EN
ABLED HEALTHCAREWI-FI
Ali Youssef • Douglas McDonald IIJon Linton • Bob Zemke • Aaron Earle
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
Ali Youssef • Douglas McDonald IIJon Linton • Bob Zemke • Aaron Earle
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
v
Contents
Foreword xiiiPreFace xvii
chaPter 1 BrieF history oF wi-Fi 1HistoryandCurrentGrowthandProliferationofWi-FiinHospitals 3RegulatoryBodies 10
FederalCommunicationsCommission 11InstituteofElectricalandElectronicsEngineers 11Wi-FiAlliance 14
CorePrograms 15OptionalPrograms 15
InternationalOrganizationforStandardization 17Wi-FiImpactsonClinicalWorkflow 17
mHealth 21Endnotes 22
chaPter 2 wireless architecture considerations 23AboutWi-FiNetworks 23
TheMACLayer 24Vendor-SpecificSolutions 25
AutonomousArchitecture 26Controller-BasedArchitectures 27DistributedArchitecture 30
MedicalDevices 38MedicalImaging 39WirelessonWheels 41
K15890.indb 5 11/26/13 3:05 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
vi Contents
TabletsandSmartPhones 43Bonjour 44
chaPter 3 site survey Process 47WirelessSiteSurveyProcess 47Preparation 47TheStatementofWork 48FacilityBlueprints 49Pre-SurveyWalkthrough 49DesignConsiderations 50
High-CapacityDesign 51ChannelPlanning 52MultifloorDesigns 53Aesthetics 54AugmentingExistingDesigns 55
UpgradingAccessPointHardware 55Cabling 56
NetworkInfrastructure 56NetworkPorts 57PowerAvailability 57NetworkBandwidth 58IPAddressAvailability 58
SurveyEquipment 58FormFactor 60SiteSurveyDesignSoftware 61SpectrumAnalyzer 62
SurveyTypes 62PredictiveSurvey 63PassiveSurvey 63ActiveSurvey 64
SurveyTechniques 64SiteSurveyReport 65Post-ValidationSurvey 66
chaPter 4 wireless security wi-Fi 67AboutInformationSecurityandWirelessNetworking 67
Confidentiality 67Availability 67Integrity 68
WirelessSecurityRisksandThreats 68DenialofService 68MaliciousCode 69SocialEngineering 70SignalAnalysis 70Spoofing 71RogueAccessPoints 71WirelessHackingandHackers 72
MotivesofWirelessHackers 73
K15890.indb 6 11/26/13 3:05 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
viiContents
WarDriving 73TrackingWarDrivers 75
TheHackingProcess 75InformationGathering 76Enumeration 78Compromise 79ExpandingPrivilegesandAccessibility 79CleaningUptheTrails 81
ServiceSetIdentifier 82SharedKeyAuthentication 84OpenKeyAuthentication 85
WiredEquivalentPrivacyStandard 86802.1x 87
AuthenticationServer 88Authenticator 88Supplicant 89
ExtensiveAuthenticationProtocoloverLocalAreaNetwork(EAPOL) 89RemoteAuthenticationDial-InUserService(RADIUS) 90ExtensibleAuthenticationProtocol 93
EAP-MD5 95EAP-TLS 95EAP-TTLS 96LEAP 96PEAP 96EAP-FAST 97
Wi-FiProtectedAccess 97802.11i 99
RobustSecureNetwork(RSN) 101TransitionSecureNetwork(TSN) 104TemporalKeyIntegrityProtocol 104TKIPMIC 106AdvanceEncryptionStandard 107802.11iSystemOverview 108
Wi-FiProtectedAccess 110RogueAccessPointsDetection 110
WirelessSecurityTools 111ScanningTools 112SniffingTools 113HybridTools 114CrackingTools 114AccessPointAttackingTools 114
WirelessSecurityPolicyAreas 115PasswordPolicy 116AccessPolicy 118RogueAccessPointPolicy 118GuestAccessPolicy 119
K15890.indb 7 11/26/13 3:05 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
viii Contents
RemoteWLANAccessPolicy 120PhysicalSecurity 121
WirelessMonitoringandSecurityIncidentResponse 122HIPAAandWi-Fi 122
chaPter 5 wireless Guest services 129Sponsored,OpenAccess,andSelf-Enrollment 130
SponsoredGuestAccess 130Self-EnrollmentGuestAccess 131OpenAccess 132
CaptivePortalPageTypes 132NoRegistrationSplashPage 133Self-Registration 134ManualRegistration 134SponsoredRegistration 135
SupportingInfrastructure 136RevenueGeneration 136BringYourOwnDevice(BYOD) 137SCEP 143Endnotes 143
chaPter 6 MoBile Medical devices 145FunctionalTesting 153NetworkTesting 154FailoverandRedundancyTest 154MobileX-RayMachines 155MedicationDispensingSystems 157IVPumps 158ElectrocardiogramCarts 160UltrasoundDevices 161BloodGasAnalyzers 163HemodialysisMachines 163mHealth 165
