Mobilizing the Clinician Extending applications securely to wireless health workers. Peter George Managing Director Wheatstone Consulting

Why wireless? Management Perspective Facilitate workflow improvements Improve clinical documentation Improve patient safety Share patient data within a multi-entity healthcare delivery system. Clinical Perspective Share patient record information Improve quality of care Improve workflow efficiency Reduce medical error Data from MRI 5 th Annual Survey of EHR Trends and Usage

Management Perspective

Facilitate workflow improvements

Improve clinical documentation

Improve patient safety

Share patient data within a multi-entity healthcare delivery system.

Clinical Perspective

Share patient record information

Improve quality of care

Improve workflow efficiency

Reduce medical error

Legacy Network Applications … expect a network which is: Fast Clean Seamless Always available Secure and where devices remain static in wireless networks almost none of these conditions prevail.

… expect a network which is:

Fast

Clean

Seamless

Always available

Secure

and where devices remain static

Wireless Data Challenges Application Performance & Reliability Network Coverage Issues Multiple Networks – segments types and suppliers Limited and variable network speeds Security – over the air and of central network. Complexity – more “stuff” for users and administrators. Positive ROI

Application Performance & Reliability

Network Coverage Issues

Multiple Networks – segments types and suppliers

Limited and variable network speeds

Security – over the air and of central network.

Complexity – more “stuff” for users and administrators.

Positive ROI

Wireless Application Deployment: Typical Approaches in use today Modify/Repurpose the Application Purchase a “Wireless” Specific Application add-on Hand-craft a Middleware Solution Try to extend existing application – via VPN technology

Modify/Repurpose the Application

Purchase a “Wireless” Specific Application add-on

Hand-craft a Middleware Solution

Try to extend existing application – via VPN technology

Mobility XE: Get Connected. Stay Connected. Hotspot WAN WAN WAN Coverage Gap Secure DSL Connection Roamable VPN Application Session Persistence InterNetwork Roaming Compression & Link Optimizations Best Bandwidth Routing Application Server VPN Router Poor Coverage Day in the Life of a Mobile Clinician

Ensures stable and reliable connections Works in existing environments today and allows migration to new technologies as they become deployed Provides protection against unauthorized access Solution needs to be based on IP and Internet technologies What ever the final solution is, it has to be network agnostic Mobile Solution Litmus Paper Test

Ensures stable and reliable connections

Works in existing environments today and allows migration to new technologies as they become deployed

Provides protection against unauthorized access

Solution needs to be based on IP and Internet technologies

What ever the final solution is, it has to be network agnostic

Productivity Report on Mobile Clinicians St. Luke’s Episcopal Hospital Houston Texas

Productivity Report on Mobile Clinicians “ Mobile workers experienced lost connections on average 2 – 3 times per day” Lost productivity due to dropped connections: $2,112 per year per wireless employee Help-desk cost from dropped connections: $758 per year per wireless employee 500 clinicians equipped with mobile devices

“ Mobile workers experienced lost connections on average 2 – 3 times per day”

Lost productivity due to dropped connections: $2,112 per year per wireless employee

Help-desk cost from dropped connections:

$758 per year per wireless employee

500 clinicians equipped with mobile devices

Environmental Issues Electronic interference

Electronic interference

Environmental Issues Physical Interference causes coverage gaps

Physical Interference causes coverage gaps

“ Today's standard IPsec and SSL VPNs just aren't cutting it.” “ Those in healthcare, government, retail, and transportation, should look to invest in mobile VPNs now.” Forrester Research: Mobile VPNs: Securing Mobile Remote Access June 2005

“ Today's standard IPsec and SSL VPNs just aren't cutting it.”

“ Those in healthcare, government, retail, and transportation, should look to invest in mobile VPNs now.”

