Best Practices: IT Management for Healthcare Services

Transcription

1 Best Practices: IT Management for Healthcare Services As a network engineer working in the healthcare industry, you must ensure available, efficient, secure, high-performance systems that successfully assist in provision of care to patients and clients, effective tools and information for doctors and employees, and robust services for researchers and innovators. The list of challenges faced by IT professionals in the healthcare sector continues to grow: Compliance with HIPAA (Health Insurance Portability and Accountability Act) Compliance with the HITECH (Health Information Technology for Economic and Clinical Health) Act Cost-cutting initiatives The move from the current ICD-9 medical coding system to ICD-10 by Oct. 1, 2013 The implementation of electronic health record systems and electronic medical record systems The increase of machine-to-machine transmission of health data Growing adoption rates for mobile health devices Constant emergence of new models of care If you are looking for cost-effective ways to manage your infrastructure and protect access to key information, read on. "Using WhatsUp Gold enables us to identify and resolve a variety of issues in our customers' IT infrastructures and to resolve those issues before they can impact business. When you manage healthcare networks, it is critical to keep network downtime to the absolute minimum, if not eliminate it entirely." - Tony Lapetina, Service Operations Manager, Concordant, Inc., USA "WhatsUp Gold has become a very important colleague for us! The medical staff now sees a lot less of us, which they appreciate and we are now able to be proactive rather than reactive." - Frank Beckers, IT Planned and unplanned changes happen all the time. New medical staff, disruptive technology like virtualization, additions of new sites or new hospital locations, mergers Professional, UMCG, and acquisitions, purchasing of new hardware they all introduce the need for a Netherlands complete rediscovery of your infrastructure a layer 2/3 discovery to inventory everything that s running on your network. After all, if you don t know what you have running in your infrastructure, how devices in your network are connected, their interdependencies, and their locations, how simple can it be to locate problems and resolve them before the impact of a failure is realized? A layer 2/3 discovery is actually an eye-opener for many healthcare organizations since they discover pieces of hardware unaccounted for, or interdevice connections that they didn t even know were there. Once you have a hardware inventory in place, you can use it for auditing or security-centric purposes, or simply to try to reduce costs by re-purposing unused resources. Here are some quick recommendations for you: Use WhatsUp Gold to Document and inventory hardware resources, and automatically keep up-to-date network topology maps including port-to-port connectivity Track installed software inventory, including OS patches Why Simplify troubleshooting tasks Increase security (e.g. analyze any weakness in your architecture, auditing initiatives) Ensure compliance with organizational patching policies to eliminate security vulnerabilities Best Practices: IT Management for Healthcare Services 1

2 Generate the complete data path between devices or pinpoint the physical location of devices on the network with IP/MAC Finder and Layer 2 Trace utilities Identify any unauthorized software on Windows servers and workstations to reduce risks from unwanted applications Track down unauthorized, misconfigured or malware-infected devices. Once you have discovered what you have and how everything is connected, you should start monitoring health, availability and performance across all your network devices, servers, applications and virtual resources. In addition, continuous monitoring of the power supply and temperature of the server room is critical in a hospital, medical equipment (i.e. magnetic resonance imaging systems, computer tomography, X-ray equipment, etc.) is equipped with computer systems and depends on network availability. Besides temperature, you should also monitor humidity patterns (remember, as long as you have an SNMP-compliant probe, WhatsUp Gold can monitor it!). Here is a full list of key areas that you should monitor on an ongoing basis: Area Networking Devices Systems, Servers & Workstations Hardware Performance Indicators Virtual Resources Wireless Infrastructure What to Monitor Key metrics such as interface utilization, and other metrics stored in their MIBs, such as interface errors and discards, CPU and Memory utilization. Processor utilization, memory, processes, storage and file systems, as well as disk I/O, to help identify both under- and over-utilized systems. This should be done for Windows, Unix, Linux, Solaris or MAC Operating Systems. By monitoring areas such as temperature, humidity, power supply and fans, you will be able quickly detect if there are instances of overheating or failures of important medical devices such as X-ray equipment or key laboratory systems. Similarly to what you d normally monitor for your physical servers, you should oversee metrics such as CPU, interface, memory, and disk utilization on the VM and host level. By monitoring disk utilization on the host level, you can effectively protect yourself against growing to the limit of your volume. In addition, you should configure real-time alerts on specific VMware problems such as migration errors, clusters being overcommitted, insufficient failover resources, a general VM error, or when host warnings/errors are triggered (See Best Practice #5 for more detail). Excessive bandwidth utilization, signal strength degradation, rogue access points and wireless access point oversubscription. Best Practices: IT Management for Healthcare Services 2