chaPter 7 voice over wi-Fi 167WhyVoWi-Fi? 167TheChallengesofVoWi-Fi 168QualityofServiceFundamentals 172
EvolutionofQoS 172TheJourneyofaVoicePacket 173
WhatHappensatPhoneOne 174WhatHappensattheAccessPoint 176WhatHappensatSwitchOne 177WhatHappensattheRouter 177
DifferentiatedServices 177802.1Q 180
AnatomyofVoIP 181TheAnatomyofCodecs 183
K15890.indb 8 11/26/13 3:05 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
ixContents
ProprietaryProtocols 188WirelessArbitration 190TroubleshootingVoWi-Fi 194Roaming 199
chaPter 8 real-tiMe location services 203RTLSTechnologies 204
ZigBee 204Wi-Fi 204Infrared 205Ultrasound 205
HowRTLSWorks 205Architecture 207ISO/IECStandards 208DifferentTypesofTransmitters 208Applications 208
AssetManagement 208EquipmentRentals 209Shrinkage 210ConditionMonitoring 210PatientandClinicianSafety 210InfectionControl 211Workflow 212
RTLSIssues 212PrivacyConcerns 212ChallengeswithAccuracy 212MaintenanceandCosts 213
chaPter 9 the wireless Project ManaGeMent Process 215RefiningtheScope 217SchedulingandDevelopingMilestones 217DevelopingaBudget 218QualityAssurance 218CommunicationStrategy 219RiskManagement 219ChangeManagement 220ClosureCriteria 220
1.IdentifyKeyStakeholdersandSetupaKickoffMeeting 2212.PerformanRFIandRFPtoChooseaWirelessVendor 2213.SurveyNetworkClosetsforPortCapacityandPOEAvailability 2224.PerformPredictiveandOnsiteWirelessSurvey 2225.DevelopDetailedPhysicalandLogicalArchitecture 2246.DevelopaSurveyReportandCreateaCablingBidPackage 225
K15890.indb 9 11/26/13 3:05 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
x Contents
7.OrderHardwareandConsiderLeadTimesontheProjectPlan 2268.IdentifyThird-PartyTrainingRequirements 2269.StageHardware 22610.OverseeInstallationandTurn-upofWirelessNetworkUsingaStandardChangeManagementProcess 22711.EnsurethatAllHardwareIsSetupontheEnterpriseMonitoringSystem 22912.ValidateChannelandPowerPlan 22913.ConductPost-ImplementationSurveyandMakeModificationsasNeeded 22914.PerformUAT(UnitAcceptanceTesting)UsingVariousFormFactorsofEnd-UserDevices 22915.SendaSeriesofCommunicationsOutliningOfferingswithInstructions 23016.DevelopHelpdeskKnowledgeBaseforCommonTroubleshooting 23017.CreateaRunbook 23018.HandoffSupporttoOngoingOperationsTeam 23119.EnsurethataProcessisinPlaceforOnboardingandCertifyingWirelessDevices 231
chaPter 10 suPPort considerations and liFecycle 233ToolSet 233
ProtocolAnalyzer 233VoiceAnalyzer 234SpectrumAnalyzer 235SiteSurveySoftware 235PerformanceSoftware 236PacketCapturing 238
WirelessIntrusionPreventionSystems(WIPS) 239WirelessNetworkManagement 240StaffingConsiderations 240
VendorNeutralTraining 242SoftwareToolTraining 243WirelessManufacturerTraining 243
WirelessRunbook 244Policies 244
AcceptableUse 244DisasterRecovery 244Procedures 245
Architecture 245SystemsLifecycle 246
RoutineMaintenance 246TechnicalSupport 246
Tier1 247Tier2 247
K15890.indb 10 11/26/13 3:05 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
xiContents
Tier3 248Tier4 248
InfrastructureCodeUpgrade 249End-UserDeviceConsiderations 249LifecycleandDriversforSystemUpgrades 250
InfrastructureLifecycle 250ClientDeviceLifecycle 251
chaPter 11 eMerGinG trends and technoloGies 253DemandforMoreBandwidthandDenserDeployments 254
DeviceDensity 254EvolutionoftheElectronicMedicalRecord 254MobileVoiceandVideo 255GuestAccess 255PatientEngagementwithSocialMedia 256DeviceConsolidation 257ShrinkingHerdsofCartsonWheels(CoWs)andWorkstationsonWheels(WoWs) 259
KeyEmergingTechnologies 259IEEE802.11ac 260Infrastructure 260ClientDevices 260DesignandPlanning 261
PolicyManagementandSoftwareDefinedNetworking(SDN) 261
TheRiseoftheSmartPhone 262ApplicationPerformanceandSecurity 262
IPv6 263802.11u/Hotspot2.0/Passpoint 264
mHealth 265
index 267
K15890.indb 11 11/26/13 3:05 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
K15890.indb 12 11/26/13 3:05 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
