INTERNET | VOICE | TELEVISION | NETWORK SERVICES | CLOUD SERVICES

Preventive Medicine for Healthcare Networks:
The Import...
Preventive Medicine for
Healthcare Networks:
The Importance of
Last-Mile Diversity

Michael Harris,

Principal Consultant,...
A survey by IT firm CDW estimated that network outages cost U.S.
businesses a combined $1.7 billion in lost profits, with 21...
The HITECH Act further extends HIPAA Security Rules to “business associates”
of covered entities that use electronic prote...
Calling on Cable

Figure 2

Last-Mile Diversity with Cable
TWCBC Network

TWCBC

IL E
C/

CL

EC

ILEC/CLEC Network

Cable...
A multihoming approach frequently employed by larger organizations is
Border Gateway Protocol (BGP). A common Internet rou...
Deploying Different Baskets

Last-mile diversity and Internet access redundancy are essential to ensuring
business continu...
Upcoming SlideShare
Loading in …5
×

Preventive Medicine for Healthcare Networks: The Importance of Last-Mile Diversity

240
-1

Published on

Proactive healthcare organizations, recognizing the critical role of last-mile connectivity and always-available Internet access, utilize redundant connections from multiple service providers. Despite their good intentions, however, their Internet and communications connectivity risk may still be in a single basket.

Published in: Healthcare, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
240
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Preventive Medicine for Healthcare Networks: The Importance of Last-Mile Diversity