3 WhatsUp Gold can effectively monitor everything in the above table for you! Specifically use WhatsUp Gold and WhatsUp Gold WhatsVirtual to monitor, alert, manage and report across devices, systems and physical and virtual resources from a single console. WhatsUp Gold s powerful monitoring, alerting and notification capabilities, combined with custom dashboard views and over 200 reports, will give you the actionable intelligence to make smarter decisions faster, and keep your network infrastructure running smoothly. Did you know that the best way to resolve intermittent network performance problems and ensure quality of service is to analyze, understand and manage network traffic? After all, nearly 30% of the data stored on the world s computers today are medical images, and this figure continues to increase. Similarly, the number of home health devices is climbing. With patients and remote doctors in multiple locations and accessing medical images regularly, it s critical for IT professionals to go deep into network traffic and understand bandwidth utilization. WhatsUp Gold is like a virtual employee, assisting us wherever possible. Look for a flow management solution that will let you analyze, alert and report on the different types of traffic traversing your network. This is how it works: each flow enabled router or switch (source) collects and aggregates information about traffic passing through it, and when configured to do so, transmits the information to a flow-enabled network management and monitoring system such as WhatsUp Gold Flow Monitor. In addition, built-in Wireless Infrastructure - Andreas Stiglbauer, Medical IT Department Head, Linz General Hospital Management in WhatsUp Gold allows you to know where your wireless users are at all times and how much bandwidth they consume. Configuration management is often overlooked, but did you know that 60% of network outages and performance degradations are due to misconfiguration errors? As a network engineer in the healthcare sector, you spend a significant amount of time establishing and fine-tuning network devices configurations to ensure optimal network performance, protect sensitive patient data and secure networks from unauthorized users. With sometimes hundreds of individual devices to manage and maintain, configuration changes are made almost continuously, and they are hard to track on an ongoing basis. Recreating a device configuration from scratch, or identifying what s changed on a network, when, where, and by whom can be very difficult without a configuration management solution in place. The ability to rapidly react to a device failure or misconfiguration is vital not only in a sound network management strategy, but especially so when lives can depend on functioning X-ray equipment, diagnostic imaging systems and laboratory equipment in a hospital. The capability to download a backup to a new device or replace an existing file can mean the difference between a costly network outage and a healthy infrastructure. Here are some quick best practice pointers to help you jump-start your configuration management efforts: BP 1 BP 2 BP 3 BP 4 Automatically capture and store (AES-256 Encrypted) configuration files from any network device for periodic review and analysis. Maintain the current running configurations for all devices and a set number of previously running versions at least three to five previous working versions. It will really help with troubleshooting tasks. Automatically alert when a configuration backup is different from the previously configured backup, providing the opportunity for change management review safeguards and configuration risk analysis. Automatically alert when a configuration backup does not conform to administrator-defined standards, Best Practices: IT Management for Healthcare Services 3

4 BP 5 BP 6 BP 7 providing the opportunity for change management review safeguards and configuration risk analysis. Automate the execution of the scheduled tasks relating to current network configuration backups, startup configuration file backups and password change management for an individual device or across groups of devices to reduce errors and save time. Quickly restore last known good configuration backups reducing the risk and impact of misconfiguration. Document your network and configuration changes periodically. With WhatsConfigured, you can do all of this. Use WhatsConfigured to automate network device configuration and change management processes, simplify your life, and eliminate human errors. With WhatsConfigured in place, you don t have to perform repetitive and tedious manual configuration tasks, or troubleshoot misconfiguration issues in the dark. Plus, you can rest easy and save time with features such as nightly config backups, bulk config changes, complete audit trails, and real-time alerts triggered by configuration changes. Chances are you are using virtualization at some capacity -- for cutting overhead through less hardware and improving ROI through consolidation of resources, among other benefits. While it has many benefits, virtualization introduces a new set of challenges, including management complexity, security concerns, and lack of control, or virtual sprawl. Therefore, you need to look for a management tool that will allow you to discover, map, monitor and manage your virtual server environment exactly in the same way and from the same console as your physical server infrastructure, applications or network devices. Remember, in a virtualized world, you may be dealing with hundreds of virtual machines and physical servers. Operating in the dark (without knowing what is running on a physical server) is time-consuming and complex, making troubleshooting efforts much more difficult (and slower), and can severely increase MTTR (mean time to resolution). Plus, having an accurate physical to virtual mapping at all times will reduce the risk of virtual sprawl, or the rapid proliferation of virtual servers, since you can quickly visualize the specific VMs running on any physical server. The table below offers guidelines on what to look for: Monitoring Requirement Automatic maps of virtual environments VIM-based ESX host and guest resource consumption monitoring vcenter security events, ESX Syslog, or HyperV event logs Integrated Reporting Why Explore your virtual infrastructure and analyze possible weaknesses in your deployment (i.e. resource allocation, overall sustainability of the virtualization environment, etc.). Ensure accuracy of CPU, Memory, Datastore, and network consumption, providing the underlying data for integrated reporting functionality. Real-time monitoring of key security-centric events will help you identify threats much faster, and prevent security breaches. VIM-based statistics should be reported alongside WMI, SNMP, and other monitoring data for the purposes of Best Practices: IT Management for Healthcare Services 4