xiii
Foreword
Rapidadvancements inwireless technologiesare transforminghowhealthcare is delivered, extending care and access to critical healthdataanywhere,anytime.Thistransformationpresentshealthsystemsandcareproviderswithahostofopportunitiesandchallengesinsideandoutsidetheirfacilitywalls.Theunprecedentedspeedwithwhichthesewirelessandtelecommunicationsadvancementshaveconvergeduponhealthsystemshasledtoanurgentneedforinformationtech-nology, biomedical, and telecommunication professionals to under-standwirelessarchitecturesandthetechnical,regulatory,fiscal,andpolicyimplicationsforimplementingwirelessnetworksinhealthcaretodayand tomorrow.Aswireless technologyandprocessing speedscontinue toevolve,healthcareproviderscanexpect thedemand foranduseofmoresophisticateduntetheredcaresolutionstoincrease.Afocusoninfrastructuretoprovideasolid,safe,securefoundationfor thesenewcaresolutions iscritical.Thisbookseekstoclosetheknowledgegaponwirelessinfrastructureandprovidepracticaltech-nical guidance forhealth systemsproviders to ensure their systemsprovidereliable,end-to-endcommunicationsnecessarytosurmounttoday’schallengesandcapitalizeonnewopportunitiesasthistech-nologyevolves.
Highlights of wireless opportunities for healthcare providersincludeimprovementsin
K15890.indb 13 11/26/13 3:05 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
xiv Foreword
• Workflow: point-of-care delivery and workflow enhance-mentsprovide remote andbedside registration,diagnostics,andtreatment,aswellasstaffandpatienttracking.
• Communications: real-time connectivity between nurse,staff,andpatients.
• Transportation:real-timeconnectivitytoemergencymedicalservices and transport services, allowing for the transfer ofcriticalinformationwhilepatientsareinroutebetweencaresettingsordepartments,orinthehome.
• Consumer engagement: consumers and care providers maynowinteractthroughremotecommunicationsandmonitor-ingdevices,enablingcliniciansandpatientstocommunicatetimely health information, reminders, and support to eachotherinrealtime,changingpatient–caregiverrelationships.
• Workforce shortages: provides infrastructure for new caremodelsandaflexiblemobileworkforce.
• Assetmanagement:providesnewtoolsforassettracking.• Data access: allows for the ability to collect, analyze, and
share critical patient data, including access to electronichealthrecordsandhealthinformationexchange.
• Usability: provides introduction to consumer-based deviceswith a high level of user-centered design, improving ergo-nomics,anduserinterfaceflexibility.
• Innovation:providesthefoundationfornewapplicationssuchasBodyAreaNetworks,deployingbodysensors,untetheringpatients from monitoring devices, diagnostic testing equip-ment,andtheneedtoremainintraditionalhealthfacilitiesforobservationandtreatment.
Challengesofwirelesstechnologiesinclude:
• Privacyandsecurity:ensuringdataandpatientconfidential-ityaresecurethroughbothtechnicalmeansandoperationalpoliciesisessential.
• Regulatory requirements: federal, state, local, and institu-tionalregulationsmaybenonexistentand/ormayvarywithregard to definitions of mobile medical device applications,physician and provider licensure and liability for use, etc.,effectinghowthesetoolsaretobedeployedandused.
K15890.indb 14 11/26/13 3:05 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
xvForeword
• Infrastructure coexistence: very few healthcare providershave the luxury of building wireless infrastructure fromscratch. A multitude of applications exist inside facilities,suchaswirelessLAN,telemetry,cellularandpublicWi-Fi,withhundreds ifnot thousandsofuntethereddevicespro-ducinginterferenceandsecuritychallenges.Leadwalls,ele-vatorshafts,andhistoricalpiecemealconstructionchallengeessentialreliablecoverage.
• New infrastructure: staying abreast and understanding thetechnical,policy,andproceduralrequirementsofnewpoliciessuchasmBANspectrumcapacityandallocationisessential,butcanbedaunting.
