IS/IT and CMDB in Healthcare Maintenance Programs
By Rick Joslin
Healthcare service departments (Clinical Engineering, Facilities Engineering, Environmental Services, Security, etc.) continue to move toward high-tech, connected solutions for equipment and environment management. For these departments, this approach means more reliance on technology resources and higher demands for knowing which devices are using these resources and the risks posed to organizational security.
In today’s high-tech, connected healthcare environment, timely and informed decisions related to information networks are likely to have a direct effect on patient risk and network security. Like other industries, healthcare organizations are targets for network attacks from viruses and hostile entities, incur unexpected outages, and require planned downtime for maintenance. Knowing how the network is composed, and the potential effects, is critical to ensuring the right action is taken when needed.
Healthcare maintenance departments, especially those with connected equipment, must know how devices operate, which network resources are used, and what exposure the organization has to outside forces.
Let’s consider some attributes of today’s healthcare equipment:
1. Many are computer-based, meaning they have an operating system similar to (or identical to) a desktop PC.
2. Many are either actively connected, or capable of connecting, to a network.
3. Many allow remote access by vendors and/or manufacturers.
4. Many allow, and can retain, protected health information (PHI).
Since healthcare maintenance departments are already mandated to have a comprehensive inventory management system, it’s logical to close the loop between utilities/medical equipment inventory and information systems/technology (IS/T) inventory, and provide the necessary data points for proper network management.
As newer assets continue to increase the direct patient/technology connection, or become online-capable, healthcare technology management (HTM) now must inventory and identify those items accurately on hospital networks, to include potential network weaknesses. To properly secure and manage their networks, the IS/T team must know which devices are on their network, how these devices communicate, and other necessary information to make timely decisions about deployments, breaches, and updates.
In order to secure and manage organizational networks, computerized maintenance management system (CMMS) applications must have the ability to create and define configuration items (CI’s) as needed by IS/IT entities.
Here are some specific examples of how CMDB values in a CMMS may help increase systems availability and reduce outages:
- IS/T is planning a major hardware swap involving several switches and routers on a specific branch of the network. The included CMDB fields would allow HTM to provide a listing of assets affected by the outage, or give IS/T the ability to develop the listing from imported data.
- Norton AntiVirusTM issues a security warning concerning a new internet threat. The included CMDB fields would allow HTM and/or IS/T to identify assets using Norton AntiVirus, develop an update plan, and identify those assets completed.
- IS/T identifies a device using a suspicious IP address. Leveraging the included CMDB fields, the HTM inventory can be quickly scanned to see if any of their assets are using that IP and provide assurances that their assets are/are not the culprit.
- IS/T issues an updated policy on approved device operating systems (OS). HTM medical devices that have working OS’s must be upgraded to meet this new policy, or a contingency (or remediation) process must be implemented. The included CMDB fields would allow HTM to identify devices with OS’s that are no longer compliant, as well as identify a remediation plan for those that do not.
How valuable is this information to a healthcare organization? Let’s say a network connectivity device (a bridge, switch, or router) becomes unstable and IS/T must replace it. Using their CMDB, they would be confident in knowing which systems would be affected by taking that device offline and replacing it.
However, what if IS/T was not aware that a patient monitor is attached to that device? Or a respirator? And what if these devices were using that same network device to pass information to an attendant who was monitoring the feed for critical decision-making? IS/T could inadvertently cause increased risk to that patient because they did not know which medical devices were connected to it.
On the utilities side, fire suppression monitoring systems, emergency power distribution systems, environmental management, tube-delivery systems, and much more rely on the IS/T network to provide crucial, timely information to the management team. It's critical that IS/T understands how, and which, systems are affected by network outages and performance issues.
Ultimately, having access to and utilizing this CMDB data is vital to the safe, proper, and secure operation of the environment of care, as well as the safety and comfort of patients. All pertinent healthcare departments must have access to accurate data and understand how their actions may affect safety and risk.
Norton AntiVirusTM is a trademark of Symantec Corporation or its affiliates in the U.S. and other countries.
About the Author
For more than 18 years with Accruent, Rick Joslin has helped healthcare systems navigate the ins-and-outs of managing maintenance activities within their organizations. With over 30 years in maintenance management industry, at levels from technician, to director, to inspector/compliance surveyor, he is known for promoting continuous improvement, driving operational efficiency, increasing resource utilization, and ensuring regulatory success. As the Senior Advisor, Healthcare Strategy and as a Senior Solutions Architect, Healthcare, Rick leverages LEAN thinking and Six Sigma processes to guide our customers in the development of short- and long-term goals for measurable, continuous results across a wide variety of healthcare environments, while also helping them to identify gaps and inefficiencies in business processes and driving operational excellence. His broad knowledge of Healthcare operations and regulatory requirements, coupled with an intimate knowledge of the TMS systems, allow him to assist customers in developing easily-implemented solutions to unique, and changing, business needs.
Using Managed Services, and putting the administrative needs for utilizing Accruent Professional Services personnel on a fast-track, Rick can assist your organization to quickly identify opportunities for operational improvements, automation for repetitive processes, KPI and metrics analysis, and resource utilization enhancements.