Embed Size (px)
Citation preview
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
June 8| 11:15 am
Ali Youssef Sr. Clinical Mobile Solutions Architect
Henry Ford Health System
© 2015 Association for the Advancement of Medical Instrumentation www.aami.org 1
Introduction to Henry Ford Health System HFHS is a not-for-profit organization
primarily located in Southeast Michigan.
More than 23,000 total employees.
3.2 million outpatient visits and more than 88,800 surgical procedures (2013)
More than 89,000 patients admitted to HFHS hospitals
$6.018 billion total economic impact of HFHS on metro Detroit with revenue accounting for $4.52 billion
BioSr. Clinical Mobile Solutions Architect
Biomedical engineer by training
Lead author for "Wi-Fi Enabled Healthcare” Co-author, mHIMSS Roadmap Member of the AAMI Wireless Strategy Task
Force Certified Wireless Network Expert, CWNE
#133 Served as mHIMSS Advisory Council Member
Responsible for Wi-Fi network architecture and roadmap as well as strategy for mobile medical device certification testing and onboarding.
Mobility in HealthcarePurpose built Voice handsets (900-928 MHz; DECT 6.0 1.93GHz)
Medical Body area networks (2360-2400 MHz)
Bluetooth (2.4 -2.485 GHz)
Cellular Distributed Antenna Systems (3G, 4G)
Zigbee (2.4 GHz)
Telemetry WMTS (608-614 , 1395-1400 , and 1429-1432 MHz)
WLAN/Wi-Fi (2.4 GHz, and 5 GHz)
Wi-Fi at Henry Ford Health System
• Wi-Fi instrumental part of the infrastructure.
• Over 100 facilities and 8 million square feet of wall to wall Wi-Fi coverage.
• ~14,000 concurrent Wi-Fi devices daily
• Over 3500 Wi-Fi capable medical devices
Guest Access Employee Devices
Medical Devices VoWLAN Phones
BYOD RTLS
Wi-Fi Devices
Scenario 1: EKG Devices
ISSUE• Procured by 1 department
without IT, or Clinical Engineering oversight
• Standalone bolt-on wireless bridge• 802.11 b/g only (2.4GHz)• Lack of support for WPA2 • Static IP requirement
RESOLUTION• Worked with the vendor to
upgrade bridge firmware and hardware to support level of encryption required.
Scenario 2: Mobile X-Ray
ISSUE• Location of wireless card and
antenna orientation less than ideal.
• Transition from wired to wireless transmission requires a system reboot.
• Consumer grade USB based Wi-Fi card
RESOLUTION• Worked with the vendor closely
and they have redesigned the unit with mobility as a core requirement.
• Staff training.
Scenario 3: IV PumpsISSUE• Unique drug libraries/datasets
required in different hospitals.• Drug libraries correlated to
specific locations by the IP address of the device.
RESOLUTION• Modified the architecture of the
Wi-Fi network to provision the appropriate data sets as needed.
Scenario 4: Blood Gas AnalyzerISSUE• Blood Gas analyzer relied on an
independent Wi-Fi bridge.• The bridge preferred to join the
least encrypted network, and did not roam at all.
RESOLUTION• Worked with the manufacturer
over the course of several months to integrate a Wi-Fi client card into the device.
• Major performance increase as far as roaming, device recovering, and overall stability.
Wi-Fi Infrastructure Fundamentals
• Half-Duplex communication (listen or talk. Not both)• Shared bandwidth• Management overhead significantly higher than wired traffic due
to collision avoidance.• Unlicensed frequency bands.• Poor network management can lead to excessive RF
interference.• Capacity plan is heavily dependent on client device and traffic
types.• In Healthcare high availability and redundancy are core
requirement. Mission critical.• Trouble ticket volumes grow exponentially when it comes to Wi-
Fi outages.
Wi-Fi Client Fundamentals • Roaming and security limitations often on the client.• IEEE standards dictate most design parameters but
not all for chipset manufacturers.• No two client receive sensitivities are exactly alike.• Capabilities dependent on antenna design, and
chipset (# of streams supported )• Battery life is always a design consideration and
requires performance tradeoff
Wi-Fi specific threats• Wireless goes beyond
traditional physical security boundaries
• Data Interception can occur from miles away
• Eventually wireless security will be broken (WEP, TKIP)
• Rogue access points can circumvent your security system.
• Self imposed RF interference is possible and can result in service outages.
• Changes to the network can impact a wide variety of devices and device types.
Wi-Fi Medical device
• Departments with own budgets buy the latest Wi-Fi capable shiny device without involvement from other teams.
• “Bolt On” Wi-Fi connectivity is common• Major manufactures have missed the mark
and are now catching up • FDA approval process can be very lengthy• Security (device as well as supported
encryption) is often an afterthought.
Mobility Trends
Wireless
Wearables
Medical Devices
Employee Devices
TelemedicineVoice
Applications
Guest Access
BYOD
Mobility Trend - Wearables
IEC 80001 Standard and Guidance
• IEC 80001 Standard & Guidance provides a framework for applying proven risk management principles to networked medical technology deployment & use.
• Focus is achieving a balance between Safety (unexpected risk), effectiveness (intended result), as well as device and data security (confidentiality, availability, and integrity).
• Lowering the probability of potential hazards turning into harm and gauging the amount of risk.
IEC 80001-2-3 Wireless Guidance
Identify Risk
Assess Risk
Control Risk
Review Controls
Risk Acceptability
Low Risk is acceptable. Risk has little effect on goals, no additional control measures required.
Moderate Risk acceptability needs further consideration. Risk has some effect to goals but can be accepted when balanced with benefit. RO must pre-define policies in Risk Management Plan for risks in this level. Policies can include special team reviews (IT, clinical) or review boards, rationales, top management signoff, showing risk has been reduced as low as practicable, etc...
High Risk to goals is unacceptable, risk must be reduced before Medical IT network can be used, either by reducing likelihood or by reducing severity.
Negligible
Low
Medium
High
Catastrophic
FrequentProbableOccasionalRemoteImprobable
Unintended Consequence for Security; Effectiveness andData and System Security
Incr
easi
ng S
ever
ityIncreasing Probability
This matrix can be found in the Medical IT-Network Risk Management Plan document.
Risk AnalysisHazard
Hazardous Situation
Harm / Unintended Consequence
Probability Severity
Risk
“potential source of harm”
“circumstances in which people, property, or the environment are exposed to one or more hazard(s)”
“physical injury or damage to the health of people, or damage to property or the environment, or reduction in effectiveness, or breach of data and system security”
“combination of the probability of occurrence of harm and the severity of that harm”
Risk Evaluation“process of comparing the estimated risk against given risk criteria to determine the acceptability of the risk”
Sequence of Events w/ Root CauseRISK ANALYSIS
*Taken from AAMI筑 s Getting Started with IEC 80001
IEC 80001 Implementation Challenge
• Complex family of standards and processes requiring extensive documentation and due diligence.
• Potential Headcount increase required• No financial penalties for lack of
implementation unlike failure to comply with HIPAA which has stiff financial penalties.
• Difficult to perceive and project Hazards turning into Harm until its too late.
Phased implementation
-Accurate device inventory-Basic device testing-Onboarding criteria
-Formal Onboarding and Certification Process.
-Full IEC 80001 framework.
Wi-Fi Medical device Certification and Onboarding
• Started with less than 100 devices in 2006, and now over 3,500 wireless medical devices
• Close working relationship between CE and IT. Both report to CIO.
IT Request Submitted
Questions