Surpassingthesechallengesandcapitalizingoncurrentandfutureopportunities will require a solid understanding of wireless infra-structure.Thesharedexperienceandlessonslearnedfromtheauthorsprovide essential guidance for large and smallhealthcareorganiza-tionsintheUnitedStatesandglobally.
Edna BooneOffice of National Coordinator of Health (ONC)
K15890.indb 15 11/26/13 3:05 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
K15890.indb 16 11/26/13 3:05 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
xvii
Preface
Whywriteabookfocusedonwirelessinhealthcare?Ifyouareinter-estedinthistopicchancesareit’sbecauseyouaresomehowinvolvedinthisspaceeitherfromIToperations,ITleadership,clinicalengi-neering,healthcareadministration,orarelatedfield.
ThebackgroundsoftheauthorsvaryfromnetworkengineeringtoIT security, to biomedical engineering. Our knowledge is foundedupon formal studyandgraduate studies,butwhatwehave toofferthatisuniquecomesfrommanyhoursspentinthetrenchesofhealth-careIToperations.Whatweallhaveincommonisthataswebegandesigning, deploying, and supporting wireless networks for varioushealthcareaccounts,wesoonlearnedthatthesetypesofinpatientandoutpatient facilities have unique mobility requirements that lead tointerestingchallenges.DuringtheearlyyearsofWLANdeploymentsat the turn of the twenty-first century,most organizations that wejokinglyreferredtoas“cubelands”hadrelativelysimplerequirementsofemployeelaptopconnectivityinconferenceroomsandworkspaces.Seamlessroaming,handhelddevices,guestaccess,andmobilemedicaldeviceswereyearsawayfrombecomingmainstream.Wewerefortu-natetobeworkinginacomplexenvironmentthatfromthebeginninghadgreaterdemandformobility,complexuserrequirements,uniqueradio frequency challenges, and a plethora of use cases for mobiledevices. Whitepapers on best practices for design and support did
K15890.indb 17 11/26/13 3:05 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
xviii PreFaCe
notseemtocovertheareasthatwewereworkingtoaddress,suchasclinicianswithpersonaldevices(includingaccesspoints),VoWLANcoverageinelevators,andFDA-certifiedbiomedicaldevices.BYODwasnotatermadecadeagobutthatdidnotstopthedemandsforemployeeandpatientpersonaldevicesonthenetworks.
Whatwasouttherewasvendor-specificmarketingfocusedaroundhow their technology could solve all of our mobility aspirations.Soundsfamiliar?Asourprojectsgrewinscope,complexity,andout-rightquirkinesswebegantodocumentoperationalrunbooksfortheteams.Technologychoicesareonlyasmallcomponentoftheoper-ational support challenges that await anetworkdeployment.Theseopsmanualsbecomethebasisforourarchitecturestandardsandbestpracticesguidelines for support.Lessons learned in the trenches sotospeak.Asthewirelessstandardsevolvedfrom802.11bto802.11n,andmobiledevicesgrewfromahandfulofMicrosoftPDAstothou-sandsofIOSclients,sohaveouropsmanuals.Theoneconstantwehaveseen is thatdependencyandmissioncriticalityof thewirelessnetworkisgrowingwithnosignsofslowingdown.Withthisinmindtheteamthoughtwewouldshareourexperiencesandlessonslearned,andprovideaguide thatwecouldhavemadeuseofwhenwefirstembarkedonourwirelessjourneyinoneofthelargesthealthcaresys-temsinthecountry.Wehopeitwillbeofhelp.
K15890.indb 18 11/26/13 3:05 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
145
6MoBile MedicAl devices
Wirelesstechnologyhasplayedasignificantroleinreshapinghealth-careover the last twodecades.Wi-Fibegan to impact the clinicalworkflowinasignificantwaystartingin1999.ThetwokeycatalyststhathavepropelledincreasedadoptionwithinhealthcareinstitutionsareFCCregulations,aswellastheevolutionoftheIEEEstandards,andincreasingmaturityoftheWi-FiAlliance.TheothertwomajororganizationsthathavehelpedpushadoptionaretheFoodandDrugAdministration(FDA),andtheAssociationfortheAdvancementofMedicalInstrumentation(AAMI).Recentfederalgovernmentman-dateslikethepushtoattainmeaningfulusehavealsocontributedtodrivingincreasedadoption.Manyareashavebeenimpactedbymobil-ity, includingdevices supportingvoice andvideo,but thearea thathas seen themostdramaticworkflow improvements is themedicaldevicearena.Withwirelessmedicaltelemetrysystems(WMTS)onthedecline,usingWi-Fiasameansoftransportingdatafrommedi-caldevicestothenetwork,andbetweensensorsandmedicaldevices,hasbeenagrowingfield.MedicaldevicevendorscontinuetostruggletointegrateWi-Fiintotheirdevices,withhit-and-missresults.Priortodivingintospecificusecases,thefollowingsectionwilladdresstherolesthatthevariousgovernmentandregulatoryagencieshaveplayedinshapingtheWi-Fi-centricmHealtharena.
