Ted Cohen, M.S., CCE Manager, Clinical Engineering, UC ...

Ted Cohen, AAMI 2011, ACCE Symposium, San Antonio, TX, June 25, 2011 1

Ted Cohen, M.S., CCE

Manager, Clinical Engineering,

UC Davis Health System


Introduction Brief history and evolution of Philips

hemodynamic monitoring networks UCDMC: Widespread monitor integration

implementation in 2007 UCDMC: 2010 “Pavilion project” and

Philips Customer Supplied Clinical Network (CSCN)

Support Considerations Conclusions


UC Davis Medical Center (645-bed hospital, level 1 Trauma Center UC Davis School of Medicine Primary care and specialty clinics UC Davis Medical Group (an 800-member physician group) New Betty Irene Moore School of Nursing.

BY THE NUMBERS (annual)

Licensed Beds: 645

ER Visits: 54,938

Clinic Visits: 915,452

Admissions: 33,169

Primary Care Clinics: 17



SCC with SDN bedsides (a LOT of these networks are still in use!)

78534 (Clover)

CMS


Ethernet bedsides

Physically isolated patient monitor subnet


Ethernet bedsides Physically shared, logically isolated network


Real-time data

Once per minute, HL-7

feed to interface engine

Data is “pooled” awaiting validation

Once validated, data shows on flow sheet and on the patients chart, and becomes part of the legal medical record.


In calendar 2010, over 5 MILLION vital signs entries from over 500 devices were validated

~ 50% of vital signs entered, were via monitor integration


New building opened in 2010 188 wired Philips bedside monitors, 11

central stations in 7 departments One department (ED) has routed bedsides No Database servers (direct connect to

EMR via dual-NIC’d central stations) Clinical life-critical (CLC) network concept IICs located in data closet Interface engine


CSCN provides guidelines for hospital-provided VLANs (virtual local area networks) for patient physiological monitoring

A 250 page book (includes wired and wireless, but we will only be discussing WIRED networks today)


Summary of requirements:› 100 Meg bits/sec network speed to the

device

› Use Gigabit links for trunks that are shared with other non-ICN traffic

› Use QoS for trunks shared with other non-ICN traffic


Summary of requirements continued:› Hard set all speed and duplex settings for

each Philips switch port (NO auto-negotiate)

› Routing between the Hospital LAN (e.g. GP and CGP) and the Philips LAN (CLC) are only allowed where specified in the special cases listed



VRF technology allows single router to support multiple virtual routers with simultaneous and independent instances of routing and forwarding tables.

VRFs separate the physical network into secure virtual networks by overlaying logical partitioning mechanisms onto the physical design providing layer 3 path isolation


One physical router, multiple virtual routers with their own routing tables.

e.g. Green=CLC, Blue=CGP, Gold=GP)



Example: Hemodynamic monitors sending central stations constant stream of ECG and other real-time physiological data.

Timely, reliable, low latency delivery of data for primary clinical alarms.

Applications have only a few seconds to determine critical alarms including bedside, network and central station processing

Relatively low bandwidth, but extremely latency and loss sensitive.


FDA/AAMI standard for ECG alarms allots less than a 10 second period of time from the inception of a monitored patient alarm condition to audible/visual central station alarm

Network must reliably and efficiently carry data to the central station, 24 x 7, for multiple bedside monitors

Clinical Engineering determines which networked patient care devices requires “Clinical Life Critical” (CLC) network designation


QoS: Priority Queues › when there is congestion, what goes first

VRFs (Virtual Routing and Forwarding)› Layer 3 logical segregation

Together with a fast network, they provide capability to reliably communicate a variety of data types at different priority





Layer 3 routing required if:› Bedsides for one department are connected

on different subnets/networks (e.g. 100 meter cable length restriction)

Network needs to be configured for multicast support (i.e. instead of broadcast, router only sends data to multi-cast group)


Required if Routed Bedside Monitors (RBM) are on a different subnet from the PIIC (central station computer)

PIIC BOOTP server only provides addresses for its own subnet, therefore the RBM cannot obtain dynamic IP addresses

Therefore, an external DHCP/BOOTP server is required

Note: Some DHCP servers are no longer configured to provide BootP services


With layer 3 routing, bedside monitors receive “dynamic” IP address from BootP server in Data Center


For remote BootP (IP address comes from customer-supplied server), network must be configured for Multi-Cast and bedside monitors in “Flex” mode

FLEX monitor configuration


Lower hardware costs (eliminates duplicate hardware and cabling)

Common redundant hardware platform Robust, redundant network with logical

isolation, security and relatively easy WAN connectivity

UPS with multiple power sources Upgradable Network


Common hardware platform: one failure can bring down a LOT of systems

Upgradable Network with FDA devices that may not be compatible with upgrade

Connectivity to network can make system vulnerable to malware


Understand who has responsibility for what First call Escalation Backup Parts Scheduled Maintenance Regular updates (firmware etc)


Remote display, KVM Support


15KVA Liebert UPSCisco 6509 Switch



In the Data Closet


Access security› Configuration security› Configuration change logging

Network perimeter security (firewall/IPS) Restrictions on virus scanning yet

requirements for high-security› Timeouts› Strong passwords with frequent changes› Disable necessary services


Virus scanning restricted by Philips as follows:› Automated updates must be disabled› Full system scans while PIC is in monitoring mode

are not supported› Directory exclusions are required› Intrusion detection technology (IPS) is not

allowed See Anti-Virus Software on Patient

Monitoring IntelliVue Clinical Network Devices (P/N M3150-91053) for more information


In a Philips supplied network, no periodic switch maintenance is normally performed

Changes to a hospital's enterprise network are likely to be more frequent

Switch configuration changes must be carefully performed to prevent accidental network outages.

Reboot(s) may be required and take up to 3-4 minutes with no patient monitoring during those times


Consult with Philips if a major change is planned

Consider a risk assessment update (e.g. IEC 80001)

Develop a “back-out” plan. Understand IIC network topology (e.g.

Switch, IIC and bedsides on same switch, may allow basic monitoring by isolating switch from the rest of network) (Note BootPissue)

Develop a test plan for each planned network change

Document the changes


One common network hardware platform

High availability including› Fail-over backbone› Fail-over switches› Fail-over UPSs

IT-managed network (they are the experts)

Monitored network (with restrictions) High-security


High Complexity High availability, but one hardware

platform Vulnerability to downtime problems

during updates Incompatibility between layer 3 routing

and Philips Patient Link (“headless” IIC) product

BootP is obsolete, Philips does not support DHCP


Obviously, don’t forget patient safety! IEC 80001: New standard for performing risk

assessment on networked medical devices Manufactures and Facilities BOTH have new

responsibilities to provide device integration in a safe manner

Be on the look out for new IEC 80001 guidance documents coming out soon

Pester your manufacturer contacts (BOTH medical and IT) to pay attention to these new standards and guidance documents


Central station as software only, “thin client” hardware

Philips Patient Link product with layer 3 routing

Improved patient association (e.g., ADT on central station, bar code, proximity RFID)


Date post:	02-Dec-2021
Category:	Documents
Upload:	others
View:	2 times
Download:	0 times

Ted Cohen, M.S., CCE Manager, Clinical Engineering, UC ...

Documents