know how additional users would be added later, how pricing changes as the team grows, and whether additional storage or applications would require a revised scope.

For a clinic, this matters because user count can change quickly. New hires, contractors, part-time staff, and offshore support roles may all need access at different times. The deployment should make the first 11 users easy to support without complicating future expansion.

What Needs to Be Confirmed Before the Quote

As with every RFQ, we work with the client to create a suitable, often bespoke solution to meet their needs from Day 1. Before finalizing any quotation, we had to confirm:

  • How many users need access on day one?
  • Will all users need the same desktop configuration?
  • Which U.S. data center location is preferred or required?
  • How much encrypted storage is needed per user?
  • Will users connect from managed or unmanaged devices?
  • Who at the clinic can approve new users?
  • Who can request user removal?
  • Will the clinic install and manage all applications itself?
  • Are any files expected to be stored locally inside the desktop environment?
  • Are there any application licensing requirements that affect deployment?

These questions keep the quote grounded and help Atlantic.Net understand how the clinic actually worked.

From Request to Virtual Desktop Plan

The customer initially asked for pricing; the real pre-sales conversation was about workflow. Our engineers needed to know: Who are the users? Where are they located? What applications do they need? Where should the work happen? How much storage is required?

Who manages the applications? How is access removed when someone leaves? How does the clinic add users later?

Once those answers were made clear, the virtual desktop quote became much easier to build. For this clinic, the right plan was a secure, U.S.-hosted virtual desktop workspace for eleven remote users, with encrypted access, modest encrypted storage, clinic-managed applications, and a clear process for user access.

That is how a remote-work inquiry becomes a HIPAA-compliant desktop deployment plan. Need a secure virtual desktop environment for remote healthcare staff? Contact Atlantic.Net to discuss HIPAA-compliant virtual desktop hosting, encrypted access, user management, and scalable support.