5 activity review and risk analysis. One pane of glass monitoring across your entire infrastructure Increases IT team efficiency, simplifies IT management WhatsVirtual allows you to discover, map, monitor and manage your VMware virtual server environment exactly in the same way and from the same console as your physical server infrastructure, applications and network devices. You don t need to look at multiple screens trying to figure out what went wrong or what is likely to do so WhatsVirtual and WhatsUp Gold bring it all together. As you know, a network is comprised of any number of different single components, all designed and configured to work interdependently. It is this interdependency that is difficult to decode. As you build your infrastructure management strategy, you should look for ways to obtain a consolidated view of all alerts and problems occurring anywhere in your infrastructure, including performance issues, network traffic bottlenecks, bandwidth usage violations, hardware issues, configuration changes, and so on. That way, you ll increase IT efficiency by ensuring better coordination in response procedures and knowing exactly what s happening in your network. Plus, it s easier to troubleshoot hard-to-resolve issues, such as a slow network or intermittent problems, when you have a unified view of all alerts and problems. WhatsUp Gold includes a central Alert Center a single integrated workspace that consolidates all alerts, notifications and alert acknowledgements across WhatsUp Gold and its plug-ins for easy configuration and management. That way, you can coordinate an alert response via acknowledgements and multiple levels of escalations, no matter the network location a hardware problem, a performance bottleneck, a bandwidth usage violation or a misconfigured device. "I want WhatsUp Gold to be the notification service one-stop shop for all my applications and hardware." - Bruce McMillan, Manager of Emerging Technologies, Solvay Pharmaceuticals, Inc. You should look for management capabilities that simplify your life, reduce your workload and fit your schedule not the other way around. Here is a quick list of some capabilities that you should require, and how they ll make your life easier: Feature Business Hours Reporting Scheduled PDF Reporting SMS Alerts Blackout Alert Suppression Blackout Alert Summary Why Align your reporting to match your business schedule. Easy to schedule and share workspaces and full reports with your peers or management. Receive key information on your phone on the go, when you need it, wherever you are. Define blackout periods and suppress alerts and notifications when you re enjoying your personal life at night, on the weekends, or when you are away on vacation. Stay on top of everything while enjoying your time off receive a summary of problems and alerts suppressed during blackout periods when you re back, so you know what happened while you were away. Best Practices: IT Management for Healthcare Services 5

6 Mobile Access Scheduling Engine Manage your network from your mobile device on the go get alerts, reports and monitor your network remotely. Automate the execution of basic housekeeping tasks such as database backups and optimizations to save you time. WhatsUp Gold offers all the capabilities that you need to better balance your career and personal life. Its advanced capabilities, like business hours reporting, scheduled report distribution, blackout alerts suppression and summaries, as well as Mobile Access, give you the ability to react to events immediately anytime, from anywhere. Securing your network starts with a secure network management solution that mitigates vulnerability issues and risks of breaches, and supports your compliance-centric initiatives. The table below will walk you through a list of requirements to look for in a network management solution: Requirement Why is this important? FIPS validation & encryption - the highest & strongest level of cryptography available in the commercial software marketplace Protect your network management data and ensure compliance, for total peace of mind Security groups from Active Directory Minimize administrative overhead and protect your network with industry-standard user storage access control and password management Easy-to-use network traffic monitoring with just a few clicks You can easily baseline network traffic activity and: Quickly detect DOS attacks, virus, worms and other rogue activity directed at your network Monitor the network for unauthorized application usage and rapidly shutdown the offenders Enhanced SNMPv3 security Role-based Access Control Provides more enhanced levels of authentication, encryption and access control than previously available with v1 and v2, correcting shortcomings of previous versions for total security Users can only access authorized tools and reports Best Practices: IT Management for Healthcare Services 6

