Last week there was an interesting discussion on the Biomed Listserv about network installation for patient monitoring systems. Emphasis highlighting key issues and best practices are mine. The discussion started with a question from Scott Skinner:

I'm curious if anyone has been successful using their own vendors to pull cables for monitoring installations.  With the monitoring OEM we work with, they simply get a local subcontractor to do the cable pulls.

So this would involve breaking future monitoring packages up into two quotes:  one for the actual technology itself (and associated installation and implementation), and then one for just the cable pull work.  The latter would get bid out, and the OEM could compete against other vendors.

Of course, the OEM can just take the profit they would have made on the cable pull and add that to the cost of the equipment bid.  One would need to find a way to watch that carefully.

Which lead to a critical observation from Craig Muehling:

We have started pulling our own cable for monitoring installations. I have one happening now and I'm not exactly pleased how it's working out. I won't mention and names, [vendor name removed] but they make their equipment charges per drop whether you have any drops or not.

I would still like our [networking] vendor to do the networking, ie: install and configure switches and physically plug patch cables into the switches. Seems easy, but the way they [the patient monitoring vendor] charge it's really not much less than if they did the whole job. I think from now on, we will have to take on the entire networking job.

I have learned a lesson from this last installation and will scrutinize the quotes closer from now on, but with their charging structure
(supposedly) there's not a lot of options. Either we do the entire job, or they make lots and lots of money for relatively little work.

Here's how they do it at the Mayo Clinic, from Steve May:

We have our own low voltage and high voltage contractors for all in-house cable pulling, to include data pulls and all project related work, so cable pulling and wiring costs are never part of an installation package, but an infrastructure cost which we earmark as Capital expenditures and plan/budget annually. Bids & labor costs are renewed by Purchasing every 2 years and our preferred contractors are all able to bid on both project services & time & material services.

It works well because the contractors get familiar with our electrical & system standards, building layouts, construction management staff and our bigger customers (at our project reviews, meetings etc.) whom have special requirements like radiology, surgery etc. All our monitoring projects are hardware only, we are even trying to separate the installation engineering, documentation (which is usually terrible) like red lines drawings and wire lists. We're also trying to separate the go-live training, to manage train-the-trainer, in-service and certifications by the manufacturer after installation.

And according to Chris:

We do not use third parties to pull cable for monitoring systems.  We pull all of our own cable.   I have about 8 personnel who are Fluke certified to pull and terminate copper and fiber.  Of course any of the technologist on my team can pull the cable.  We have a Fluke DTX1800 as our primary cable certification tool.  We have other tools to validate cable pulls and termination, but the DTX1800 certifies each cable.  Our Information Services department likes our capabilities to certify our own cable.  The IS department "farms out" their cable pulls and terminations to a third-party vendor.

I like that we pull our own cables, this way my team knows exactly where all the runs are located, for each area, and they are confident that the job is done right.  We have had to work side-by-side on many projects with the outsourced vendor for the IS cable pulls.  Their technicians ave laughed a few times because we have pulled many cables at one time during an install and tested each one and they all passed the certification process.  They laughed because they said when they pull that many cables at once, they usually have around a 10% failure rate (bad termination or poor fiber signal).  I also think pulling our own cable makes us better at understanding networking.  It certainly aids in troubleshooting.

All of our UPS's are networked [i.e., monitored] and that way we get paged and e-mails if a UPS is starting to fail or the room temperature where the UPS is located gets too high.  We have remote sensors that attach to the UPS for monitoring environmental conditions. Our Philips Monitoring Network uses Cisco routers and we have downloaded a very nice application that monitors all of the routers and switches in the network, again paging us if there are problems. 

I believe that pulling our own cable is just an extension of managing our networks for which we have responsibility (CCTV, Card Access, miniPACS, etc...). Last year we saved over $340,000  by pulling our own cable versus outsourcing including overtime labor for some of the larger projects.

And J. Scot Mackeil suggests the following best practice:

Have ALL the data cables that carry life critical monitoring data around the facility be a unique color per hospital policy.  When my hospital started installing spacelabs IP networked monitors and replacing the DEC net stuff, I insisted we adopt such a policy and stick to it. Every medical monitoring network run and patch panel from the servers to the local closets to the wall plates to the monitors is done in HOT PINK Cat 5 cables.

