The adoption of Electronic Health Records (EHRs) has been an IT focus and healthcare industry objective for close to 20 years. However, regulations, a lack of standards, privacy issues and some providers’ aversion to implementing new technology have so far hampered full deployment of EHR systems. Even with these continuing issues, EHR systems have been gaining in popularity.
One key problem with connecting medical equipment to the hospital’s IT network has been the absence of standard communication protocols within the industry.
The lack of standards is being addressed by Standards Organisations (SDOs) such as Health Level 7 (HL7)1. Several SDOs accredited by the American National Standards Institute operate in the healthcare arena. Most of these organisations produce standards for a particular healthcare domain, such as pharmacy, medical devices, imaging, or insurance transactions. For example, HL7’s domain is clinical and administrative data.
Concerning the need for physical network interfaces, 802.11x standards-based protocols appear to offer distinct advantages for medical applications.
Selecting the right technology
Wireless technology history has been a constant battle of competing standards. The lessons learned from these completive technologies have not been lost on the industry. The focus is shifting from Wide-Area Networks (WANs) to Local-Area Networks (LANs) and Personal-Area Networks (PANs). While the characteristics of the various wireless networking technologies overlap somewhat, each was designed with different particular applications in mind (see Table 1).
HIPAA compliant security solutions
The key concern regarding wireless standards has been the matter of security. This is especially the case with medical applications, which require a high degree of reliability, as mandated by HIPAA.2 802.11x standards can answer these concerns through a variety of security protocols.
HIPAA’s concerns for the security of data sent across the network can be addressed in a variety of ways. Options for achieving data security are the following:
- Network protocol security
- Access control
- Enable/disable of network protocols
- Enable/disable of TCP/IP applications
- Read password
- Write password
- SNMP set community names
Because of HIPAA, wireless security has become even more crucial in medical applications. The internet-based information centre HIPAAdvisory and the interoperability-certifying Wi-Fi Alliance have recognised that the standard 802.11 security features are not secure enough.3,4 This includes the Service Set Identifier (SSID) and Wired-Equivalent Privacy (WEP) as well as open-system and shared-key authentication. These measures were intended only to protect the wireless link between the client machines and the data, and they are susceptible to attack by means of freely available software. The HIPAAdvisory and Wi-Fi Alliance have recommended using 802.1x and Wi-Fi Protected Access (WPA) or WPA2 to secure wireless networks.
Regarding medical devices already deployed in the field, wireless networking adapters are available that can be connected readily to the legacy device’s communications interface, typically through a serial port.
Medical device manufacturers can integrate wireless connectivity into their medical equipment through wireless smart modules. These modules typically have a serial interface that allows them to connect to the medical device internally. By leveraging a module with all the security middleware built in, a device manufacturer does not have to expend the time and resources to develop those communication protocols.
Wireless technologies have matured to the point that they provide a viable means for cost-effectively enabling a number of important medical applications while offering the security necessary to meet HIPAA standards.