Updated Standards Aim to Encrypt Wired Networks
Securing Ethernet networks has not received the interest that wireless LANs have gotten, for a variety of reasons.
Physical layer security is viewed by most IT professionals as a low-priority problem because cables are run behind walls or in ceilings, beyond the accessibility of most people. Wiring closets and data centers often are locked, and anyway, there are easier ways to subvert a network than by recabling it.
With all those open RJ47 Ethernet jacks everywhere, it would seem to me that someone interested in data would just plug in, rather than recabling anything. The aforementioned security is done with encryption, and the standards are 802.1AE and 802.1X-REV. The first standard ensures the integrity and privacy of data between peers at Layer 2 (switches and NICs). The second standard, 802.1X-REV is currently being revised to automate the authentication and key management requirements for 802.1AE. If you’re a networking rocket scientist, you can read more about the potential implications for these revised standards here.
With their concerns about security and HIPAA, will health care enterprises move to encrypt the physical layer? Such an option will be increasingly possible, according to this Information Week story from last week (emphasis mine):
You’ll be answering that question in the next few years as two new network security protocols come to a switch near you. Together, these two protocols–IEEE 802.1AE-2006, Media Access Control Security, known as MACsec; and an update to 802.1X called 802.1X-REV–will help secure Layer 2 traffic on the wire. 802.1AE is a completed standard and will be appearing soon in hardware. 802.1X-REV could be ratified as early as the first quarter of next year.
First Connectivity Cover Story in Leading HIT Mag
Connectologists rejoyced this month (September, 2008) when Healthcare Informatics magazine published Biomed Joins the Party – Savvy CIOs are considering biomedical devices in their overall strategic plans (link). To my knowledge, this is the very first cover story in a major health care IT magazine about medical device connectivity. As an aside, diagnostic imaging pubs have been writing about connectivity in their market for many years.
Contributing editor, Mark Hagland, casts the drama that is connectivity as “two worlds colliding,” – the worlds of IT and biomedical engineering. He builds his story around the integration of medical devices to support EMR charting. In fact, medical device connectivity started almost 20 years ago with the integration of Apple IIs and IBM PCs (not to mention a few funky HP mini computers) in diagnostic areas like the cath lab and in the ICU. Probably the biggest wave of connectivity to date has been PACS (picture archiving and communications systems) and the adoption of DICOM. Now the health care industry is zeroing in on connectivity at the point of care with patient monitors, smart infusion pumps, point of care testing, and yes, EMR integration (by far the most expensive point of care application).
Using Trinity Health as his template, Hagland describes an ideal approach to medical device connectivity: the involvement of IT, clinicians, and biomedical engineering. The 40 odd hospitals in Trinity’s system have over 110,000 medical devices. Trinity has used this approach to more effectively manage these colliding worlds:
The biomed integration initiative actually began several years ago in an effort to cut costs, Fierens [the hospital exec over Biomed] reports. But as Project Genesis [their EMR project] has moved ahead, and as the technology in the biomed equipment area has advanced, the broader goals of improved care quality and workflow have come more fully into focus, he says. The biggest challenge, says Fierens, is that “you’ve got to balance the economics with the infrastructure and support, along with the service element, along with the clinical outcome you’re trying to support.”
The route to medical device connectivity for hospitals is neither clear or straightforward.
Scalabilility Challenges Wireless LANs
When thinking about wireless networks in hospitals, most people think about coverage, and coverage is certainly an important requirement. A network performance metric that is less obvious but perhaps even more important is capacity. Capacity refers to the number of clients associated with an access point (AP) and the total bandwidth that’s available in a given location.
All of this was once again brought into focus for me during a conversation with Phil Belanger, founder and chief marketing officer for consulting firm Novarum. Phil has been in the wireless LAN market a long time, starting with Zilog and Corvus and served as co-chair for the IEEE work group that defined part of the initial 802.11 wireless LAN standard. He ended up at Cisco when they acquired Aironet.
As more medical devices incorporate connectivity, the number of potential WiFi clients around a patient increases. For example, let’s imagine a patient with 5 B Braun infusion pumps, each with its own WiFi radio. Add to this a Dash patient monitor and a ventilator; the Dash has embedded WiFi and the vent has a third party wireless module. Besides these 7 wireless clients, each caregiver has a wireless VoIP phone and most physicians also have WiFi devices (PDAs or smart phones).