  1. 1. INTERNET | VOICE | TELEVISION | NETWORK SERVICES | CLOUD SERVICES Preventive Medicine for Healthcare Networks: The Importance of Last-Mile Diversity Michael Harris Kinetic Strategies
  2. 2. Preventive Medicine for Healthcare Networks: The Importance of Last-Mile Diversity Michael Harris, Principal Consultant, Kinetic Strategies In support of their business continuity and regulatory compliance plans, healthcare providers try—as the proverb advises—to avoid putting all their eggs in one basket. Proactive healthcare organizations, recognizing the critical role of last-mile connectivity and always-available Internet access, utilize redundant connections from multiple service providers. Despite their good intentions, however, their Internet and communications connectivity risk may still be in a single basket. That is because Internet service providers (ISPs) and competitive local exchange carriers (CLECs) may operate using leased network infrastructure from the same incumbent local exchange carrier (ILEC). When Disaster Strikes Even healthcare providers in Silicon Valley—America’s high-technology heartland—are not immune from Internet interruptions. Early on a Thursday morning in April 2009, vandals cut ten fiber-optic cables in San Jose, Calif. While most of the fiber lines were owned by AT&T, numerous Internet and communications service providers were impacted, including Verizon and Sprint. More than 50,000 business and residential customers lost service. Following the network failure, doctors could not access electronic medical records and emergency 911 services were interrupted for first responders. Even mobile services from multiple carriers were disrupted as connections to cell phone towers failed1. “During a network failure, one hospital turned to ham radio operators for emergency communications.” During the outage, Dominican Hospital in Santa Cruz found itself completely disconnected from the outside world. Santa Cruz County’s District Emergency Coordinator explained the hospital’s predicament: “There hadn’t been telephones or Internet anywhere since about 2:30 AM. The hospital’s phone system did work, but only within the hospital. Their internal computer local area network wasn't working either.” In desperation, the hospital had to turn to ham radio operators for help with emergency communications2. When Hurricane Sandy roared ashore in New Jersey in late October 2012, landline and mobile communications services throughout the Northeastern U.S. were severely disrupted. Even those carriers that were “too big to fail” did. As a result, many customers on Wall Street and other Big Apple business districts lost Internet connectivity, as well as hospitals and healthcare providers throughout the region3. Forrester Research finds that 76% of companies experience at least one disruption within five years, and 27% have to declare at least one disaster4. Internet service outages may result from myriad causes: sabotage, natural disasters or terrorist attacks; unexpected utility line cuts and regularly scheduled network repairs; equipment or application software failures. Additionally, IP network configuration errors, hacker attacks or congestion can severely degrade Internet services, undermining service availability. Whatever the cause, when the flow of Internet data stops, so do many essential operations. 1 www.twc.com/business
  3. 3. A survey by IT firm CDW estimated that network outages cost U.S. businesses a combined $1.7 billion in lost profits, with 21% of the total losses resulting from service provider problems5. According to Figure 1, more than half of businesses reported lost productivity from recent network disruptions, while nearly one-third experienced a complete business shutdown. Region Average Upload Speeds When it comes to healthcare network uptime, an ounce of prevention is indeed worth a pound of cure. Figure 1 Impact of Recent Network Disruptions 60 57% 50 40 34% 30 30% 22% 20 14% 10 0 Lo s tP ro du cti vit y Lo Co st C m us m to un m ica er tio ns Co Sh mp ut let do e B wn u sin es s Lo Co st E m mp m un loye ica e tio ns Da ta Lo s s © 2010 CDW, LLC Mandatory Availability “With increasing federal regulations, healthcare providers must upgrade to assure data availability and security.” While always-available Internet access is important for businesses throughout the information economy, the need is particularly acute for healthcare providers required to comply with the federal regulations defined in the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH). According to HIPAA Security Rules, healthcare organizations must “ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains, or transmits.” By HIPAA’s definition, availability means that “data or information is accessible and useable upon demand by an authorized person.”6 A wide range of healthcare providers are subject to HIPAA’s Security Rules: doctors, psychologists, dentists, chiropractors, hospitals, clinics, nursing homes, and pharmacies. So are health plans, including providers of medical, dental and vision insurance, as well as HMOs and long-term care insurers. Healthcare clearinghouses must also abide by the rules, which include medical billing services and community health management information systems.7 2 www.twc.com/business
  4. 4. The HITECH Act further extends HIPAA Security Rules to “business associates” of covered entities that use electronic protected health information (EPHI), including claims processing, legal, actuarial, accounting and other service providers. Willful neglect of Security Rules for EPHI can result in fines of $250,000 to $1.5 million. With eight locations in the Los Angeles area, Venice Family Clinic is America’s largest free community-healthcare facility handling more than 100,000 patient visits annually for primary care, specialty care, mental health, dental and health-education services. With federal HIPAA and HITECH compliance requirements looming, Venice Family Clinic urgently needed to upgrade the reliability of its copper-based T-1 lines supplied by two large telcos. “This is no joke, every time it would rain our circuits would go down,” recalls Fred Hornbeck, Venice Family Clinic’s Chief Information Officer. “It was frustrating.” To boost network reliability and capacity, Venice Family Clinic