White Paper Healthcare WLAN Applications: North American Hospital Survey Results Aruba Wireless Networks www.arubanetworks.com
Introduction The benefits of mobility in the delivery of healthcare services are readily apparent. Doctors and nurses spend most of the time on their feet working in teams to ensure the health and safety of patients. The ability to quickly alert staff and obtain medical information from any location within a hospital is mission critical. This demand for mobility in healthcare operations is evident in the fact that hospitals and medical practitioners were among the early adopters of paging and cordless PBX technologies (e.g. DECT). A shortage of nurses has amplified the need for increased productivity. In addition to productivity enhancements, wireless capability is viewed as a critical component of an overall strategy to reduce medical errors and save lives. 802.11 WLAN technology has emerged as the preferred method to enable mobility for healthcare applications. The wide adoption of the standard by silicon providers and equipment manufacturers has resulted in the availability of a diverse set of cost effective wireless enabled client devices (e.g. laptops, PDAs, phones, RFID tags, bar code scanners). In this whitepaper, the results of an online survey quantifying the rate of adoption of 802.11 enabled healthcare applications is presented and analyzed. Following this, an optimal WLAN solution supporting the critical applications identified in the survey is proposed. Healthcare Survey: WLAN Application Rate of Adoption Aruba Networks conducted an online survey of North American hospitals in the spring of 2006. Forty-one healthcare institutions responded to the survey providing a comprehensive view of the rate of adoption of key 802.11-enabled healthcare applications. The survey found mobile electronic medical records (EMR), drug administration, Voice over WLAN, asset tracking and equipment monitoring to be among the most popular WLAN applications (Figure 1): Fig 1: Healthcare WLAN Application Rate of Adoption Aruba Wireless Networks Healthcare WLAN Applications: Survey Results 1
Mobile Clinical Computing: Mobile EMR At 41% adoption (Fig 1), mobile EMR is the leading WLAN application in hospitals today. Mobile, secure access to patient Electronic Medical Records (EMR) is critical to the efficient delivery of care. Staff can retrieve or input records and radiological images from 802.11 enabled PDAs, tablet PCs, and Computers on Wheels (i.e. CoWs ). The handling of patient data requires special care to maintain confidentiality. In the US, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 requires that healthcare institutions devise and enforce IT policies necessary to ensure privacy. IT managers are compelled to choose a WLAN solution that offers best in class security. Best practices in most hospitals today demand the implementation of 802.11i authentication/encryption and the ability to detect rogue APs. In addition to these wireless security measures, many hospitals deploy clinical data applications in a thin client (e.g. Citrix) environment to avoid compromising patient information in the event of a lost/stolen computing platform. It should be noted that healthcare professionals require access not only in hospitals, but also in outpatient clinics and, increasingly, at home. This means that security policies must be enforced even when the physician needs to access patient records while at home on call. Eighty-nine percent of hospitals surveyed want to enforce HIPAA policies in the home offices of telecommuting physicians and nurses. A secure WLAN solution that can be self-installed by nurses & physicians without assistance from IT would be optimal. Administration of Drugs Eighteen percent of respondents have deployed 802.11-enabled bar code scanners today to help reduce medication errors with another 49% planning to do so over the next two years (Fig 1). The FDA estimates that, left unchecked, medication errors will result in the loss of $93 billion over the next 20 years due to adverse effects and extended hospital stays. Errors can occur due to illegible handwritten prescriptions, dosage miscalculations, failure to recognize adverse drug interactions, or the administration of drugs to the wrong patient. The FDA requires the use of bar codes on drug containers and patient wrist bracelets to ensure that the correct medications are administered to the correct patients. As staff must move between patients, handheld wireless bar code scanners and scanners attached to Wi-Fi enabled Computers on Wheels (i.e. CoWs) present the most practical method to comply with this regulation. More information on the FDA mandate can be obtained at the following location: http://www.fda.gov/oc/initiatives/barcode-sadr/fs-barcode.html 2 Healthcare WLAN Applications: Survey Results Aruba Wireless Networks
