Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

HP Whitepaper BYOD in Healthcare


Published on

This white paper from HP reports on the pros and cons of mobile devices in healthcare.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

HP Whitepaper BYOD in Healthcare

  1. 1. Business white paper Bring your own device in healthcare HP BYOD in Healthcare Healthcare providers can use tablets, smartphones, and other personal mobile devices to access vital resources with strong confidence in security and control.
  2. 2. Who should read this paper? Healthcare administrators, IT directors, security managers, and network managers should read this white paper to learn how HP Networking solutions simplifies security and network access control to help healthcare providers make  the most of bring your own device (BYOD) initiatives. Table of contents 4 Executive summary 4 Healthcare is mobile 4 Bring it from home 5 Mitigate the risks of BYOD 5 Changing the rules of networking 6 No-fuss network access control 6 Authentication and authorization with IMC/SNAC 7 Ensure endpoint integrity 7 Maintain security compliance 7 Prevent wireless threats 7 Monitor the WLAN 7 Go ahead, bring your own 8 Additional resources 8 Conclusion
  3. 3. In today’s healthcare environment, more and more people are bringing their Wi-Fi devices into the hospital’s infrastructure. This presents a unique challenge to the hospital IT administrator. This paper discusses the challenges and solutions on how HP addresses the security and management of multiple Wi-Fi devices being introduced into the wireless/wired network. Executive summary Bring it from home Many healthcare providers are enticed by the idea of allowing caregivers, administrators, and patients to use their own tablet computers, notebooks, and smartphones to access healthcare resources. However, they are concerned about the security risks—and the impact on IT operations. Many healthcare professionals, for example physicians who work in multiple hospitals, want the convenience of using their personal devices to access hospital applications. Patients, too, often want to use their own devices, whether they are waiting for their appointment or during an extended hospital stay. And if network access isn’t officially sanctioned, patients and healthcare providers alike are probably trying to figure out how to sneak their mobile devices into the organization’s network anyway. HP Networking is helping healthcare providers realize the potential of BYOD initiatives by allowing caregivers and administrators to use their own mobile devices in a way that is secure and operationally efficient. HP Intelligent Management Center IMC provides a simple way to enforce network access control that is ideal for BYOD. Healthcare is mobile Healthcare is inherently a mobile work environment. And putting the most up-to-date information into a clinician’s fingertips throughout all stages of the healthcare delivery process saves time, reduces error, and ultimately improves health outcomes. Physicians in particular have embraced the idea of using tablets and other mobile devices in their daily routines. The ability to view patients’ medical records, test results and scans is a huge time saver. And the ability to quickly check medical and drug-interaction databases can literally be the difference between life and death. In addition to physicians, healthcare workers and even billing professionals have taken to the efficiency of using tablets, notebooks, and other mobile devices. If Corporate America is any indication of the BYOD phenomenon, the idea of using personally owned tablets, smartphones, and notebooks is catching on fast. In fact, 72 percent of corporations allowed the use of personally owned mobile devices for business purposes, according to Aberdeen Group.1 Healthcare providers must consider how they will effectively manage and secure personally owned mobile devices. BYOD devices cannot easily be identified, and therefore managed, by the IT department. When a physician, nurse, or administrator brings in their own devices, IT has no control over where it has been or what applications the user has downloaded. The health of the device is unknown, and it’s virtually impossible for IT to enforce security policies and remediate compromised computers. And that creates a big risk when the mobile device connects to the healthcare provider’s network and accesses vital applications and information. 1 4 “Prepare Your WLAN for the BYOD Invasion,” Aberdeen Group, July 2011
  4. 4. Mitigate the risks of BYOD Changing the rules of networking Security is a top priority at healthcare organizations, where patient privacy is paramount. At the same time, medical information can be a treasure trove of Social Security numbers, credit card details, and other valuable data for cyber-criminals. Mobility can drive new levels of patient care, but when legacy networks are pushed to the limit, they become fragile, difficult to manage, vulnerable, and expensive to operate. Healthcare providers whose networks are at this breaking point risk missing the next wave of opportunity. Internet threats are rising, and security attacks have never been more threatening—and damaging. Some of the biggest data breaches in history were reported in 2011, and three of the six biggest breaches involved protected health information, according to the Privacy Rights Clearinghouse.2 Security breaches can tarnish a healthcare provider’s reputation and cost immeasurable goodwill. It could also put the organization at risk of running afoul of regulations in the Health Information Portability and Accountability Act (HIPAA). Credit and debit card transactions must also be protected under the Payment Card Industry Data Security Standards (PCI DSS) requirements. Security is not the only challenge of successfully