Experience with IPSec and SSL VPNs IPSec VPNs MobileIP = User intensive solution with high TCO Poor performance when used for wireless No application persistence SSL VPNs Great for browser/web-based access (but is this all you will need?) More complicated for Win32 solutions (ActiveX/Java) Poor wireless performance: lack of optimization for wireless networks

IPSec VPNs

MobileIP = User intensive solution with high TCO

Poor performance when used for wireless

No application persistence

SSL VPNs

Great for browser/web-based access (but is this all you will need?)

More complicated for Win32 solutions (ActiveX/Java)

Poor wireless performance: lack of optimization for wireless networks

Mobile VPNs enable any IP network application… to operate securely, seamlessly and efficiently … over and between any IP network… without modification to the… application or networks . . . under administrator control Makes wireless networks perform as if they were wired Enter the Mobile VPN

Mobile VPNs enable

any IP network application…

to operate securely, seamlessly and efficiently …

over and between any IP network…

without modification to the…

application or networks . . .

under administrator control

Makes wireless networks perform as if they were wired

Criteria for Successful Mobile Computing Security Control Reliability Usability Bandwidth S C R U B

Security

Control

Reliability

Usability

Bandwidth

S

C

R

U

B

What to look for in a Mobile VPN Security Use of certified standards Encryption Key exchange Authentication Military grade encryption Tunnel must be secure Should not be susceptible to MIM attacks Policy Management Allow or deny access to internal networks Allow or deny access to internal network resources Allow or deny access to specific network applications Enforce which applications are allowed to pass traffic on a given network

Use of certified standards

Encryption

Key exchange

Authentication

Military grade encryption

Tunnel must be secure

Should not be susceptible to MIM attacks

Policy Management

Allow or deny access to internal networks

Allow or deny access to internal network resources

Allow or deny access to specific network applications

Enforce which applications are allowed to pass traffic on a given network

What to look for in a Mobile VPN Control Centralized Management Secure, remote access to console from anywhere Visibility into connection status Visibility into user/device activity Lost/Stolen device quarantine Server scalability High Availability Load balancing No single point of failure Support for thousands of mobile user/devices

Centralized Management

Secure, remote access to console from anywhere

Visibility into connection status

Visibility into user/device activity

Lost/Stolen device quarantine

Server scalability

High Availability

Load balancing

No single point of failure

Support for thousands of mobile user/devices

What to look for in a Mobile VPN Reliability Seamless roaming Network transitions without re-authentication or application restarts Transparent to end-user Application persistence Data is protected during roaming events, suspend/resume, or loss of coverage User can initiate a data transmission, suspend the device, resume after 2 hours (days), and pick up where they left off IP address management Must manage changing IP addresses while preserving applications and connectivity Must preserve IT Management visibility and control

Seamless roaming

Network transitions without re-authentication or application restarts

Transparent to end-user

Application persistence

Data is protected during roaming events, suspend/resume, or loss of coverage

User can initiate a data transmission, suspend the device, resume after 2 hours (days), and pick up where they left off

IP address management

Must manage changing IP addresses while preserving applications and connectivity

Must preserve IT Management visibility and control

What to look for in a Mobile VPN Usability User transparency User should not be required to do “anything” make it easy to do it right Zero end user configuration Roaming takes place without user intervention Single sign on It just works…

User transparency

User should not be required to do “anything”

make it easy to do it right

Zero end user configuration

Roaming takes place without user intervention

Single sign on

It just works…

What to look for in a Mobile VPN Bandwidth Optimized for bandwidth sensitive networks Employs data compression Uses UDP instead of TCP Offers link level optimizations Data coalescing Selective acknowledgments Uses policy management to limit protocol heavy applications on low bandwidth networks.

Optimized for bandwidth sensitive networks

Employs data compression

Uses UDP instead of TCP

Offers link level optimizations

Data coalescing

Selective acknowledgments

Uses policy management to limit protocol heavy applications on low bandwidth networks.

