Webinar Examines HTM’s Role in Wireless Networks
As hospitals increasingly use wireless devices, ensuring the networks on which they operate are secure and robust are problems these facilities constantly wrestle with. Two wireless experts recently discussed how healthcare technology management (HTM) professionals can serve as a bridge between the information technology (IT) department and clinicians to help address these pressing issues in a webinar titled “Wireless Security and Robust Wireless Networks.”
The webinar, which was held as part of the HTM Week 2013 celebration, featured Steven Baker, PhD, senior principal engineer at Welch Allyn, and Phil Raymond, wireless architect at Philips Healthcare.
Baker, who kicked off the webinar with an overview of wireless security, noted that HTM professionals should care about this issue because clinical devices are increasingly running on networks, and they will have to work more and more with their IT counterparts to ensure the smooth operation of this equipment.
There is also a mistaken belief that “security through obscurity,” or the idea that a system can remain secure through the secrecy of its design, will protect devices, Baker said. “Hackers are showing us again and again that security through obscurity is a misnomer. It doesn’t really exist,” Baker said. He added that both device manufacturers and hospitals need to abandon the notion that hackers won’t try to disrupt the normal functioning of infusion pumps and pacemakers.
“If we assume this, we’re opening ourselves up for trouble,” he said, adding that HTM professionals need to work with IT to help clinicians choose devices that are the most secure. In general, HTM professionals work more closely with clinicians than their IT counterparts do, Baker said; therefore, they must serve as a bridge between the two groups to help ensure devices remain secure.
Baker concluded by detailing some security concepts hospitals should embrace:
- Always use the strongest authentication and encryption possible
- Avoid new medical equipment that compromises the network
- Segment off devices with poor security. If a facility has such a device, for example, an 8-year-old infusion pump that uses wired equivalent privacy (WEP), a security algorithm that has been shown to have a number of flaws, firewall it off so it is limited to the formulary server.
- Tried and true is better than new. If a new security solution comes out, give it some time. It could crash or it might not deliver the kind of security a healthcare facility needs.
- Consider negative testing during qualification. For example, with your test network, turn it off and then bring it back up. Did your devices reconnected in the time you expected?
Raymond began his part of the presentation by noting that what is robust and reliable for one hospital may not hold true for another facility—it all depends on performance requirements and devices used. He noted that before bringing a medical device on a network, healthcare facilities should obtain vendor-specific training. The facility should also determine whether compatibility testing has been conducted by a device manufacturer to ensure that its device will operate with the vendor that hospital is using.
Raymond also noted that if IT is doing something on the network and not telling clinicians and the HTM department, “it’s a recipe for disaster.” The work of all three departments is intertwined because of the network, thus it is essential that each knows what they others are doing.
AAMI has taken the lead in addressing wireless issues. Last fall, 100 experts came together in for a workshop on wireless technology systems in healthcare hosted by AAMI in Herndon, VA, outside of Washington, DC. Attendees listened to presentations on topics such as spectrum management, infrastructure, security, and then participated in collaborative discussions to identify priorities. That workshop led to the development of a wireless task force, of which Baker and Raymond are members. The task force held its first meeting in March to discuss topics raised at the workshop, and met for the second time in June after AAMI’s Annual Conference.
To read the wireless summit publication resulting from last fall’s workshop, please click here. To hear the webinar featuring Baker and Raymond, please click here.
Posted: 06.12.13