Now imagine that there are similar patients in just 3 near by rooms. What happens when a code is called in one of those rooms and 3 caregivers, and a bit later a couple physicians respond. Let’s see, that’s 7 wireless devices times three patients, for 21 active associations with the network. Of the 5 people responding to the code, say 2 of them are having wireless VoIP conversations (say with specialist, or looking for a STAT diagnostic test result) and 1 is charting the code on a COW. That’s 24 associations.
What happens if an acute care patient being transferred goes by, adding 3 more associations and another wireless VoIP call? Or another code is called in the same vicinity? Do calls get dropped and the means to receive urgent information is lost? Are associations with the network lost by medical devices? Which ones? Could it be a device connected to a lone patient in a private room? Might life critical alarms be missed?
IEEE Completes 802.11r Fast Wi-Fi Roaming Standard
Just what we needed (really), another letter in the alphabet soup of 802.11 standards. This one, 802.11r, is also known as Fast Basic Service Set Transition (more details on the standard here).
The 802.11 standard was originally conceived to operate around individual access points (APs). This is a far cry from the high density AP network designs increasingly being installed in hospitals – and the wireless medical devices and other mobile applications they support.
In a conventional WiFi network it takes about 100 ms to re-associate with a new AP, and several seconds to re-authenticate connections using 802.1x (a common security requirement in many hospitals). This time lag can potentially result in several second gaps in patient monitoring waveforms, missed alarms, and dropped wireless VoIP phone calls. Another problem fixed in 802.11r is that a client radio does not know if the required quality of service (QoS) resources are available in the new AP until after it has associated with the new AP.
Cisco Changing to Support Health Care
Many things have changed at Cisco since they were visited by the FDA in 2006. Awhile back Kent Gray, global lead for Healthcare Solutions at Cisco, explained to me that the FDA was responding to a brochure produced by Cisco that included a photo of a 7921 handset displaying a patient monitor alarm and associated waveform. The FDA observed that the photo represented labeling of a Class III medical device for which Cisco did not have regulatory approval. Thus began a crash course in the health care school of hard knocks for Cisco.
To Cisco’s credit they have since made many substantive changes to their traditional approach to vertical market marketing in response to the special requirements of health care. During the AAMI conference this week in San Jose, I had a chance to meet with Erik Petersen, the Global Healthcare Solutions & Technology Partnerships Manager, to talk about what Cisco’s been doing in health care.
Health care has strategic importance to Cisco. After their run in with the FDA – a rite of passage for health care vendors – Cisco’s commitment to the market was confirmed by no less than CEO John Chambers.
As a corporation that has experienced enviable growth, the company is grappling with the transition from a $40 billion company to one doing $60 billion. “Cisco wants to offer a strong proactive value proposition in health care,” said Petersen, “rather than just providing a piece of infrastructure that the customer has to deal with for an overall project.” To meet their growth objectives, the company is shifting from a horizontal market company to one focused on vertical markets and applications. To us in health care, this means responding to the unique requirements of our vertical market.
Distributed Antenna Systems – No Replacement for Wireless Strategy
I received the following blog post from Stephen Olsen, Principal at Integra Systems. Steve has spent more than 20 years in the wireless industry in engineering, sales and business development. Steve’s wireless experience extends beyond health care to include public safety, cellular and 802.11.
In the past I’ve extended an invitation to a few select industry experts and thought leaders to post their writing. Steve is the first to take me up on my offer. Enjoy:
Over the last few years, MobileAccess and InnerWireless have generated considerable interest in broadband Distributed Antenna Systems (DAS) for the healthcare market. These systems can support a wide range of applications (WiFi, cell phones, mobile radios, pagers, WMTS) and frequency ranges (400/800 MHz up to 6 GHz).
The appeal to providers is the idea that a broadband DAS will remove all wireless headaches: no more cell phone complaints, WiFi will work better, no more dead spots for mobile radios, no more tricky RF interference problems, etc. Disappointment ensues when the DAS does not live up to its promise.