*Requires the installation and configuration of client software **For web based traffic ***Many third-party IPSec solutions are now supporting the NAT-T RFC How IPSec and SSL VPNs Compare Yes Yes Yes Quarantine by device or user Yes No*** Yes NAT-friendly Yes No Yes** Transparency (ease of use) Yes Yes No* Compatible with Win32 applications without modification Yes No No Wireless Link Optimization Yes Some No Data compression Yes No No Application session persistence Yes No No Seamless roaming (slow handoffs – out-of-range or suspend/resume) Yes No Yes Seamless roaming (fast handoffs) Yes No Tolerant Wireless-friendly Yes Yes Yes Device-to-DMZ security Yes Yes Yes Integrates with existing authentication schema Yes Yes Yes Standards-based encryption Yes Yes Yes Standards-based key exchange Mobile VPN IPSec SSL

Productivity Report on Mobile Clinicians “Mobile workers experienced lost connections on average 2 – 3 times per day” Lost productivity due to dropped connections: $2,112 per year per wireless employee Help-desk cost from dropped connections: $758 per year per wireless employee Savings after deploying mobile VPN: $2,751 per employee ROI realized in 30 days

“Mobile workers experienced lost connections on average 2 – 3 times per day”

Lost productivity due to dropped connections: $2,112 per year per wireless employee

Help-desk cost from dropped connections:

$758 per year per wireless employee

Savings after deploying mobile VPN:

$2,751 per employee

ROI realized in 30 days

Stories From the Front Line Marshfield Clinic Situation 42 clinical centres & 750 physicians Deploying 2,000 tablet PCs Custom Patient Records application Using multiple WLANs Issue Application performance & security Mobile VPN installed in hours Created reliability for Patient Record application by persisting application sessions Ensured consistent security with 128-bit AES Roamable VPN Physicians readily adopted solution Centre intends to eliminate more than 2,000 paper forms within next 2 years

Situation

42 clinical centres & 750 physicians

Deploying 2,000 tablet PCs

Custom Patient Records application

Using multiple WLANs

Issue

Application performance & security

Mobile VPN installed in hours

Created reliability for Patient Record application by persisting application sessions

Ensured consistent security with 128-bit AES Roamable VPN

Physicians readily adopted solution

Centre intends to eliminate more than 2,000 paper forms within next 2 years

Stories From the Front Care in the Community Situation Home health care 80 remote clinicians Using laptops Wide-area requirement (GPRS) Issues Record keeping problems Worker inefficiency – 1 hr per day in data entry Unusable connectivity Key application -- Siemens Novius Home Care takes 30 minutes to launch Mobile VPN Solution Creates transparent solution that clinicians readily use Compression & Link Optimizations make Novius usable & reliable Result Real-time data-entry connectivity saving Total manpower saved - one month per year per worker Record keeping resolved -cycles reduced with overall “joined-up” care improvement

Situation

Home health care

80 remote clinicians

Using laptops

Wide-area requirement (GPRS)

Issues

Record keeping problems

Worker inefficiency – 1 hr per day in data entry

Unusable connectivity

Key application -- Siemens Novius Home Care takes 30 minutes to launch

Mobile VPN Solution

Creates transparent solution that clinicians readily use

Compression & Link Optimizations make Novius usable & reliable

Result

Real-time data-entry connectivity saving

Total manpower saved - one month per year per worker

Record keeping resolved -cycles reduced with overall “joined-up” care improvement

Mobile VPN Summary Security is critical – goes without saying It must be transparent to networks, devices, applications, and mobile workers Architecture should be designed for wireless networks - not retrofitted Administrator should be able to control access to network resources or specific applications Your mobile VPN should not limit your application options, should offer ROI and be quick and easy to deploy

Security is critical – goes without saying

It must be transparent to networks, devices, applications, and mobile workers

Architecture should be designed for wireless networks - not retrofitted

Administrator should be able to control access to network resources or specific applications

Your mobile VPN should not limit your application options, should offer ROI and be quick and easy to deploy

Thank you Peter George Wheatstone Consulting [email_address]  +44 1865 714814

Peter George

Wheatstone Consulting

[email_address]

 +44 1865 714814