I'm actually surprised that your wife's company has these requirements, even with hipaa regulations. Most companies I know and have worked with are using a VDI solution and issue them a laptop with company provided endpoint protection and the employee then uses that to login to the VDI that sits on the company's network so all traffic can be monitored by them by some IPS on the network edge.
The way your wife's company is handling things is a little...archaic to me. But hey, to each their own, right?
The way your wife's company is handling things is a little...archaic to me. But hey, to each their own, right?