Extending applications securely to wireless health workers.


Published on

Delivered by Peter George at the Mobilizing the Clinician conference at Canary Wharf, London - December 2006. The presentation focussed on how IPSec and SSL VPN technology fails to meet the needs of wireless workers and how this effects clinicians.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Extending applications securely to wireless health workers.

    1. 1. Mobilizing the Clinician Extending applications securely to wireless health workers. Peter George Managing Director Wheatstone Consulting
    2. 2. Why wireless? <ul><li>Management Perspective </li></ul><ul><ul><li>Facilitate workflow improvements </li></ul></ul><ul><ul><li>Improve clinical documentation </li></ul></ul><ul><ul><li>Improve patient safety </li></ul></ul><ul><ul><li>Share patient data within a multi-entity healthcare delivery system. </li></ul></ul><ul><li>Clinical Perspective </li></ul><ul><ul><li>Share patient record information </li></ul></ul><ul><ul><li>Improve quality of care </li></ul></ul><ul><ul><li>Improve workflow efficiency </li></ul></ul><ul><ul><li>Reduce medical error </li></ul></ul>Data from MRI 5 th Annual Survey of EHR Trends and Usage
    3. 3. Legacy Network Applications <ul><li>… expect a network which is: </li></ul><ul><ul><li>Fast </li></ul></ul><ul><ul><li>Clean </li></ul></ul><ul><ul><li>Seamless </li></ul></ul><ul><ul><li>Always available </li></ul></ul><ul><ul><li>Secure </li></ul></ul><ul><ul><li>and where devices remain static </li></ul></ul>in wireless networks almost none of these conditions prevail.
    4. 4. Wireless Data Challenges <ul><li>Application Performance & Reliability </li></ul><ul><li>Network Coverage Issues </li></ul><ul><li>Multiple Networks – segments types and suppliers </li></ul><ul><li>Limited and variable network speeds </li></ul><ul><li>Security – over the air and of central network. </li></ul><ul><li>Complexity – more “stuff” for users and administrators. </li></ul><ul><li>Positive ROI </li></ul>
    5. 5. Wireless Application Deployment: Typical Approaches in use today <ul><li>Modify/Repurpose the Application </li></ul><ul><li>Purchase a “Wireless” Specific Application add-on </li></ul><ul><li>Hand-craft a Middleware Solution </li></ul><ul><li>Try to extend existing application – via VPN technology </li></ul>
    6. 6. Mobility XE: Get Connected. Stay Connected. Hotspot WAN WAN WAN Coverage Gap Secure DSL Connection Roamable VPN Application Session Persistence InterNetwork Roaming Compression & Link Optimizations Best Bandwidth Routing Application Server VPN Router Poor Coverage Day in the Life of a Mobile Clinician
    7. 7. <ul><li>Ensures stable and reliable connections </li></ul><ul><li>Works in existing environments today and allows migration to new technologies as they become deployed </li></ul><ul><li>Provides protection against unauthorized access </li></ul><ul><li>Solution needs to be based on IP and Internet technologies </li></ul><ul><li>What ever the final solution is, it has to be network agnostic </li></ul>Mobile Solution Litmus Paper Test
    8. 8. Productivity Report on Mobile Clinicians St. Luke’s Episcopal Hospital Houston Texas
    9. 9. Productivity Report on Mobile Clinicians <ul><ul><li>“ Mobile workers experienced lost connections on average 2 – 3 times per day” </li></ul></ul><ul><ul><ul><li>Lost productivity due to dropped connections: $2,112 per year per wireless employee </li></ul></ul></ul><ul><ul><ul><li>Help-desk cost from dropped connections: </li></ul></ul></ul><ul><ul><ul><li>$758 per year per wireless employee </li></ul></ul></ul><ul><ul><ul><li>500 clinicians equipped with mobile devices </li></ul></ul></ul>
    10. 10. Environmental Issues <ul><li>Electronic interference </li></ul>
    11. 11. Environmental Issues <ul><li>Physical Interference causes coverage gaps </li></ul>
    12. 12. <ul><li>“ Today's standard IPsec and SSL VPNs just aren't cutting it.” </li></ul><ul><li>“ Those in healthcare, government, retail, and transportation, should look to invest in mobile VPNs now.” </li></ul>Forrester Research: Mobile VPNs: Securing Mobile Remote Access June 2005