tapped Time Warner Cable Business Class for a 20-Mbps fiber-optic Metro Ethernet wide area network (WAN) solution. “CLECs and ISPs are the new middlemen between the customer and the local exchange carrier.” CLEC Reality Check In larger U.S. cities, healthcare firms may have a choice among several Internet access and network service providers. The menu typically includes the ILEC, CLECs, ISPs and the cable company. CLECs can selectively cost justify building facilities to reach business customers in densely populated commercial districts and office parks. In other cases, CLECs and ILECs utilize the same local and regional physical network infrastructure. A brief history lesson will help explain why. 5 The original Bell telephone system operated by AT&T enjoyed a monopoly on local and long-distance telecommunications services in the U.S. for more than a century. In 1984, a groundbreaking court ruling split AT&T into separate local and long-distance companies, creating a gap for alternative providers to enter the telecom marketplace. However, the high cost of constructing local access networks separate from the ILEC proved to be a major obstacle for many upstart competitors. Typically, CLECs could justify constructing their own facilities only in highly concentrated business districts. Congress and the FCC worked to address the problem through the Telecommunications Act of 1996, which required ILECs to sell unbundled network elements (UNEs) to competitors on a wholesale basis. Now competitors could enter the market without having to construct their own facilities. The breakthrough offered more businesses a choice for their communications needs, applying pressure on the ILECs for better pricing and service. The downside is that, when it comes to local network infrasructure, some CLECs and ISPs started to serve merely as an intermediary between the customer and the ILEC. In this situation, the competitor’s ability to innovate on pricing is limited by the network fees charged by the ILEC. Additionally, the ability of CLECs and ISPs to provision, monitor and repair services is dependent on ILEC assistance, which may also affect mean time to repair (MTTR) intervals. When the ILEC network fails, so do the services of alternative providers utilizing the same physical infrastructure. Through network unbundling and resale arrangements, not only do these CLECs and ISPs use ILEC lines to offer service, they may also use ILEC central-office equipment to deliver broadband Internet access over local copper loops. Where else can businesses look for facilities-based redundancy? 3 www.twc.com/business
  5. 5. Calling on Cable Figure 2 Last-Mile Diversity with Cable TWCBC Network TWCBC IL E C/ CL EC ILEC/CLEC Network Cable operators provide true path diversity from the ILEC as well as a redundant Metro fiber ring infrastructure. Source: Time Warner Cable Business Class, 2013 As illustrated in Figure 2, cable’s infrastructure is physically separate from the telephone company networks at the local last mile, metro and regional levels, enabling genuine network redundancy and diversity. Cable operators have built extensive hybrid fiber coax ( HFC) networks to deliver video, Internet and telephone services. By leveraging this vast infrastructure footprint, cable operators are able to provide end-end communcations services and support to businesses of all sizes. Insight Research Corp. estimates that cable operators’ business-service revenue topped $7 billion in 20128. Their networks include high-capacity metro fiber rings, fiber access networks with deep reach into commercial areas, retail districts and residential neighborhoods. Depending on the location and business needs, fiber or coax connections are available to the customer premises. Additionally, by owning and operating their networks and construction teams, cable operators may provision and monitor services more quickly and efficiently than CLECs or ISPs that merely resell ILEC capacity. Through the broad reach of their networks, cable operators can also serve a wide range of locations, from office parks and business centers to small office, branch office, healthcare campus and municipal buildings. By comparison, reseller ISPs and CLECs are dependent on a competitor to install and provision services. This means they operate on ILEC schedules, rather than their own, and their network footprint is limited to the ILEC’s. Can You Say SLA? To enhance the resiliency and redundancy of their network connections—and to hedge against the cost of losses from connectivity interruptions—many healthcare organizations enter into a service level agreement (SLA) with their network and Internet access providers. These agreements set performance benchmarks for service reliability, as well as responsiveness for repair and restoration should an unplanned outage occur. “Multihoming provides automatic failover among Internet connections during service interruptions.” Performance characteristics for an SLA may include total uptime for the connection, measured bandwidth and latency between defined IP access points. The availability of essential IP infrastructure, such as domain name servers (DNS) and dynamic host configuration protocol (DHCP) servers may also be specified. Should a problem arise, response and repair times are defined in the SLA, along with penalties for noncompliance. It is important to understand that SLAs supplement, rather than replace, strategies for facilities-based IP access redundancy and resiliency in business continuity plans—particularly since SLAs typically exclude catastrophic interruptions, such as those caused by natural disasters or acts of war. Moving to Multihoming After installing diverse or redundant connections for IP access, healthcare organizations need a method to switch from one network route to the other should a service interruption occur. Multihoming provides this automatic failover function among Internet connections, as well as other benefits. 4 www.twc.com/business
