By Rick Joslin, Senior Advisor, Healthcare Strategy & Senior Solutions Architect, Healthcare
Healthcare service departments (Clinical Engineering, Facilities Engineering, Environmental Services, Security, etc.) continue to move toward high-tech, connected solutions for equipment and environment management.
For these departments, this approach means more reliance on technology resources and higher demands for knowing which devices are using these resources and the risks posed to organizational security. In today’s high-tech, connected healthcare environment, timely and informed decisions related to information networks are likely to have a direct effect on patient risk and network security. Like other industries, healthcare organizations are targets for network attacks from viruses and hostile entities, incur unexpected outages, and require planned downtime for maintenance. Knowing how the network is composed, and the potential effects, is critical to ensuring the right action is taken when needed.
Healthcare maintenance departments, especially those with connected equipment, must know how devices operate, which network resources are used, and what exposure the organization has to outside forces.
Let’s consider some attributes of today’s healthcare equipment:
- Computer-based, meaning they have an operating system similar to (or identical to) a desktop PC.
- Either actively connected, or capable of connecting, to a network.
- Allow remote access by vendors and/or manufacturers.
- Allow, and can retain, protected health information (PHI).
Since healthcare maintenance departments are already mandated to have a comprehensive inventory management system, it’s logical to close the loop between utilities/medical equipment inventory and information systems/technology (IS/T) inventory, and provide the necessary data points for proper network management.
As newer assets continue to increase the direct patient/technology connection, or become online-capable, healthcare technology management (HTM) now must inventory and identify those items accurately on hospital networks, to include potential network weaknesses. To properly secure and manage their networks, the IS/T team must know which devices are on their network, how these devices communicate, and other necessary information to make timely decisions about deployments, breaches, and updates.
In order to secure and manage organizational networks, computerized maintenance management system (CMMS) applications must have the ability to create and define configuration items (CI’s) as needed by IS/IT entities.
Here are some specific examples of how CMDB values in a CMMS may help increase systems availability and reduce outages:
- IS/T is planning a major hardware swap involving several switches and routers on a specific branch of the network. The included CMDB fields would allow HTM to provide a listing of assets affected by the outage, or give IS/T the ability to develop the listing from imported data.
- Norton AntiVirusTM issues a security warning concerning a new internet threat. The included CMDB fields would allow HTM and/or IS/T to identify assets using Norton AntiVirus, develop an update plan, and identify those assets completed.
- IS/T identifies a device using a suspicious IP address. Leveraging the included CMDB fields, the HTM inventory can be quickly scanned to see if any of their assets are using that IP and provide assurances that their assets are/are not the culprit.
- IS/T issues an updated policy on approved device operating systems (OS). HTM medical devices that have working OS’s must be upgraded to meet this new policy, or a contingency (or remediation) process must be implemented. The included CMDB fields would allow HTM to identify devices with OS’s that are no longer compliant, as well as identify a remediation plan for those that do not.
How valuable is this information to a healthcare organization? Let’s say a network connectivity device (a bridge, switch, or router) becomes unstable and IS/T must replace it. Using their CMDB, they would be confident in knowing which systems would be affected by taking that device offline and replacing it.
However, what if IS/T was not aware that a patient monitor is attached to that device? Or a respirator? And what if these devices were using that same network device to pass information to an attendant who was monitoring the feed for critical decision-making? IS/T could inadvertently cause increased risk to that patient because they did not know which medical devices were connected to it.
On the utilities side, fire suppression monitoring systems, emergency power distribution systems, environmental management, tube-delivery systems, and much more rely on the IS/T network to provide crucial, timely information to the management team. It's critical that IS/T understands how, and which, systems are affected by network outages and performance issues.
Ultimately, having access to and utilizing this CMDB data is vital to the safe, proper, and secure operation of the environment of care, as well as the safety and comfort of patients. All pertinent healthcare departments must have access to accurate data and understand how their actions may affect safety and risk.
Accruent’s HTM CMDB solution is one more way our products help you achieve safe and compliant working environments.
Norton AntiVirusTM is a trademark of Symantec Corporation or its affiliates in the U.S. and other countries.