implementing a BYOD initiative. The influx of 802.11n Wi-Fi devices can place increased demands on a hospital’s network, necessitating design changes. A recent Gartner paper notes: “When enterprises are designing wireless networks, the best practice for allocation of mobile devices is to move those devices that are 5 GHz‑capable to the 5 GHz frequency using band steering. The goal is to separate devices capable of performing at higher speeds and move them to 5 GHz, because the additional frequencies allow a better use of the 802.11n standard using bonded channels, which effectively doubles the potential throughput needed for applications such as video. This also leaves the 2.4 GHz band for legacy devices that are not capable of taking advantage of the advanced features of 802.11n, and does not impede the devices that are 802.11n-capable with the additional protocol overhead to maintain backward‑compatibility with 802.11g radios.”3 Healthcare providers that deploy HP Networking solutions, based on the HP FlexNetwork Architecture, benefit from an open and standards-based solution that can scale across three dimensions: security, agility, and consistency. With HP FlexNetwork Architecture, healthcare providers can support users’ requirements for mobility in a way that is consistent, secure, and flexible. HP FlexCampus, a building block of the FlexNetwork architecture, allows healthcare providers to converge and secure wired and wireless LANs to deliver consistent, identity-based network access that is ideal for bandwidth-intensive medical applications and media‑rich collaboration applications. And FlexManagement, another building block of FlexNetwork, converges network management and orchestration, across the campus and data center. While BYOD can help healthcare providers reduce CAPEX, administrators must help ensure that BYOD doesn’t cause OPEX to rise sharply. IT needs a way to enforce consistent network access and manage personally owned mobile devices as well as those devices owned by the healthcare organization, no matter where the user goes on the wired or wireless network. 2 “Data Breaches: A Year in Review,” Privacy Rights Clearinghouse, December 16, 2011. 3 “Without Proper Planning, Enterprises Deploying iPads Will Need 300% More Wi-Fi,” Gartner, October 2011 5
  5. 5. No-fuss network access control Healthcare organizations can leverage IMC for protection of both internally owned and employee‑liable mobile devices. Administrators can specify the appropriate network access rules, policies, and endpoint health posture requirements to meet the provider’s own security policies as well as industry compliance requirements. With IMC, administrators know who own the unmanaged devices on the network and control what they’re doing. IMC provides authentication based on user identity, device, location, time, and endpoint posture. Users can be assigned automatically into the appropriate VLAN based on a variety of parameters, including identity, device type, device posture, and even time of day. Access rights can also be enforced based on a particular application or service, such as VoIP, Microsoft ® Exchange, or Internet. Users can also be granted access to network resources based on their devices’ IP or MAC addresses, which is particularly useful for printers, IP phones, and barcode scanners. IMC fully supports the IEEE 802.1X standard for network access control; however, when supporting a BYOD initiative, many healthcare organizations may opt for IMC’s new Simple Network Access Control (IMC/SNAC). SNAC allows healthcare providers to support BYOD more quickly and easily than a traditional 802.1X deployment, which requires deploying client software as well as integration with a RADIUS or Microsoft Active Directory server. IMC/SNAC leverages HP device fingerprinting technology to automatically identify users’ mobile devices. HP device fingerprinting technology uses the vendor’s Organizationally Unique Identifier (OUI), a unique number that’s assigned to mobile device manufacturers, to automatically identify the device type. HP Networking has conducted extensive interoperability testing to verify the accuracy of device fingerprinting and is continuing to add fingerprinting capabilities. 6 Authentication and authorization with IMC/SNAC Here’s an example of how authentication and authorization works with IMC/SNAC. The administrator creates access policy groups, such as “Caregivers” or “Billing” in IMC. The administrator also creates an access policy group called “Apple Devices” for iPhones and iPads. The administrator can sync with Active Directory, and then import the information into IMC. Users will then be populated into the appropriate access groups. The “Apple Devices” access policy group captures all of the Apple devices requesting access to the network. The administrator can then specify the resources or other actions that should be taken with this special group of users or devices. The same is true for the Caregivers and Billing access policies groups. Healthcare providers can add another layer of security by using different Service Set Identifiers (SSIDs) for mobile devices issued by the provider and those which are personally owned. For example, physicians’ devices could use secure 802.1X authentication on a caregivers’ SSID with full access to healthcare resources. Users with personally owned mobile devices could use device fingerprinting or self-registration on a dedicated SSID that has more restricted access and tighter security. Another SSID could be used for open guest access that permits access only to the external Internet. The flexibility of IMC allows IT managers to define the appropriate policies based on their specific organizational requirements. IT managers can deploy IMC/SNAC to quickly and easily support BYOD today. They may also choose to migrate to a full 802.1X network access control solution over time. Or they may choose to maintain a hybrid solution, in which 802.1X is used for organization‑owned PCs and tablets, and device-fingerprinting with vendor OUI is used for personal devices.