TheFDAisheavilyinvolvedwithclearingdifferenttypesofmedi-caldevicestobeintroducedtotheU.S.market.TheMedicalDeviceAmendmentsActof1976laysthefoundationforthe510(k)process,whichisusedtoclearupwardsof90percentofmedicaldevicestobesold in theU.S.market.Thankfully thisprocess isnotas stringentas the processes that are used to introduce a new drug to market.Medicaldevicesareclassifiedintooneofthreeclassesasfollows.
K15890.indb 145 11/26/13 3:06 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
146 wi-Fi enabled HealtHCare
Class I: Devices that are not intended to sustain life do notrequireundergoingthe510(k)processorclearancebutneed-ing to followgeneral controls.Tonguedepressors and latexglovesareexamplesofClassIdevices.
Class II: Devices that need to meet minimal performancerequirements andneed tobe cleared for safety and efficacyusingthe510(k)process.IVPumpsareaClassIIdevice.
Class III:Thisclassofdevicesisnecessarytosustainlife,andmust undergo the 510(k) premarket approval process, andareoftenusedinclinicaltrialspriortorelease.Theseincludedevicessuchasdefibrillatorsandimplantedmedicaldevices.
GenerallyonlyClassIIandClassIIIdeviceswillrequirenetworkconnectivityandthuscanpotentiallyleverageWi-Fi.The510(k)pro-cessisoftenlengthyandinvolvessubstantialtestingwhichisgener-allyfocusedaroundpatientsafetyandtheefficacyofagivendevice.Network communications capabilities are often taken for grantedandareanafterthought.AreaslikehowadevicewillfunctioninadenseWi-Fienvironment,preferredfrequencybands,andsupportedauthenticationandencryptionschemesaregenerallyfarmedouttothemanufacturerofthewirelesscardbeingused,withlittleconsiderationforwirelessbestpractices.Thelineofdemarcationbetweenregulat-ingadeviceasamedicaldeviceandregulatingitasacommunicationsdevicehaspromptedtheFDAtoworkcloselywiththeFCCwhendealing with wireless medical devices. In 2011, the FDA releaseddraftguidanceonmobiledeviceapplications(MedicalDeviceDatasystemsrule).Theintegrationbetweenthesetwoorganizationsiscru-cialforthesuccessofthemHealthspace.
TheFCCreleasedtheMBANproposalin2012whichallocatesadedicatedspectrumforbodysensorstotransmitdatainrealtime.Theideaisthatthesetypesofsensorswillresultinasubstantialreturnoninvestmentforhealthcareinstitutionsbydecreasingtheriskofinfec-tionsandpromotingearlydecisionsandbetteroutcomes.
AlthoughtheFDAisstartingtomoveinadirectionthatishelp-ingdrivemHealthforward,thereisstillmuchlacking.Whenmedi-caldevicevendorsdesignadevice, itoftentakesupwardsofayeartointroduceittomarket.Inthetelecommunicationsspace,thespanofayearcanseetremendousimprovementsfromtheperspectiveof
K15890.indb 146 11/26/13 3:06 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
147Mobile MediCal deviCes
standards, security, orbandwidth availability.By the time adevicemakes it to themarket, the integratedWi-Fi capabilities are oftenoutdated.Thedevicecanhavealifecyclespanningupwardsof5years,or longer in some instances. It is crucial for these typesofmedicaldevices to have a flexible networking architecture that allows forupgradingdriversandevenhardwareifneeded,withminimalscru-tinyfromtheFDA.IfthesolefunctionalitybeingimpactedisWi-Fifunctionality,itwouldbebeneficialtohaveaseriesofhigh-levelwire-lessteststhatcanbeconductedtoclearthefirmware,orevenhard-wareupgradepath.
We only touch the tip of the iceberg when discussing medicaldevices. A new type of medical device that integrates with smartphonesandtabletsisreallypushingthetraditionalboundarieswiththeFDA.Thisarea,compoundedbytheexplosivegrowthofhealth-care-relatedmobileapplications,hasbeenforcingtheorganizationtorethinkandreinventitsreviewmechanisms.
