The future of healthcare looks well connected, but it’s going to require real strategy to get there. Extreme Networks’ Director of Health Solutions Bob Zemke explains.
Connectivity—it lies at the heart of Internet of Things (IoT) and every innovation that promises to transform healthcare. It’s one of the hardest challenges for healthcare organizations to take on, as the number of apps and devices continue to multiply and all are expected to thrive in a vast and varied technological ecosystem.
While it’s exciting to dream of an ultra-connected healthcare experience—with seamless clinical and administrative workflows, and greater patient engagement and access— healthcare organizations need to deal with the realities of IoT first. What most organizations are learning the hard way is it’s difficult to stitch together cloud-based solutions with hard-wired legacy devices and systems.
Then there are challenges related to data management and security: IoT doesn’t merely open doors of opportunity for greater connectivity, it also creates more points of vulnerability. Throw in poor device functionality and user experience, siloed purchasing approaches to new solutions, and little, if any, data analytics and you have a recipe for anything but seamless connectivity. That’s why IoT is so exciting to think about and yet simultaneously daunting for organizations to put into practice.
Nevertheless, the depth and breadth of IoT in healthcare is destined to grow, along with demands on health organizations to ensure it all runs smoothly, according to Bob Zemke, director of healthcare solutions at Extreme Networks, a software-driven network solution provider based in San Jose, California.
“We’re going to see more automation regarding sensors and technology relaying data back to patients, which is going to allow for a faster response concerning patient safety and overall health performance,” said Zemke. “With that in mind, we will see a shift in the skill sets needed in IT and security departments: these roles are going to be much more intertwined and coordinated.”
With the promise to bring greater safety and health improvements through more health-monitoring apps and devices, the time to start building a reliable network infrastructure to support IoT begins now. It may seem like a tall order, especially when health organizations are still dealing with technical struggles long after EHR adoption. However, Zemke offers a few strategies that Extreme Networks has learned along the way in service to their clients.
1. Focus on Network Infrastructure First
All too often, organizations trying to establish an IoT ecosystem start in the wrong place, focusing too much on application-related initiatives. Zemke says this is a backward approach, given the fact you really need to understand the ins and outs of your network and how each device will operate within it. It’s a common mistake, and not hard to make when looking at the more significant pieces that make up your technical infrastructure.
“When you consider the nature of the investment and impact that a new medical records application or platform is expected to deliver, that’s the transformational heart of an IT organization’s service delivery,” he said. “The connected devices themselves are almost ancillary. The actual devices are the bits and pieces that are feeding the data in, so it’s easy to overlook because it’s a connected piece and not viewed as the main component.”
It’s often that lack of focus that can bring up even the most basic upsets regarding connectivity, such as ensuring you have the Wi-Fi capability required to support all those devices. “To operate smoothly, there can be no bottlenecks from the Wi-Fi access points, back through the wired infrastructure, and all the way to the broadband Internet connection and the data center. These connections must be highly available or fault tolerant to ensure uninterrupted service,” said Zemke.
To make sure you’re on the right track, you need to ensure you have the supports in place to bring on the new devices to make sure they can coexist with the tools you already have in place, especially when trying to have them function with legacy devices and systems. If you focus on your network functionality first, it makes it easier to fit the rest of the pieces and put them into place.
2. Use Device Visibility and Data Analytics
Generally, organizations do not have the visibility required to understand where their connected devices are in the network and how they are functioning as a result, nor do they have the analytic capabilities to monitor how the device is behaving in the environment. Is the new device operating properly? What data is it transmitting, and to where? How is the user experience and is it working from a clinical aspect? These are questions you can’t answer without visibility and intuitive data analytics.
With that in mind, Zemke cautions it’s best not to jump to any conclusions when adding devices to your network. “Assume you don’t know everything that a device will do. The manufacturer can tell you how it ‘talks’ to the server, or to an application, and how it’s supposed to behave. However, once it’s on the network – and once it’s plugged in –you never know exactly what it’s going to do. And that’s true for anything from an expensive imaging device to a security camera,” he said.
With clear visibility and analytics, you can work faster to implement corrections, which becomes especially critical if a malicious change or security threat occurs.
3. Secure Your Network via Segmentation
As witnessed during the global WannaCry ransomware event, security in IoT is a critical requirement to preserve the privacy and safety of patients. With many connected medical devices over a decade old, it’s difficult to keep pace with today’s security requirements. Aside from phasing out these devices for newer, more secure instruments, it’s critical to structure your network to prevent security breaches from extreme damage that places all your data at risk.
Segmenting and partitioning your network into subnetworks can add an extra layer of security as well as improve device performance. Without segmentation, hackers are free to wreak havoc on your network, leaving much of your data open to a single point of vulnerability. That’s why breaking up the data flow into segments can ensure that if there is a breach, not all your information will be compromised.
Much like laying the groundwork for your IoT network, laying down a strong foundation for segmentation is essential. Organizations must classify and group data-related items and consider where the access points should be and who should have access to them. Moreover, segmentation is not a one-time exercise, but a continuous work in progress. Regular maintenance and relative adjustments need to be made to keep your network running smoothly and securely.
4. Make Monitoring a Top Priority.
Everything requires routine observation and tracking when it’s on your network. Therefore, you need the ability to monitor all the devices and applications on your network continuously, said Zemke. Tools such as Extreme Network’s Network Access Control allow organizations to automate the onboarding of devices as well as the implementation of rule-based policies across the entire wired and wireless infrastructure. Having the right tools and intuitive platform to monitor your network can take the guesswork out of the equation, especially when problems arise.
5. Unify Your Onboarding Approach
The last strategy for IoT success may be the most important. Zemke says he commonly sees disjointed efforts among an organizations’ departments that can muddy the waters when it comes to implementing and successfully running an IoT network. As reflected in the challenges of organizations focused on application-related objectives, it really goes back to understanding and bolstering your network to support and sustain your technical objectives.
Zemke says it’s important to follow an approach like the one established by international standard ISO/IEC 80001 – Application of risk management for IT-networks incorporating medical devices, which presents a unified procedure to the safety of medical devices connected to IT networks. The standard presents a guide for security and risk management and is a good place to start the conversation.
“I think it’s a responsibility of IT organizations—starting at the CTO level—to bring more awareness to the clinical community about the challenges in supporting IoT devices,” said Zemke. They must be the advocates to explain the due diligence that needs to take place, and justify the resources, skill sets, training, and tools that are required to deliver it.”