    13. 13. Experience with IPSec and SSL VPNs <ul><li>IPSec VPNs </li></ul><ul><ul><li>MobileIP = User intensive solution with high TCO </li></ul></ul><ul><ul><li>Poor performance when used for wireless </li></ul></ul><ul><ul><li>No application persistence </li></ul></ul><ul><li>SSL VPNs </li></ul><ul><ul><li>Great for browser/web-based access (but is this all you will need?) </li></ul></ul><ul><ul><li>More complicated for Win32 solutions (ActiveX/Java) </li></ul></ul><ul><ul><li>Poor wireless performance: lack of optimization for wireless networks </li></ul></ul>
    14. 14. <ul><li>Mobile VPNs enable </li></ul><ul><ul><li>any IP network application… </li></ul></ul><ul><ul><ul><li>to operate securely, seamlessly and efficiently … </li></ul></ul></ul><ul><ul><ul><li>over and between any IP network… </li></ul></ul></ul><ul><ul><li>without modification to the… </li></ul></ul><ul><ul><ul><li>application or networks . . . </li></ul></ul></ul><ul><ul><ul><li>under administrator control </li></ul></ul></ul><ul><li>Makes wireless networks perform as if they were wired </li></ul>Enter the Mobile VPN
    15. 15. Criteria for Successful Mobile Computing <ul><li>Security </li></ul><ul><li>Control </li></ul><ul><li>Reliability </li></ul><ul><li>Usability </li></ul><ul><li>Bandwidth </li></ul><ul><li>S </li></ul><ul><li>C </li></ul><ul><li>R </li></ul><ul><li>U </li></ul><ul><li>B </li></ul>
    16. 16. What to look for in a Mobile VPN Security <ul><li>Use of certified standards </li></ul><ul><ul><li>Encryption </li></ul></ul><ul><ul><li>Key exchange </li></ul></ul><ul><ul><li>Authentication </li></ul></ul><ul><li>Military grade encryption </li></ul><ul><ul><li>Tunnel must be secure </li></ul></ul><ul><ul><li>Should not be susceptible to MIM attacks </li></ul></ul><ul><li>Policy Management </li></ul><ul><ul><li>Allow or deny access to internal networks </li></ul></ul><ul><ul><li>Allow or deny access to internal network resources </li></ul></ul><ul><ul><li>Allow or deny access to specific network applications </li></ul></ul><ul><ul><li>Enforce which applications are allowed to pass traffic on a given network </li></ul></ul>
    17. 17. What to look for in a Mobile VPN Control <ul><li>Centralized Management </li></ul><ul><ul><li>Secure, remote access to console from anywhere </li></ul></ul><ul><ul><li>Visibility into connection status </li></ul></ul><ul><ul><li>Visibility into user/device activity </li></ul></ul><ul><ul><li>Lost/Stolen device quarantine </li></ul></ul><ul><li>Server scalability </li></ul><ul><ul><li>High Availability </li></ul></ul><ul><ul><li>Load balancing </li></ul></ul><ul><ul><li>No single point of failure </li></ul></ul><ul><ul><li>Support for thousands of mobile user/devices </li></ul></ul>
    18. 18. What to look for in a Mobile VPN Reliability <ul><li>Seamless roaming </li></ul><ul><ul><li>Network transitions without re-authentication or application restarts </li></ul></ul><ul><ul><li>Transparent to end-user </li></ul></ul><ul><li>Application persistence </li></ul><ul><ul><li>Data is protected during roaming events, suspend/resume, or loss of coverage </li></ul></ul><ul><ul><li>User can initiate a data transmission, suspend the device, resume after 2 hours (days), and pick up where they left off </li></ul></ul><ul><li>IP address management </li></ul><ul><ul><li>Must manage changing IP addresses while preserving applications and connectivity </li></ul></ul><ul><ul><li>Must preserve IT Management visibility and control </li></ul></ul>
    19. 19. What to look for in a Mobile VPN Usability <ul><li>User transparency </li></ul><ul><ul><li>User should not be required to do “anything” </li></ul></ul><ul><ul><ul><li>make it easy to do it right </li></ul></ul></ul><ul><ul><li>Zero end user configuration </li></ul></ul><ul><ul><li>Roaming takes place without user intervention </li></ul></ul><ul><ul><li>Single sign on </li></ul></ul><ul><ul><li>It just works… </li></ul></ul>
    20. 20. What to look for in a Mobile VPN Bandwidth <ul><li>Optimized for bandwidth sensitive networks </li></ul><ul><ul><li>Employs data compression </li></ul></ul><ul><ul><li>Uses UDP instead of TCP </li></ul></ul><ul><ul><li>Offers link level optimizations </li></ul></ul><ul><ul><ul><li>Data coalescing </li></ul></ul></ul><ul><ul><ul><li>Selective acknowledgments </li></ul></ul></ul><ul><ul><li>Uses policy management to limit protocol heavy applications on low bandwidth networks. </li></ul></ul>