In June of 2013 the FDA released a draft guidance pertainingto the cybersecurity of medical devices. The target audiences wereprimarilymedicaldevicemanufacturers,andthedocumententitled“Contentofpremarketsubmissionsformanagementofcybersecurityinmedicaldevices” calls attention to intentional threats tomedicaldevices. These range from Malware and viruses infecting medicaldevicestoorganizedpenetrationandDenialofServiceattacks.Therulingurgesmedicaldevicemanufacturerstodevelopasetofsecuritycontrolstoassuremedicaldevicesmaintaininformationconfidential-ity,integrity,andavailability.Inpart,thismeansimplementingtwofactor authentication mechanisms including passwords, biometricidentifiers,orsmartcardsinordertorestrictthenumberofindividu-alscapableofinteractingwiththeproduct.
ItcanbearguedthattheFCCisoneofthekeyreasonsthatwire-lesstechnologywasabletothriveinhealthcare.SincetheorganizationreleasedtheISMbandforunlicensedusein1985,andmorerecentlydedicatedaportionoftheradiospectrumtoWMTSin2000,itlaidthefoundationformedicaldevicemanufacturerstostarttofocusonthisspace.TheFCCcontinuestoplayafundamentalroleindrivingmobilityinhealthcare.Theorganization’sNationalBroadbandPlanreleasedin2010alongwiththerulingallocating40MHzofspec-trum—2360to2400MHz—forusebymedicalbodyareanetworks
K15890.indb 147 11/26/13 3:06 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
148 wi-Fi enabled HealtHCare
(MBAN)devicesin2012isatestamenttothis.Theyhavealsobeeninvolvedincreatingsomebestpracticesdocumentationaroundsecur-ingwirelessdevices.InanefforttoremainaleaderinthemHealthspace,in2012theFCCannouncedthatitwouldbeaddingapositionofHealthCareDirectortocontinuetodriveinnovationinthisspace.TheFCCcontinuestoworkwiththeFDAtoensurethatavailablespectrumisallocatedtopromotemHealthasmuchaspossible.Theyhavebeenmakingeveryefforttofosterinnovation.
The AAMI has always been a fundamental player in medicaldeviceinnovationanddesign.Theorganizationhasbeendevelopingstandards for medical device design for decades. Wireless medicaldeviceshavetraditionallybeenviewedlikeanyothermedicaldevice.ThetypicalAAMIaudiencesareclinicalorbiomedicalengineerswhogenerallydealwiththemaintenanceandrepairofmedicaldevices.AsmedicaldevicesbecomemoredependentonnetworksandmakeuseofEthernetandWi-Fi,theorganizationhasbeenpromotingtheneedforcollaborationbetweenITandclinicalengineering.Manyhealth-care institutions have taken this mantra to heart, and have shiftedtheirreportingstructuresothatclinicalengineeringstaffreportstoITleadership.ThisisaninevitablestepgiventhegrowthofWi-Fi-capablemedicaldevices.
By leveraging Wi-Fi, medical device manufacturers have ven-tured into a sharedmedium that is outsideof their control.Whenone also considers that many medical devices leverage fairly wide-spread core operating systems, like Windows, the number of vari-ablesthatcancausedatatransmissionissuesgrows.AAMIreleasedtheIEC800001-1seriesofstandardsbetween2008and2012.Theseare intended toapplyappropriate riskmanagement to ITnetworksthat support medical devices. This is in line with ISO 14971. Thestandardsaddresssafety,systemsecurity,andeffectiveness,whicharegenerallyregardedasnecessitiesforpatientwell-being.Itincorporatesbestpracticesforriskmanagementaswellaschangereleasemanage-ment.These are in linewith ITIL is themostpopular andwidelyacceptedapproachtoservicemanagement.ItstandsforinformationtechnologyinfrastructurelibrarymethodologywhichiswelladoptedinthepureITarena.“AccordindingtotheAAMI(AssociationfortheAdvancement ofMedical Information) IEC80001-1 it definesresponsibilities for parties such as medical device manufacturers,
K15890.indb 148 11/26/13 3:06 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
149Mobile MediCal deviCes
non-medical device manufacturers, the responsible organization,IT-networkintegrator,andpotentiallyothers,engagedininstalling,using, configuring,maintaining anddecommissioning IT-networksincorporatingmedicaldevices.”Therearefourkeyareasthatthestan-dardhighlights:
• Thethree riskcomponents tobemanagedare safety,effec-tiveness,andsecurity—andinthatorderofpriority.
• Itisultimatelytheresponsibilityofthe“responsibleorganiza-tion”(typically,thehealthcareprovider)forriskmanagementofmedicaldevicesinteractingwithanITnetwork.
