Enabling Mobility and Security in Healthcare
Mark Krischer, CTO - Borderless Networks, Asia Pacific and Japan, Cisco
The healthcare industry has always been a great consumer of technology, often driving innovation in unanticipated directions. Mobility is an excellent example, enabling medical practitioners to reach out to their patients in different ways, and providing access to information at the point of care from a wide variety of devices.
In the healthcare context, it is no simple exaggeration to suggest that having the right information at the right time can mean the difference between life and death. Current medications, patient allergies and medical history are all critical pieces of data upon which medical staff make decisions.
When it comes to patient information, balancing the contradictory requirements of privacy and availability represents a significant challenge for IT. Healthcare organizations need to ensure the proper use and protection of patient information and adopt policies that help reduce inconsistencies, inefficiencies, and high costs associated with the exchange of information across different access methods and to different devices.
Applying these policies and controls while ensuring they do not impede access is no easy task. Should they err on the side of patient safety or patient privacy? While we know data accessibility is crucial for patient safety, so too is guaranteeing the integrity of the data-which can only be ensured using the same controls required to enforce patient privacy.
Who can access the data and who can modify it? How is that tracked? How and when is it reviewed? Security is the crucial element here, allowing us to implement confidentiality and integrity policies, while balancing the requirements for accessibility and mobility.
Hospitals are complex organisations with many different types of clinical and administrative staff operating in varying roles. There are also a number of individuals who operate in the hospital environment but are not directly employed by the hospital. Private physicians need access to local information and data from their own practises. Many hospitals operate as teaching facilities sharing infrastructure with universities whose students need local access, as well as remote access to their home university networks-which is also where their authentication credentials reside.
Another area of complexity arises from the multitude of devices used to access data. Some of these devices are supplied and qualified by IT services and biomedical engineering to ensure proper levels of control are maintained; but there is increasing pressure to support non-standard devices as well. Smartphones and tablets are entering the market at such a rapid pace that IT cannot maintain adequate control because these devices on the network not only access data, but can be the source of data as well.
Patients are demanding increased participation in the healthcare process. Health monitors are networked and increasingly Wi-Fi enabled to allow for patient freedom. Not only is the data stored for later examination, but also available for review in real-time-creating new privacy issues. Further complicating matters, these devices can be made available to out patients, while still maintaining the appropriate level of patient care. In this scenario connectivity is achieved via the Internet secured using VPN technologies, adding yet another entry point into the hospital network.
Mobility and Data in Motion
At the simplest level, we must consider how we control access to the data to ensure confidentiality, basing decisions on both “identity” and “role”. For example, a doctor would have access to a patient’s case notes to check which medications have been prescribed, but would not have access to the patient’s hospital payment history.
Mobility adds the aspect of location into the decision tree. While doctors may have access to their patient’s case notes when physically in the hospital, we may want to restrict access to that data when they are outside in a nearby coffee shop.
Device type is yet another parameter-so continuing our example, the doctor is permitted to use his personal iPad, but Accounts Payable staff may only access patient payment history using IT provisioned computers, only on hospital premises. Access, therefore, is driven by the requirements of the role. The network enforces that policy, maintaining confidentiality and integrity while the data is in motion.
Clearly, strong authentication is a crucial element of the security implementation. For internally controlled and connected desktops, simple usernames and passwords suffice using the standard Microsoft Windows login .In today’s wireless world, however, Wi-FI WPA2 (Wireless Protected Access v2) with 802.1x provides both authentication and confidentiality of the data transmitted over the wireless network.
Further, with mobile devices often being user owned and controlled, a combination of user password and device certificate is becoming more prevalent. Those same credentials can be leverage for remote access VPN technologies over 3G/4G or home networks.
The Cloud and Data at Rest
Location and storage of the applications and data are another important area for consideration. While many healthcare organisations are already moving towards a consolidated data centre model for reasons of scalability and cost, there is also a major security benefit as centralisation of the data simplifies the challenges of access and control of data in motion, while encryption ensures the confidentiality and integrity of the data at rest.
Web authentication lends itself quite well in this environment, with SSL and TLS providing confidentiality and integrity. This assumes, however, that the data can be presented in a browser environment and that the applications themselves are web enabled. Unfortunately, many are not.
For legacy applications or those too complex for a web interface, VDI (virtual desktop infrastructure) provides a way to abstract the data and the applications from the device. While this technology is not new, it has increased in importance as the combination of faster network speeds, data centre virtualisation, and tablet devices enable greater capabilities at the point of care. More interestingly, the abstraction layer ensures security and privacy are maintained even on non-IT provisioned devices, thereby supporting a wider range of scenarios.
An Architectural Approach
Traditional network implementations apply security at specific places in the network, creating chokepoints. While these chokepoints ensure boundaries of security and privacy are maintained, they work counter to the requirement of accessibility. What was a simple security solution becomes a very complex problem when point security elements are forced to support these two contradictory requirements. As an alternative approach, consider security as a capability embedded throughout the network, with accessibility and privacy as complementary services supported by the network infrastructure.
Such an architectural foundation allows IT to respond more easily to changing clinical requirements, such as support for new applications and devices, as well as changing regulatory requirements around data accessibility, privacy and storage. As solutions are now implemented leveraging common infrastructure, cost is reduced without making the usual trade-off of compromising either security or quality of care.
Ensuring security in healthcare networks and maintaining patient data privacy has long been a complex problem, and the increase in mobility and devices has only magnified the issue. However, some of the complexity seems to stem from our point of view. By considering access to the data as the requirement, with privacy and security as services of the network providing that access, we can balance the two, thereby doing both.