Voice over WLAN (VoWLAN) Twenty-six percent of hospitals have deployed VoWLAN today with another 41% planning to do so within the next two years (Fig 1).Voice is a key driver for the deployment of WLAN in hospitals. Prior to 802.11, hospitals desiring mobile voice capability typically deployed cordless PBX technologies (e.g. CT2,DECT) to avoid the high cost of cellular. The survey found that 50% of hospitals restrict the use of cellular phones due to concerns over patient safety. Forty percent of respondents have deployed cordless PBX technologies, such as CT2 and DECT, which are nearing obsolescence and which require a dedicated voice only deployment of radios. With a migration to VoWLAN, IT staff no longer have to maintain two separate networks for voice and data, which can mean significant reductions in spending on equipment, maintenance, and training. VoWLAN introduces the concerns of ensuring Quality of Service (QoS) and secure mobility on an integrated network. The use of soft phone client technology and converged devices such as the RIM BlackBerry 7270 can help maximize the utility obtained from mobile computing devices, but the QoS mechanism must be able to distinguish between voice and data streams generated by the same device. Providing an optimal environment for VoWLAN demands a system capable of maintaining good coverage (i.e minimizing signal dead zones) by dynamically reacting to interferers. Secure mobility demands that an 802.11i authenticated/encrypted device can handover between APs, even ones sitting on different subnets, without dropped calls or voice quality degradation. 802.11 Asset Tracking/Location Thirteen percent of hospitals have deployed asset location technology today with another 57% planning to do so within the next two years (Fig 1). Asset tracking can help ensure the rapid retrieval of necessary equipment during emergencies when every second counts. In addition, this capability has the potential to save hospitals a significant amount of money. In the absence of asset location tracking, service technicians may spend hours locating equipment before inspecting/repairing it. This results in significant increases to billable hours and maintenance expenses. 802.11 RFID tags can be placed on hospital beds and expensive mobile equipment such as IV pumps. Devices with embedded 802.11 (e.g. VoWLAN clients, PDAs, tablets) would be trackable without any modification to the client. Equipment Monitoring/Telemetry Thirteen percent of hospitals have deployed 802.11 equipment monitoring applications today with another 41% planning to do so within the next two years (Fig 1).The ability to have medical devices communicate status information to a remote monitoring facility is highly desirable. For example some IV pumps (e.g. Cardinal Alaris) can be checked remotely via an 802.11 interface to ensure that fluid levels Aruba Wireless Networks Healthcare WLAN Applications: Survey Results 3
do not fall below acceptable limits. With 802.11 interfaces dropping rapidly in price, it can be expected that the number of devices that support telemetry will increase significantly over the coming years. Guest Access Seventy-four percent of respondents anticipate supporting WLAN guest access for patients and guests (e.g. visiting physicians, medical students/interns).the increased productivity of consultants, suppliers and other non-staff involved in healthcare operations affects the performance of medical institutions. With the proliferation of VPN access to the enterprise, this means offering secure wireless guest access to visitors when they are on premises. In addition, health care providers find that guest access is a desirable amenity to provide to patients and their families. However, guest access must be provided in such a way that it does not sap bandwidth resources from mission critical hospital applications. The WLAN must have the ability to completely separate guest and internal traffic. Survey Conclusions For most hospitals the two leading 802.11 applications are mobile access to clinical data and VoWLAN. The survey results indicate that healthcare institutions require a migration away from separate radio networks supporting a single application (e.g. EMR, voice, telemetry, and asset tracking) to a single WLAN supporting all critical mobile health applications. Furthermore, all of these applications must be supported with industry leading security to ensure HIPAA compliance throughout the healthcare system (i.e. hospital, primary care clinics, and doctor s office). 4 Healthcare WLAN Applications: Survey Results Aruba Wireless Networks