  6. 6. A multihoming approach frequently employed by larger organizations is Border Gateway Protocol (BGP). A common Internet routing protocol, BGP supports alternate routes for traffic flows to and from a business location. The challenge is that the effective use of BGP requires close technical collaboration with competing ISPs, as well as internal IT staff or consultants with the expertise to handle complex router configurations. Fortunately, a number of vendors offer network appliances—essentially purpose-built routers and switches—that may simplify multihoming implementations, giving small and midsize healthcare providers Internet access diversity through virtually any type of connection or service provider. Additionally, many of these solutions offer load-balancing capabilities, allowing traffic to be directed across multiple connections to ensure the availability of adequate bandwidth for everyday operations. “Continuously available IP network access is essential for cloud data backup and retrieval.” Ready for Disaster Enterprise planning for business continuity and disaster recovery are closely linked, and redundant facilities-based Internet connections are essential for both. As the names imply, the goal of a business continuity plan is to prevent interruptions to operations, while a disaster recovery plan is aimed at restoring operations following an ordinary or catastrophic disruption. Needless to say, a speedy recovery following an interruption is critically important for healthcare providers. HIPAA and HITECH Security Rules require covered entities and business associates to maintain data backup and disaster recovery plans, plus procedures to restore lost data. Offsite data storage and backup are at the heart of most disaster recovery plans. Historically, critical enterprise data has been backed up on drives and discs and physically transported to alternate locations for safe storage. Increasingly, however, businesses of all sizes are storing and backing up data through cloud services. Regularly scheduled backups are performed automatically to remote servers through a company’s secure Internet connection. However, should a data loss occur in a disaster scenario, healthcare organizations must be able to connect to the Internet to remotely access and download their backed-up data. Clearly, continuous availability of IP network access is essential for regular cloud data backup and retrieval following a disaster. Some service providers integrate cloud storage and backup offerings with access solutions. For example, Time Warner Cable Business Class offers facilities-based Internet access and network services with a diverse path from the ILEC, along with cloud storage solutions provided by NaviSite Inc., a division of Time Warner Cable. Companies can take their business continuity and disaster recovery strategies further with remote access solutions. After a disaster, buildings and facilities may be damaged or unavailable, sometimes for extended periods of time. Thus, employees must be able to work remotely in order for business operations to continue. Since working from home is often the optimal solution, a service provider that can provide secure facilities-based broadband Internet connections to both business and residential locations is an attractive solution. Many cable operators offer teleworker access with centralized administration, billing and support for residential broadband service. 5 www.twc.com/business
  7. 7. Deploying Different Baskets Last-mile diversity and Internet access redundancy are essential to ensuring business continuity and regulatory compliance for healthcare organizations. When selecting service providers, healthcare organizations benefit from reliable and diverse network solutions that can be efficiently configured to support their business continuity needs. To comply with HIPAA and HITECH Security Rules, healthcare organizations and their business associates must carefully investigate the network infrastructure of prospective access providers to ensure that they use a variety of facilities, thereby reducing risk from a single point of failure. Preferred partners include service providers that can rapidly scale capacity to deliver extra bandwidth when needed and deliver cloud based back-up, storage and alternate-site support. This way, healthcare organizations can be sure their eggs are in different baskets. About the Author Michael Harris is principal consultant at Phoenix, Arizona-based Kinetic Strategies, Inc. Applying more than 15 years of experience as a strategist, research analyst and journalist, Michael consults with select clients in the networking, Internet and telecommunications industries. About Time Warner Cable Business Class Time Warner Cable Business Class, a division of Time Warner Cable (NYSE: TWC), offers a full complement of business communications tools to small, medium and enterprise sized companies. Its phone, Internet, Voice, Television, Network Services and Cloud Services are enhanced by award-winning customer service and local support teams. It serves approximately 500,000 business customers throughout Time Warner Cable’s markets. © 2013 Time Warner Cable. All Rights Reserved. “Sabotage attacks knock out phone service,” San Francisco Chronicle, April 10, 2009, accessed at http://www.sfgate.com/bayarea/article/Sabotage-attacks-knock-out-phone-service-3245380.php 2 “When Vandals Strike Infrastructure, Hams Provide Communications Support ,” American Radio Relay League, April 15, 2009, accessed at http://www.arrl.org/news/when-vandals-strike-infrastructure-hams-provide-communications-support 3 “Hurricane Sandy disrupts Northeast US telecom networks,” Reuters, October 30, 2012, accessed at http://www.reuters.com/article/2012/10/30/storm-sandy-telecommunications 4 Stephanie Balaouras, “Building the Business Case for Disaster Recovery Spending,” Forrester Research, Inc., April 3, 2008 5 “2010 CDW Business Continuity Straw Poll Report: Business Disruptions Challenge Confidence in IT Network Resilience,” accessed at http://www.cdwnewsroom.com/2010-cdw-business-continuity-straw-poll-resiliency-plans-dont-align-with-reality/ 6 HIPAA § 164.306, Pt. 164 45 CFR Subtitle A (10–1–07 Edition), accessed at http://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-part164.pdf 7 U.S. Department of Health and Human Services, What is a "covered entity" under HIPAA?, accessed at http://www.hrsa.gov/healthit/toolbox/HealthITAdoptiontoolbox/PrivacyandSecurity/entityhipaa.html 8 "Cable TV Enterprise Services, 2012-2017,” Insight Research Corp. 1 6 www.twc.com/business

×