There is no way the IT or facilities guys can mistakenly disturb a life critical monitoring application as our cable color screams out loud and clear, "don't mess with me!"  Our connections to the cloud are by VLAN and in the racks, we have 24 port ethernet hubs, installed so we could isolate from the network in the event of a major IT failure.

This approach works great for private networks like those required by patient monitoring systems. The industry trend, however, is to converge private medical device networks with the enterprise network. Medical device systems running on enterprise networks have a whole different set of best practices.

Jerry Messina noted that, "Some vendors will not certify the network if they or their contractor does not do the cable pulls." And Ray Brown expanded on Jerry's observation with the following:

I got a question or two about cable pulls. I was in a Biomed / IT meeting earlier today, and I wanted to see if the following was specific to just Missouri, or if it was USA-wide. Also, let's pick two different types of data runs, and I'll be specific - GE PACS, and
Philips Intellivue networks.

Is there a rule on the books that, "if you run wiring to any Biomed equipment that affects a patient or patient care, the FDA requires those lines have to have certification, and you must keep a copy of the certification for 25 years."

I know Philips especially wants their lines certified before use, but keeping the certificate on hand for 25 years? This information came to my Director via the Missouri State Engineering Association, and I just wanted to see what else was on the books.

The FDA is a convenient lever for many situations, but one not always applied correctly. My response follows:

In general, FDA regs look at two things, 1) the processes a manufacturer follows to design and manufacture medical devices, and 2) the safety and efficacy of medical devices via the FDA's classification related regulatory clearance/approval processes (Class I, II and III). As a health care provider, the FDA has no regulatory oversight over you unless you do things that meet the legal definition of a manufacturer.

Manufacturers submit entire medical device systems to the FDA. These systems are described by (among other things) marketing claims/intended use statements, product and system specifications, and resulting verification and validation testing. It is this totality of the product/system, as it is intended to be used, that is cleared or approved by the FDA.

Complex systems that include networks and interfaces to other devices and/or systems end up blurring the lines between what is and what is not a part of the regulated medical device. For example, if a medical device system runs on a network (physically separate or as a VLAN on your hospital enterprise network) the network is part of the medical device.

The buyer of these systems should maintain their systems within the specifications used by the manufacturer in the design and installation of the system. Not conforming to these specifications result in a medical device system that is different from what was designed and tested by the manufacturer, and different from what was cleared or approved by the FDA. It is those vendor defined specifications that received FDA clearance, that must be maintained over the useful life of the system.

Thus the principal reason to conform to manufacturer's specifications is to ensure safe and effective operation of the system.

There is no FDA regulation that says customers can't install systems themselves or change something in a system, but to do so in a way that fails to meet the manufacturers specifications would likely render the system an "off label" use. There is no legal "certification" process that hospitals must meet, nor are there any requirements to maintain "certification documentation" for 25 years.

When manufacturers install complex systems in a hospital they do (sometimes a considerable amount of) verification testing after the installation, to ensure that the system -- and the broader network and IT environment in which it is installed -- meets the specifications for that system defined in the design documents of that product. This process is sometimes referred to by the vendor as "certification", but is not recognized as some kind of official or endorsed certification by the FDA or anyone else.

System specifications for any product change over time, usually because parts used in the system become unavailable and the manufacturer has to find replacements that change specifications. It is also possible for hospitals to go outside of specifications with relative safety, if they follow a risk management process similar to the one used by manufacturers. Such an effort is not a trivial task, and is rarely undertaken by hospitals. (Specifications are often unknowingly changed frequently by hospitals, but that's another issue.)

Regarding your specific cabling example, the manufacturer writes a specification for that cable, perhaps something like, "shielded twisted pair Cat 6 cable". There may also be specifications about physically routing the cable (distance from EMI sources) and/or specifications for testing the cable run after it is pulled for attenuation, noise, etc.

Provided the manufacturer gives you all those specifications, you can certainly pull cable and do other installation tasks yourself. By following the manufacturer's specifications (including testing), you can remain fully in compliance with what was approved by the FDA. If the manufacturer choses not to share those specifications with customers, that is their choice and not something mandated by the FDA.

UPDATE: The title for this post was revised to better indicate the subject, which is the installation of patient monitoring system networks.