On a recent LinkedIn group discussion, the following question was posed by Taimoore (Tim) Rajah of the NIH:
We are encountering many hospital which are still based on wired LAN technology for medical device connectivity. Many have mentioned their gripes and major concerns about using Wi-Fi technology for patient monitoring and drug delivery monitoring in the OR as well as ICU departments.
Many hospitals are still using WMTS telemetry in their more critical patient monitoring areas. This is very expensive and maintenance for such a system is costly.
Can you tell us what are the major criteria to ensure a reliable safe and secure Wi-Fi network for medical devices?
If a hospital decides to use Wi-Fi technology, what are the proper guidelines to which they must adhere, to ensure that their current and future Wi-Fi network will be stable, reliable, safe and secure? What are the important features they should consider seriously before embarking on using this type of technology?
Great questions. Here we go with some answers:
I've written before on WMTS and Wi-Fi, and you can read those two posts for more in depth discussions on applying those technologies to medical devices.
Relative to this discussion, the key advantage of WMTS is that it is dedicated to one application (telemetry monitors, or with Philips, patient monitors including telemetry) from one manufacturer. The deployment of this one application in the hospital changes little over time. This means that designing the networks is more simple, and once deployed, they change little. The resulting perception is that WMTS is more reliable and easier to manage than Wi-Fi. In reality, if we tried to do with WMTS what is regularly done with Wi-Fi in hospitals, WMTS would be an unmitigated failure. Or to put it more positively, if we used Wi-Fi like we use WMTS, Wi-Fi would appear to have the same advantages as WMTS.
The flip side of WMTS strength is that: 1) the technology is proprietary to the manufacturer, thus increasing purchase and switching costs, 2) the absence of industry standards for WMTS that ensure interoperability and coexistence across manufacturers limits one manufacturer's installation per hospital, and 3) the limited available bandwidth for WMTS (possibly being further reduced by FCC) greatly limits the number of devices that can be supported in one installation. Just the fact that medical devices beyond just patient monitors are wireless means that Wi-Fi is going to be used in any event.
Wi-Fi adoption in hospitals in the US and Canada is well over 90 percent. As hospitals world wide deploy IT for portable and mobile applications, Wi-Fi is the wireless technology that will be used. Wi-Fi has the following advantages: 1) industry standards, and test and certification organizations (like the Wi-Fi Alliance) provide interoperability and coexistence across manufacturer's products, 2) the bandwidth designated for Wi-Fi is significant, 3) Wi-Fi frequency allocations are world wide enabling manufacturers to create one product for multiple international markets, 4) the adoption of Wi-Fi for consumer and commercial applications provides a tremendous economy of scale that benefits health care, and 5) there is a substantial infrastructure by way of resellers, consultants, test labs and third party tools for the management and monitoring of Wi-Fi networks.
Some day, I will write a companion blog post for Why Medical Device Makers Love/Hate Wi-Fi from the hospital's point of view.
Wi-Fi and Medical Devices
Due to the continued automation of health care delivery, medical devices are being transformed into information appliances intended to integrate with the enterprise IT infrastructure. Increasingly, connectivity features are becoming necessary features required to drive buyer adoption.
In fairness to hospitals who have struggled with wireless medical device implementations, many medical device manufacturers are not very enterprise IT savvy. Especially early on, some wireless medical device systems were pretty limited; they did not have sufficient authentication or encryption features and their ability to coexist with other traffic in an enterprise IT network was sometimes severely limited. The good news is that many medical device manufacturers are getting pretty good at meeting enterprise IT requirements. A red flag here is the vendor who insists they must have a dedicated VLAN and/or SSID. Vendors making these claims are either still selling application software that was written 20+ years ago when medical device networks were all private, or are behind on building up their enterprise IT chops.
The criteria for safe and effective use of Wi-Fi in medical device systems is defined by the medical device product specifications (especially those related to wireless connectivity) and the manufacturer's recommendations pertaining to the management, maintenance and testing of the wireless medical device system. The development of the criteria, and fulfillment of the criteria in the resulting design, is a consequence of the manufacturer following the FDA Quality System regulation. The definition of the criteria, and resulting fulfillment of the criteria by the design is reviewed by FDA when the manufacturer submits the artifacts created as a consequence of following the Quality System in the form of a 510(k) submission.
The criteria for safe and effective wireless connectivity is inexorably entwined with the design of the wireless medical device. For a buyer to mandate certain criteria for safe and effective use would mean that the buyer is also specifying certain design decisions. Consequently, in most cases, buyers should seek to determine the criteria for safe and effective use of Wi-Fi from the manufacturer. This will include specifications for things like signal access point strength, time to associate with the network under various scenarios, time to roam across access points or subnets, etc. Supported configuration such as an Quality of Service settings, authentication and encryption will also be specified by the manufacturer.