7 Alerts on Rogue Wireless Devices Reduces the security impact on BYOD and alerts you in real-time when rogue wireless users appear in range 128 bit SSL encryption Ensures secure transactions between users & management console Achieve total peace of mind with WhatsUp Gold! It uses AES 256-bit encryption and meets the strict data privacy and integrity requirements of the Federal Information Processing Standard (FIPS 140-2) for complete security and protection. Besides FIPS validation and encryption, WhatsUp Gold leverages Microsoft IIS and Security Groups from Active Directory industry-standard user storage access control and password management. The HIPAA Security Rule was established to create national standards to protect electronic patient/health information. In addition, the HITECH Act, recently enacted as part of the American Recovery and Reinvestment Act of 2009 and designed to strengthen HIPAA enforcement, contains a section which reinforces criminal penalties for willful neglect of HIPAA regulations. Under HITECH, willful neglect can mean penalties up to $250,000, with repeat violations extending up to $1.5 million, and in some cases, penalties extending to business associates. To protect and secure electronic protected health information or patient records, you need to know who is accessing which systems and data, and what users are doing at all times. Records of all events taking place in your environment are being logged right now into event logs, W3C logs or Syslog files across your servers, workstations and networking devices. Think about it log files contain complete audit trails of access, additions, deletions or manipulation of key information (i.e. employee records, patient health data, etc.). Therefore, log files need to be collected, stored, analyzed and reported on to have near real-time security event detection and response as well as maintain historical compliance assurance and forensics. How can you do this? Use WhatsUp Log Management to: Step 1 Automatically collect and store your log files for as long as you need (e.g. HIPAA mandates log data retention for 6 years) with WhatsUp Event Archiver. Don t forget to: Leverage its cryptographic hashing capabilities to prevent tampering with archived log files Collect both Syslog and Windows event logs Step 2 Configure WhatsUp Event Alarm to generate real-time alerts for key events (e.g. access and permission changes to files, folders, and objects containing patient records or personally identifiable information). Step 3 Generate and automatically distribute the reports that you need to prove compliance with WhatsUp Event Analyzer see the following detailed tables. For more information on HIPAA, please read below: HIPAA Legal Requirements Suggested WhatsUp Log Management Alerts & Reports Best Practices: IT Management for Healthcare Services 7

8 Security Rule and Privacy Rule (c) All of the following must be addressed for logging and reporting: Password Aging Consolidated Change Logs User Privileges NTFS Permissions System Privileges Role Permissions & Membership Remote Access User Access Auditing Enabled Account Management Success/Failure Directory Service Access - Success/Failure System Events - Success/Failure Object Access Attempts Success/Failure Object Deletions Group Management Password Reset Attempts by Users Password Reset Attempts by Administrators or Account Operators Computer Account Management Directory Service Access Attempts Logon Failures Active Directory Finally, as a network engineer in a healthcare institution or hospital, budgets are often tight, with cost-cutting initiatives being implemented across the board. You re often challenged to support the day-to-day operations and well-being of hundreds of patients and employees with fewer resources. A cost-effective way to monitor, manage and secure your infrastructure without sacrificing resources would be ideal, but where do you start? WhatsUp Gold is a cost-effective IT management solution that offers superb functionality and a simple and fair price per device with no overuse hidden costs when it comes time to true up. Regardless of the number of monitored interfaces in your environment, WhatsUp Gold counts each device only once, so you end up paying just a fraction of the price of competing element-based solutions for the exact same configuration of WhatsUp Gold. WhatsUp Gold is thus a way to contain costs in your healthcare organization without additional surprise costs or sacrificing the integrity of your network. Healthcare providers, hospitals, insurance companies and social services are under tremendous pressure to supply services and technology that help lower the cost of care. Additionally, the increased reliance on IT for more efficient services will increase the burden on IT staff for meeting compliance initiatives and other items including implementing electronic health record systems and electronic medical record systems. But with WhatsUp Gold, you can save time and money with a powerful, affordable set of products that will ensure optimal network performance and complete protection. WhatsUp Gold's IT Management solution offers the best value for healthcare companies, is quick to implement/configure and is low in cost, has a simple per-device licensing model, has air-tight security with FIPS encryption, and helps healthcare organizations efficiently and effectively comply with regulatory requirements. WhatsUp Gold has been in the market for 20 years and has been tried and tested on over 100,000 networks, including in healthcare institutions just like yours. Download your 30-day free trial of WhatsUp Gold today at: Ipswitch, Inc. 83 Hartwell Avenue Lexington, MA Phone: (781) Best Practices: IT Management for Healthcare Services 8