    21. 21. *Requires the installation and configuration of client software **For web based traffic ***Many third-party IPSec solutions are now supporting the NAT-T RFC How IPSec and SSL VPNs Compare Yes Yes Yes Quarantine by device or user Yes No*** Yes NAT-friendly Yes No Yes** Transparency (ease of use) Yes Yes No* Compatible with Win32 applications without modification Yes No No Wireless Link Optimization Yes Some No Data compression Yes No No Application session persistence Yes No No Seamless roaming (slow handoffs – out-of-range or suspend/resume) Yes No Yes Seamless roaming (fast handoffs) Yes No Tolerant Wireless-friendly Yes Yes Yes Device-to-DMZ security Yes Yes Yes Integrates with existing authentication schema Yes Yes Yes Standards-based encryption Yes Yes Yes Standards-based key exchange Mobile VPN IPSec SSL
    22. 22. Productivity Report on Mobile Clinicians <ul><ul><li>“Mobile workers experienced lost connections on average 2 – 3 times per day” </li></ul></ul><ul><ul><ul><li>Lost productivity due to dropped connections: $2,112 per year per wireless employee </li></ul></ul></ul><ul><ul><ul><li>Help-desk cost from dropped connections: </li></ul></ul></ul><ul><ul><ul><li>$758 per year per wireless employee </li></ul></ul></ul><ul><ul><ul><li>Savings after deploying mobile VPN: </li></ul></ul></ul><ul><ul><ul><li>$2,751 per employee </li></ul></ul></ul><ul><ul><ul><li>ROI realized in 30 days </li></ul></ul></ul>
    23. 23. Stories From the Front Line Marshfield Clinic <ul><li>Situation </li></ul><ul><ul><li>42 clinical centres & 750 physicians </li></ul></ul><ul><ul><li>Deploying 2,000 tablet PCs </li></ul></ul><ul><ul><li>Custom Patient Records application </li></ul></ul><ul><ul><li>Using multiple WLANs </li></ul></ul><ul><li>Issue </li></ul><ul><ul><li>Application performance & security </li></ul></ul><ul><li>Mobile VPN installed in hours </li></ul><ul><ul><li>Created reliability for Patient Record application by persisting application sessions </li></ul></ul><ul><ul><li>Ensured consistent security with 128-bit AES Roamable VPN </li></ul></ul><ul><ul><li>Physicians readily adopted solution </li></ul></ul><ul><li>Centre intends to eliminate more than 2,000 paper forms within next 2 years </li></ul>
    24. 24. Stories From the Front Care in the Community <ul><li>Situation </li></ul><ul><ul><li>Home health care </li></ul></ul><ul><ul><li>80 remote clinicians </li></ul></ul><ul><ul><li>Using laptops </li></ul></ul><ul><ul><li>Wide-area requirement (GPRS) </li></ul></ul><ul><li>Issues </li></ul><ul><ul><li>Record keeping problems </li></ul></ul><ul><ul><li>Worker inefficiency – 1 hr per day in data entry </li></ul></ul><ul><ul><li>Unusable connectivity </li></ul></ul><ul><ul><li>Key application -- Siemens Novius Home Care takes 30 minutes to launch </li></ul></ul><ul><li>Mobile VPN Solution </li></ul><ul><ul><li>Creates transparent solution that clinicians readily use </li></ul></ul><ul><ul><li>Compression & Link Optimizations make Novius usable & reliable </li></ul></ul><ul><li>Result </li></ul><ul><ul><li>Real-time data-entry connectivity saving </li></ul></ul><ul><ul><li>Total manpower saved - one month per year per worker </li></ul></ul><ul><ul><li>Record keeping resolved -cycles reduced with overall “joined-up” care improvement </li></ul></ul>
    25. 25. Mobile VPN Summary <ul><li>Security is critical – goes without saying </li></ul><ul><li>It must be transparent to networks, devices, applications, and mobile workers </li></ul><ul><li>Architecture should be designed for wireless networks - not retrofitted </li></ul><ul><li>Administrator should be able to control access to network resources or specific applications </li></ul><ul><li>Your mobile VPN should not limit your application options, should offer ROI and be quick and easy to deploy </li></ul>
    26. 26. Thank you <ul><li>Peter George </li></ul><ul><li>Wheatstone Consulting </li></ul><ul><li>[email_address] </li></ul><ul><li> +44 1865 714814 </li></ul>