  6. 6. Figure 1. Access control solution—deployment scenarios and benefits Virtual Machines Remote Offices and Branches Data Center/ Cloud 1. WAN Wireless LAN Ensure only authorized devices and users get on network Guest management Endpoint health Visibility and control of traffic Uniform wired/wireless experience Core 2. Campus LAN Ensure only authorized devices and users access network Endpoint health Visibility and control of traffic Edge Internet Unified Network Security Mgmt and Policy Console Remote Users Healthcare providers can use HP IMC to help ensure that only authorized devices get access to the network—and to support BYOD initiatives in a way that mitigates risk and is operationally efficient. Ensure endpoint integrity Monitor the WLAN IMC allows administrators to control endpoint admission based on the device’s identity and posture. If an endpoint is not compliant with the established policies, access to the network can be isolated for remediation or blocked to protect network assets. IMC security policy component also provides non-intrusive actions to proactively secure the network edge including endpoint monitoring and notification. Healthcare providers can also leverage IMC Wireless Service Manager (WSM) module to monitor wireless networks, aid in RF visualization, and manage the wireless devices and clients. It integrates with IMC base platform to protect and control access to wireless services. Administrators can use IMC WSM to monitor SSID status, view RF heat maps, as well as performance graphs, status views, and performance and inventory reporting. Maintain security compliance Go ahead, bring your own IMC also allows healthcare providers to maintain security and regulatory compliance. Administrators can centrally monitor and keep records on all users and devices that access the network, including personally owned devices. Administrators can use rich reporting to assist in documenting compliance. Healthcare providers can leverage HP suite of intelligent wireless networking solutions as part of an integrated wired/wireless infrastructure and enjoy a low cost of operation and strong, consistent security. Simplified network access control allows healthcare providers to easily and securely support mobile devices on the campus network for caregivers, administrators, and guests while holding the line on operational expenses. With HP, mobility is simple to deploy, easy to manage, and based on industry standards. Prevent wireless threats Healthcare providers can use HP Mobility Security IDS/IPS System Series to detect and prevent wireless threats with automated policy‑based security and location‑tracking capabilities for all 802.11 WLAN networks. It uses patented automatic classification and mitigation techniques to block unauthorized wireless traffic without disrupting the performance of authorized wireless devices. It also includes reporting for HIPAA. 7
  7. 7. ASAN Medical Center boosts efficiency for staff and patients with new WLAN ASAN Medical Center, based in Seoul, is the largest hospital in both Korea and Asia. The main medical center is a massive complex that treats 9,600 outpatients and 285 emergency patients on an average day. The medical center wanted to boost staff productivity and efficiency for patients by upgrading to a reliable, cost‑effective WLAN and VoIP smartphones for faster access to electronic health records. ASAN Medical Center also wanted to provide Fixed Mobile Convergence (FMC) for staff and Real time Locating Systems (RTLS) for tracing medical equipment on site. ASAN Medical Center rolled out HP Networking WLAN infrastructure over two years. “We’ve had great local technical support from HP Korea, and we have seen big improvements since using this new solution,” said Cheon-Gueon Kim, IT Manager, ASAN Medical Center. “With most employees using Wi-Fi phones, laptops, and smartphones, we can access patient data much faster and diagnose treatments than ever before.” With HP, ASAN Medical Center has high-quality voice over Wi-Fi. The network also provides fast transfer of data, including images, as well as groupware collaboration. The solution is cost-effective, and provides staff and patients with higher quality care and services with access to patients’ historical health records. The staff is more productive because they can access key information via smartphones and laptops. And diagnosis and problem solving is as much as two or three times faster than before the WLAN was in place. Additional resources Conclusion For more information on HP Networking, visit When considering how you are going to handle the influx of wireless client devices penetrating your network, you need to consider what security policies you will enforce, how granular do you want to control what network access you may or may not allow. HP FlexNetwork architecture with, FlexManagement provides single pane-of-glass, core-to-edge network control, security, and much more. • Intelligent Management Center Unified Access Manager (IMC/UAM) • Intelligent Management Center Endpoint Defense (IMC/EAD) • Intelligent Management Center Wireless Service Manager (IMC/WSM) HP FlexNetwork Architecture Simplify the IT experience Visit index.aspx to understand what Bring Your Own Device can do for your organizationASAN Medical Center boosts efficiency for staff and patients with new WLAN Get connected Get the insider view on tech trends, support alerts, and HP solutions. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Microsoft is a U.S. registered trademark of Microsoft Corporation. 4AA3-9250ENW, Created March 2012; Updated May 2012, Rev. 1