The focus of healthcare information technology during the past few years has been on the rollout of new electronic health records and the demands of meeting government-mandated meaningful use. Many of these applications and other devices are dependent on an extensive, secure Wi-Fi network. Having a Wi-Fi network throughout their healthcare facilities has allowed organizations to leverage the infrastructure for a variety of uses—from clinical communications systems and video applications to patient/guest Internet access, real-time location services, and wireless medical devices. But challenges accompany the convenience.
The variety of uses dependent on the same system has created unique network design requirements. Because of limited/shared wireless bandwidth and patient privacy concerns/regulations, most wireless networks have been focused primarily on quality of service and data encryption. With the growing congestion of applications and devices on the networks, one segment that merits additional examination is wireless medical devices. Many healthcare organizations are currently using wireless devices such as IV pumps, blood gas analyzers, telemetry systems, mobile X-ray machines, ultrasound units, hemodialysis devices, and glucose meters on their wireless local area networks.
As more medical devices are added, the strategy that organizations used during initial rollouts five years ago is no longer adequate. For example, a common approach was to make all medical devices part of dedicated network, physical or virtual. The theory at the time was that these devices were being protected from outside performance and security risks but that hasn’t always been the case. Over the years, hospitals have experienced challenges supporting wireless medical devices from multiple manufacturers of a single medical device on their virtual network because of:
- Inability of legacy wireless medical devices to support latest authentication and encryption systems.
- Unique network configurations to accommodate the devices such as network quality of service parameters or security settings.
- Support of the latest 802.11 standards.
- A variety of medical devices on the same network, running the risk of negatively influencing each other.
Aware of the growing challenges, the U.S. Food and Drug Administration last summer released an advisory highlighting the current risks of medical devices on hospital networks along with the following basic recommendations for hospitals:
- Restrict unauthorized access to networks and medical devices, and track network activity.
- Update antivirus and firewall efforts, as well as security patches.
- Create and evaluate strategies for maintaining functionality during an adverse event. As an example, hospitals need to have procedures ready and staff trained on how to respond if a system appears to be malfunctioning and needs to be taken offline.
To address these risks and issues, many IT departments are segmenting wireless medical devices onto dedicated VLAN or service set identifiers based on their authentication and encryption requirements. In the long term, this approach is not scalable because provider organizations may find themselves trapped into adding dozens of independent networks, which add significant management traffic and system complexity. With the exponential growth in the number of wireless medical devices, it is becoming crucial to keep traffic management to a minimum.
The approach of using a large number of wireless access points to address the growing device numbers is also no longer sufficient to accommodate the onslaught of devices. Sometimes less is more, and too many access points can lead to poor overall performance of the network.
Another challenge for IT departments is that the next-generation medical devices are often measurement devices that integrate with smartphone applications. Because of the shared functionality of the smartphones, this is forcing IT administrators to focus on the applications in addition to the networks for quality of service and security. To address these challenges, the necessary approach is a combination of technology as well as operational changes. From an operational standpoint, the following practices are recommended:
- Start with an audit of wireless medical devices in the environment. It’s crucial to first understand what is already operating in your organization.
- IT and clinical engineering departments should collaborate closely to determine policies and support of wireless devices.
- Use a formal evaluation/certification process to vet every device before it is brought into the network. Using this process is a way to ensure that the right types of devices are selected going forward and that support processes are addressed before use.
Healthcare networks and devices are becoming significantly more complex, and with that a growing challenge for the IT staff supporting them. Rather than thinking in terms of device counts and bandwidth, now is the time to reassess an organization’s approach to medical device support and how best to apply business intelligence to the networks.
Bob Zemke is director of healthcare solutions at Extreme Networks and Ali Youssef is senior wireless architect at Henry Ford Health System.