• “Responsible organization” includes health-delivery organi-zationsofall size, suchasphysiciansingleandgroupprac-tices,aswellashospitals,clinics,etc.
• Fortheobjectiveof80001tobemet,the“responsibleorgani-zation”willneedtoworkcloselywithmedicaldevicemanu-facturersandprovidersofinformationtechnology.
TheAAMIhaspavedthewayforhealthcareITstafftobeabletoreachouttomedicaldevicemanufacturersdirectlyandworkonfinetuningthenetworkperformanceofagivendevice.Someexamplesofthisarehighlightedintheusecasesectionofthischapter.Theorga-nization continues to provide best practices for managing wirelessmedical devices in their publication Biomedical Instrumentation and Technology.Inaddition,theAAMIestablishedtheWirelessStrategyTaskForce(WSTF)in2013.Thegroup,comprisedofmanufactur-ers, regulators,usersof technology,andother interestedparties—isdevelopingeducationalresourcesandtoolsandsharingbestpracticestoaddresswirelesschallengesinhealthcare.Groupprioritiesincludeclarifyingrolesandresponsibilities inthewirelessarena,managingspectrum to improve safety and security, designing wireless infra-structureforhighreliability,learningfromotherindustries,managingriskandpreventingfailure.Thegroupreleasedaspecialcompilationofarticlesin2013entitled“GoingWireless”,whichisagreatresourceforanyoneworkingwithmobilemedicaldevices(https://www.aami.org/hottopics/wireless/AAMI/Going_Wireless_2013.pdf).
Therearemanyotherorganizationsthatcanbementionedinthesesections,suchastheNationalInstituteofStandardsandTechnology(NIST), the Healthcare Information and Management Systems
K15890.indb 149 11/26/13 3:06 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
150 wi-Fi enabled HealtHCare
Society (HIMSS)and itsmobile initiativemHIMSS,and the fed-eralgovernment,butthelastonethatwillbediscussedistheWi-FiAlliance.Thebackgroundofthisorganizationwasdiscussedintheintroduction,butforthepurposesofthischapter,itisimportanttonote that the Wi-Fi Alliance has been instrumental in publishingguidelinesfordeploying,securing,andleveragingWi-Fiinhealthcare.
Newwirelessmedicaldevicesareablessing;theycanalsobediffi-culttotroubleshoot,asmanylargemedicaldevicemanufacturerssuchas GE, Medtronic, Philips, Baxter, and CareFusion, are designingand adapting medical devices for use on unlicensed radio frequen-cies.Often,manufacturerswill cut costsbyusingnoncompliantorout-of-datewirelessdevices(adapters,bridges,etc.)embeddedinthemedicaldevices.Thisefforttoreducecostandtogainmarketsharehasbeenagrowingchallengefornetworkadministratorsinhealth-care.Fromdiagnosticsandmonitoring,totheoperatingtheatreandmanaging patient medical records, demand on wireless technologyismorecomplexandmissioncritical in thehealthcare industry.Asmedicaldevicemanufacturersracetointroducenewdevices,inmanycasestheymustadheretoHIPAA-HITECHrequirementsandtheFDA’s510(k)approvalprocess.Healthcareorganizationsoften facealackofcentralcontroloverprocurementbecausedepartmentshavetheir own budgets and purchasing power. As ubiquitous Wi-Fi isbecomingareality,itisincreasinglychallengingtomanageexistingand legacy wireless medical devices while continuing to drive for-wardandutilizethelatestavailabletechnology.Oftenmanufacturerswilltakeshortcutsbyintroducinganadd-onWi-Fiintegrationusingwirelessbridges,orwillopttoutilizelower-end,cheapwirelesscardsin their equipment.Thismakesmanagingwirelessmedicaldevicesa challenge requiring a closeworking relationshipbetween clinicalengineeringandIT.
Whenitcomestopatientdata,securingmedicaldevicesandtheirdata isvital toprovidingsafeandeffectivehealthcare.AsWi-Fi isgrowing the risks associated with the technology are inherent andare becoming more lucrative for hackers to try and take advantageof.Someoftheserisksareassociatedwithsecurity,availability,qual-ityofservice(QoS),andprivacy.Asthehealthcareindustrycontin-ues toexpandandenter theever-growingwireless space, includingpatient monitoring equipment, physicians’ PDAs and laptops, and
K15890.indb 150 11/26/13 3:06 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
151Mobile MediCal deviCes
wireless-enabledmedicaldevices,therisksassociatedwiththeirusealsorise.Somehealthcareorganizationshavestayedaheadbydeploy-ingsecuredwirelessnetworks for theirmedicaldevices.Theyoftenhavetotweaktheirnetworktoaccommodatenonstandardorlegacymedicaldevices.