In summary, the criteria for safe and effective wireless networking can be divided between performance specifications, configuration settings, and hardware specifications and configuration (e.g., specifying manufacturer, model and firmware release for an access point controller).
When a manufacturer installs their wireless medical device system, they'll ensure the enterprise wireless network (and all the rest of the IT infrastructure) meets design specifications. At this point, it is the buyer's responsibility to get those specifications from the manufacturer so that the hospital can ensure that the network and related IT infrastructure continue to remain within specifications over time - thus ensuring ongoing safe and effective wireless networking.
In no time hospitals end up having to juggle a number of sets of these specifications for patient monitors, infusion pumps, EKG carts, diagnostic POCT devices, not to mention wireless VoIP systems, computers on wheels, wireless bar code readers and other IT equipment. Prior to any changes - adding new applications, revising existing applications, upgrading infrastructure, or changing network configuration settings - the hospital must ensure that planned changes are supported by all the systems that run on their infrastructure. This requires ongoing communications with medical device manufacturers, especially as it relates to support for new network gear and firmware upgrades.
What Makes Wi-Fi Hard for Providers
Any wireless network must be designed to meet the requirements of the applications deployed on the network, along with addressing coverage and environmental factors (like the impact of construction materials and design on RF performance). Any change in the applications and/or physical plant, require a technical assessment - a site survey for Wi-Fi networks - and possibly a redesign of the network. Things often change in hospitals.
In my experience, hospitals could do better in anticipating and planning for future needs. And by now, most hospitals should have learned that networks must be designed to support specific applications. I can't tell you how many stories I've heard about hospitals who just got their Wi-Fi working well with computers on wheels or a meds administration system and decided to just buy a VoIP phone switch and wireless handsets to implement wireless VoIP - only to have the implementation fail because the network was never designed to support wireless VoIP. After living through something like that (especially if our network VAR didn't try to warn us off) we'd probably all hate Wi-Fi.
With the advent of wireless medical device systems hospitals need to evolve their IT governance - especially risk management, configuration management and change control) from a mission-critical level to a safety-critical level. Change control in particular should utilize a risk management approach that looks beyond privacy and security to include risks to patient safety. You can read more on safety-critical governance here.
The secret sauce here is not some ultimate set of specifications, but the use of a rigorous process on the part of both manufacturers and buyers. Wi-Fi networks are intended to support numerous applications from multiple vendors; they will never be as simple and easy to manage as WMTS. Only by reliably following the best practices for installing and managing wireless networks will they provide optimal levels of reliability and performance.
On the LinkedIn Medical Device Connectivity Group, Talmoore Rajah left the following question about this post:
Thank you very much for the information. Is it possible we can elaborate on what steps the hospital’s IT and Biomed Team should initiate prior to installation. What preliminary test should be performed etc?
Tim, Here are a suggested series of steps:
1. From each vendor under consideration for purchase, request their network specifications. (These are the specifications they designed their product to operate under.)
2. Make sure you (the hospital) or the vendor compares the vendor’s specs to your actual network performance/configuration specifications. A site survey is required to determine the current specifications of your network. Hospitals expect all costs to be included in the vendor quote. Most vendors estimate any needed remediation costs rather than undertaking the cost of doing a site survey before they get the sale. With some experience, vendors can estimate remediation costs pretty closely.
3. Do a gap analysis. Any gaps will require network remediation.
4. After remediation and installation, another site survey is required to verify that the network meets the vendor’s specifications for their medical device system.
Once the installation is complete, it is the hospital’s responsibility to ensure that the network environment is maintained at the vendor’s specifications as long as the hospital operates the vendor’s medical device system.
Great questions and reply…however, it comes down to risk management with the data. What data is being sent from the medical device (or any other device for that matter) and the consequences of not acting on that data in a timely manner should determine the architecture requirements for sending and transmitting that data. Wired configurations are still valid options for connectivity. If the risk consequences of the data not being acted upon are death and perhaps some legal consequences, then the decision to use a shared infrastructure needs to be carefully weighed. WMTS and wired LANS tend to be dedicated as well, therefore the contention for bandwidth become minor issues, unlike your example of the COWs and then ‘hey, let’s do VoIP, too, this Wi-Fi stuff is great!.’
Bottom line - understand the clinical context and requirements in which the technology is being deployed and choose the proper technology for that context.
Implementing wi-fi is as much an art as it is a science. I suggest that there are three issues that must be addressed:
1) the fundamental design assumptions that go into where and how APs are deployed in the environment (The Science)
2) having the knowledge & experience about the nuances of wi-fi in a hospital environment that go beyond the design (The Art)
3) having the tools that optimize performance, anticipate problems before they become acute, alert & rectify unexpected failures when they do occur (Tools & Process) (Hint: For Cisco shops, CleanAir only a small part of the answer!)