More medical devices and applications are now attached to hospital-wide Wi-Fi networks to automate updates of electronic health records and clinical information systems. Medical device connectivity is used to remotely monitor and manage patient care, from medication administration via wireless infusion pumps to collecting patients’ vital signs via wireless blood pressure sensors and EKGs—all with positive results.
In fact, a recent report on medical device connectivity market states that various hospitals that have implemented CPOE (Computerized Physician Order Entry) systems have demonstrated a 20 percent decrease in hospital-wide mortality rates.
However, while relying on technology to improve care delivery is a critical strategy for hospitals, it also places medical device security, as well as network security uptime and performance, at risk. It was evident in how hospitals in the U.S. and Europe were recently affected by ransomware attacks— critical systems and applications went offline, medical procedures postponed and medical staff were forced to revert to handwritten notes and patient records. And as Wi-Fi becomes the primary communication medium for connected mobile devices, even the smallest disruption in network communications or poor device reliability could lead to misdiagnosis of symptoms, or even loss of life, creating potential liabilities for healthcare facilities and caregivers.
As such, connected medical devices need secure and reliable connectivity. They have to securely coexist in an increasingly dense wireless ecosystem of healthcare workers’ devices (BYOD) along with its own network-connected counterparts— ranging from diagnostic equipment like X-rays, CT scanners and MRIs to mobile workstations, infusion pumps, patient monitors and smart beds.
Security concerns are increasingly justified, as it can be embarrassingly easy to hack these devices that are often protected only by a simple password. The most vulnerable devices include those directly connected to patients and wireless networks such as drug infusion pumps, which could be hacked to deliver a lethal dose, and pacemakers. In response, the FDA has issued draft guidance for security for managing cyber devices making cybersecurity a regulatory consideration for device manufacturers and healthcare organizations.
But security considerations go wider than just the device itself: it’s also critical to evaluate the security of the wider enterprise networks used within the hospital or care setting. The design and implementation of the technical architecture, following best practices for continuous test and validation—from initial network design to live operation—are essential to ensuring that connected devices and mission-critical applications work reliably, quickly and securely. Healthcare enterprises leveraging such well-defined testing best practices and methodologies can lower costs, minimize risk and establish a competitive advantage.
Testing times for healthcare IT
The wireless healthcare ecosystem is a complex market. While the Wi-Fi Alliance provides standards of interoperability, it’s only the first step. Healthcare mobility requirements demand a high degree of secure roaming, while ensuring a persistent connection to core systems. Data sheets specifications might show compliance with standards such as 802.111, but it’s only proprietary manufacturer testing that validates the reliability of roaming in the device.
As such, medical device manufacturers should stress-test their products under enterprise roaming conditions, with the full range of security applications that would be deployed in normal usage. The best way to accomplish this is to conduct proactive testing using an ecosystem-testing model that mirrors the healthcare enterprise. The testing programme for medical client devices should include controlled lab tests, as well as assessment of field performance that is validated in a typical healthcare ecosystem. It should also include a mixed-use environment with data-, voice-, video- and WLAN-enabled medical devices.
In Wi-Fi patient monitoring, it is essential that vital signs and alarms be transmitted with 100 percent reliability. Validation testing for roaming handoffs from access point to access point, while maintaining the enterprise security connection is imperative. Continuous testing lifecycles should commence during device or application development, then continue through live deployment. Testing will also be needed for each software and/or firmware update in the WLAN vendor of choice. This is known as optimization testing, ensuring that the device, application performance, and security has improved or at a minimum, not changed after updates have been applied. Validating that the medical device application still performs as intended as an FDA-regulated product, is critical.
And with ongoing advancements in Wi-Fi technology, any updates to device software and applications also require testing. A continuous testing life cycle should start during device or application development, then continue through live deployment. A WLAN-enabled medical device has to initially obtain a FDA 510(k) approval, and changes to firmware and software should not affect the device’s performance, reliability or security. So continuous testing ensures that the device or application will still meet approved use requirements, after launch.
Testing best practices
Here’s a checklist of testing best practices for the development of healthcare devices that are exposed to a patient and a healthcare facility network.
● Testing should occur at the earliest point during design to verify that the WLAN or network technology chosen works as promised
● Up-front testing will serve as the foundation for regulatory submission, and also help to develop the correct deployment guidelines and support requirements in the field
● Continuous testing must be part of the internal regulatory process. Such validation is also needed throughout the product lifecycle to meet security and quality of service requirements of many life-critical applications
WLAN deployments for healthcare environments should also include a site assessment to measure the performance of multiple client devices and quantify the end-user experience in real-world network environments, including:
● Measuring the wireless experience from the user or client perspective
● Creating a live network ecosystem to assess how devices and applications perform and co-exist in real world environments
● Modeling “what if” scenarios as new users, devices, applications, and technologies are added to the network over time
Healthcare is still on a learning curve for leveraging wireless technology for medical devices. Security and reliability of such devices are a major concern. Following best practices resulting from hospitals that have successfully deployed reliable wireless networks will help to accelerate adoption, and improve the quality of healthcare—while ensuring it does no harm.
1 Postmarket Management of 4 1 2 Cybersecurity in Medical Devices 3 4 Draft Guidance for Industry and 5 Food and Drug Administration Staff, January 22, 2016 http://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm482022.pdf
The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker’s Hospital Review/Becker’s Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.