Differentorganizationsanddepartmentswithinthehospitaloftenmandatethewirelessmedicaldevicestopurchase.Inordertoavoidachaotic situation, theymustbe required toutilize riskmanagementtechniquesandtothoroughlytesteachandeverydevicethatisbeingproposedfordeploymentontheWi-Finetwork.Ifanyofthedevicescannotmeetminimalsecurityrequirements,theyneedtobeidentified.
Therapidpaceofwirelessmedicaldeviceprocurementpresentsanopportunitytocreateafocusedcertificationprocessforthewirelessmedicaldevices.Thecertificationprocessentails thoroughly testingthewirelessmedicaldevice,andclearlyidentifyingclinicalworkflowandsupportexpectations.TheITdepartmentandclinical staffcanworktogethertocreateadetailedinventoryofallthewirelessmedicaldevicesdeployedinthehospital.OncethatisdoneanOLA(opera-tionallevelagreement)andSLA(servicelevelagreement)canbesetuptodescribethemaintenanceandsupportmatrixforeachtypeofdevice.Properplanninganddesignareimportanttoensuringthatthewirelessnetworkwillsupportcertaindevices.Healthcareinstitutionswishing tomanage theirwirelessmedicaldevices shoulddevelop aconsistentprocessforonboardingdevicesaswellasphasesforbring-ingalloftheirwirelessmedicaldevicesuptoaminimalsetofauthen-ticationandencryptionrequirements.
Thecurrentindustryconsensusisthatthebestpracticeforwirelessmedical device authentication and encryption is using 802.1x withEAP TLS and AES encryption. This enforces mutual authentica-tion and requires each medical device to have an x.509 certificateinstalledbefore it isallowedontothewirelessnetwork.Duetothewidespectrumofdevicewirelesscapabilities,itisoftennecessarytouseaphasedapproachtomanagewirelessmedicaldevicesandpro-moteongoingauthenticationandencryptionbestpractices.HIPAAadvisoryandwirelessinteroperability-certifyingWi-FiAlliancehasacknowledgedthatthetypical802.11securityfeaturessuchasWEPand/orsharedkeyauthenticationarenotsecuredenough.Thephasesareoutlinedinthebulletpointsbelow:
K15890.indb 151 11/26/13 3:06 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC
152 wi-Fi enabled HealtHCare
• Phase 1:Allmedicaldevicesthatsupportacertainauthenti-cationandencryptionshouldbeconfiguredtouseadedicatedSSID,keepingthenumberofSSIDsaslowaspossible.Thisphaseistargetedatminimizingtheamountofwirelessover-head traffic. IT and clinical engineering staff need to con-solidateadetailedinventoryofallwirelessmedicaldevicesinthehospital.Thisshouldincludethemakeandmodelofthedevice, network connectivity requirement, device classifica-tion,supportedspectrum,andhighbandwidthrequirements.This process will provide more insight into which wirelessmedicaldevicesarecapableofhandlingandsupportingcer-tainauthenticationandencryptionmethods.
• Phase 2:Thepurposeof themedicaldevicepoliciesonthenetwork is to ensure that each device is suited for its pur-poseandmeetsclinicalandpatientneeds,tomakesurethatthedevicecomplieswithsafetyandqualitystandards.SincemedicaldevicesareregulatedbytheFDA,theirdesignandoperation cannot be modified by the end user. For manyyears, device manufacturers have been responsible for theinstallation, service, and supportof theirdevices, includingthenetwork.Thishasresulted inseveralsmall independentnetworks in the hospital. As wireless technology continuestoexpand,hospitalsfeeltheincreasingfinancialpressuretodeploymedicaldevicesontheirexistingenterprisenetwork.NetworkpoliciesneedtobeappliedtolimitmedicaldevicenetworkaccesstorequiredIPaddresses.
• Phase 3: Continuously refresh medical devices that do notsupportWPA2EAPTLS.Thisshouldeventuallyresult inoneSSIDusingEAPTLS.
• Phase 4: Implement EAP TLS. The complexity associatedwithdeployingEAPTLSisdependentonwhetherthehos-pitalhasaPKIandacertificateauthorityinplace.Buildingsuchasystemcanbeanexpensiveundertaking.
• Phase 5:Developanoverallstringentwirelesssecuritypol-icy for medical devices that is interdepartmental and tiesinto IT governance, security, and procurement. Part of thepolicy needs to be ongoing device certification as a part ofonboarding.
K15890.indb 152 11/26/13 3:06 PM
Wi-Fi Enabled Healthcare Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle Print ISBN 9781466560406 (C) 2014 Taylor & Francis LLC