Optimal Solution for Healthcare Applications: Aruba Mobile Edge Architecture Fig 2: Centralized WLAN architecture for the Healthcare Industry The survey results point towards the need for a WLAN that provides secure support, throughout the healthcare system, for critical applications like mobile EMR and VoWLAN. The Mobile Edge System (Fig. 2) presents many benefits to healthcare institutions: Lower Deployment Cost A hospital deployment of fat APs supporting internal data, voice, and guests would require that existing wired infrastructure be upgraded or reconfigured to support multiple VLANs. The Aruba Mobile Edge does not require any disruption to the installed wired infrastructure. WLAN traffic is tunneled (i.e. IPSec or GRE) from the thin APs to the central Mobility Controller where traffic is aggregated. RF site surveys constitute a significant portion of deployment costs in hospital environments. First generation fat APs have static RF management capability that has to be run at specific times and can not react dynamically to changing conditions. With Aruba Network s Adaptive Radio Management APs can continuously monitor the RF environment and send radio measurements to Aruba Wireless Networks Healthcare WLAN Applications: Survey Results 5
the controller which can detect coverage holes, interference, and WLAN congestion on a real time basis. If these RF issues are detected, the controller can automatically re-compute the optimum RF settings for the network and implement the new plan by automatically changing the AP s channel assignment and transmit power levels. In the event of an AP failure, the Mobile Edge system automatically alters adjacent AP settings to ensure no loss of WLAN coverage. Lower TCO With first-generation fat APs each AP must be configured and managed individually. To make any configuration changes, an updated configuration must be pushed to each individual AP. With a centralized architecture, in contrast, configuration changes are made at the controller. For example, to implement 802.1x on a hospital network of 200 fat APs, all 200 APs must be configured. With the Aruba Mobile Edge, only the controller must be configured. Some hospitals (e.g Sharp Healthcare) estimate that migrating from legacy APs to the Aruba Mobile Edge has reduced operational expenses by 80%. Industry Leading HIPAA Security Aruba offers the industry leading security solution for ensuring the confidentiality of patient information (i.e. HIPAA). Aside from standard 802.11i authentication/encryption, Aruba offers benefits that are unique to the Mobile Edge architecture. Competing architectures perform encryption at the AP. This leads to key explosion, a vulnerability caused by the transfer of encryption keys to multiple APs when a client is roaming. In the Mobile Edge architecture, all encryption is performed at the Mobility Controller obviating the need to replicate and transfer keys during inter-ap handoff. The Mobile Edge Policy Enforcement Firewall (PEF) enables IT staff to define policies based on a per user/role basis. This is critical in a hospital environment where access to patient information may be restricted to physicians and nurses. Competing solutions would require a different SSID/VLAN for each class of employee (e.g. SSID 1:doctors/nurses, SSID 2: management, SSID 3: operations), a methodology that does not scale. With Aruba, all of these functional groups can be accommodated on a single SSID/VLAN without the difficulty of implementing VLANs on the wired network or creating multiple client profiles. Furthermore, Identity Based Security means that policies follow healthcare professionals as they travel between the hospital, associated primary care clinics, and home offices instead of being tied to an SSID/VLAN. PEF also ensures that less secure legacy WLAN devices (e.g. legacy VoWLAN handsets and barcode scanners) that are not WPA capable can be given access without rendering patient records vulnerable. 6 Healthcare WLAN Applications: Survey Results Aruba Wireless Networks
The Mobility Controller is application aware, a capability that is unique to Aruba Networks. This provides the Mobile Edge with additional tools for ensuring security. For example, VoWLAN SIP traffic can be identified and constrained to VoIP resources. Aruba offers integrated Wireless Intrusion Prevention (WIP), the ability to detect and prevent various vulnerabilities and over-the-air attacks (e.g. rogue APs, ad-hoc networks, Man in the Middle, Denial of Service). WIP capability is critical to ensuring a comprehensive security solution for HIPAA. Aruba Networks APs can function as WIP sensor and AP simultaneously, eliminating the need for an overlay sensor network. With the Aruba Client Integrity Module, an employee s or guest user s computing device can be checked for integrity (e.g. latest antivirus software, OS security patches) before being given access to the WLAN to reduce the chances of infecting the network with a worm or virus. Mobility The Aruba Mobile Edge offers low latency mobility/ fast handoff for all Wi-Fi certified NICs, a capability critical for QoS-sensitive applications (e.g. VoWLAN, patient monitoring) as well as mobile clinical data applications in a thin client environment (e.g. Citrix). Inter-AP handover of 802.11i and VPN-secured devices must be handled in such a way as to minimize latency and degradation of voice quality. Competing implementations that require vendor-specific modifications to the client to enable mobility will greatly increase the cost and complexity of WLAN deployments. VoWLAN and the Multi-Service Network Healthcare WLANs must serve different classes of users (e.g. staff, guests) and applications (e.g. VoWLAN and EMR). It is critical that limited bandwidth resources be allocated appropriately. To support the end-to-end QoS required for VoWLAN and patient monitoring, the Aruba Mobile Edge checks the legitimacy of client priority requests by following the signaling stream, and respecting relevant L2 and L3 QoS tags. The Mobile Edge supports call admission control based on the number of active calls on an AP and limits the amount of bandwidth that lower priority devices (e.g. guest laptops) can use. Healthcare institutions are likely to use soft phones on PDA/Tablet PCs for voice communications. Unlike VoWLAN handsets/badges, these devices generate both voice and data traffic. But a legacy WLAN system would incorrectly classify all traffic from such devices as either data or voice. With application awareness, the Mobile Edge can distinguish between voice and data traffic generated by a single device and ensure that 802.11 frames are assigned the appropriate priority based on traffic type. Aruba Networks has partnered with several leading providers of healthcare VoWLAN clients and call servers (e.g. Vocera, SpectraLink, Avaya, Ascom). Aruba Wireless Networks Healthcare WLAN Applications: Survey Results 7
Location The Aruba Mobile Edge has integrated location capability for locating rogue APs and devices with integrated 802.11 clients. Through an API it provides location co-ordinates to third-party applications. The tracking of thousands of assets with 802.11 tags is supported through partnerships with leaders in the 802.11 RFID space (e.g. Ekahau, PanGo). High Availability WLAN Healthcare applications demand a highly available WLAN. The Aruba Mobile Edge delivers superior availability by offering client load balancing, mobility controllers with redundant fan/power subsystems, fast roaming (<10 ms) for application persistence, and automatic detection and correction of coverage holes. Conclusion The results of Aruba Networks spring 2006 survey of North American hospitals indicate that most hospitals deploying WLAN intend to deploy mobile clinical data applications (e.g. EMR, barcode scanners, device monitoring), VoWLAN, and location tracking within the next two years. All of these applications must be supported without compromising patient confidentiality (e.g. HIPAA) a critical concern that influences WLAN vendor choice. VoWLAN demands the ability to support end-to-end QoS, Call Admission Control, and fast handovers. Another unique requirement is the ability to provide access to guests without compromising the availability of bandwidth to critical internal applications. Deployment of the Aruba Networks WLAN architecture, with thin APs managed by a mobility controller, is the best way to support critical healthcare applications while ensuring network security. In addition to superior performance, the Aruba Mobile Edge offers a compelling Total Cost of Ownership (TCO). This approach to WLAN eliminates the need for costly wired switch upgrades and minimizes the expense required for manual RF site surveys. Ongoing maintenance costs are reduced by the centralized architecture which scales down the number of distinct devices that must be individually managed. For more information on how healthcare institutions have utilized WLAN technology, please visit: http://www.arubanetworks.com/solutions/industry/healthcare/ 8 Healthcare WLAN Applications: Survey Results Aruba Wireless Networks
About Aruba Wireless Networks, Inc. Aruba Wireless Networks is a fast-growing enterprise infrastructure company enabling the Mobile Edge, an evolutionary new network architecture that addresses three top concerns of IT managers mobility, security, and convergence. The Mobile Edge extends the reach of enterprise networks, providing secure access to information and voice services anywhere a user needs them, enabling new applications, allowing organizations to compete more effectively, and bringing about dramatic economic benefits. To deliver the Mobile Edge, Aruba manufactures and markets a complete line of fixed and modular mobility controllers, wired and wireless access points, and an advanced mobility software suite. Privately-held and based in Sunnyvale, California, Aruba has operations in the United States, Europe, the Middle East, and Asia Pacific, and employs staff around the world. To learn more, visit Aruba at http://www.arubanetworks.com Aruba Networks and Aruba The Mobile Edge Company are trademarks of Aruba Wireless Networks, Inc. All other trademarks or registered trademarks are the property of their respective holders. 2006 Aruba Wireless Networks, Inc. All rights reserved. Specifications are subject to change without notice. Aruba Wireless Networks Healthcare WLAN Applications: Survey Results 9