General Questions
1. Wireless support has been added to my responsibilities, and I don’t know anything about it. Where can I go to learn?
Hospitals typically use multiple wireless solutions for communication, such as Wi-Fi, Wireless Medical Telemetry Service (WMTS), cellular, Bluetooth® wireless technology, and also for location and asset tracking. In this document, “wireless” includes any communication that doesn’t depend on a physical wire between devices. Wireless expertise is gained over time and the topic is sufficiently broad to require a focused team approach.
To start learning about Wi-Fi networking, read Wireless Networks for Dummies1, followed by the CWNA Certified Wireless Networks Administrator Official Study Guide2, and then take the training class. Many wireless vendors have good online seminars, training, white papers, configuration guides, and documentation that can help you get started. “Learning Wireless LAN Technologies,” available from wlanpros.com, has some good methods for learning.3
Work with your IT group to learn and understand your hospital’s wireless architecture via a readable network drawing. A network diagram really is worth 1,000 words, or more! Doing this will help you understand how controllers and access points (APs) are connected physically and their current locations.
For general understanding of how RF (wireless communication) works, consider some of the products available from the Amateur Radio Relay League (ARRL), which has an immense catalogue4, in addition to the specific items in the list below:
- ARRL’s Antenna Physics: An Introduction5
- ARRL’s Propagation and Radio Science6
- AAMI’s “HTM Resources Page”7
- AAMI’s Going Wireless publication8
- Basic Radio: Understanding the Key Building Blocks by Joel Hallas9
- Basic Communications Electronics by Jack Hudson and Jerry Luecke10
- National Instruments web page “RF and Communications Fundamentals”11
- Maxim Integrated’s RF Basics12
- “Bluetooth Technology: Topology Options” web page13
- Prominent wireless blogs including Revolution Wi-Fi14, wirednot15, and Wireless LAN Professionals16
More advanced understanding of wireless local area networks (WLANs), including architecture, is covered in A Guide to the Wireless Engineering Body of Knowledge, edited by Andrzej Jajszczyk.17
2. What wireless systems and technologies are typically found in a hospital?
The list of wireless technologies below includes those either already established in the healthcare environment or currently making inroads. You should be aware of, if not familiar with, each of these. Note that this list is not exhaustive.
- Bluetooth
- Cellular
- Long-Term Evolution (LTE)
- Long Range (LoRa)
- Medical Device Radiocommunications Service (MedRadio), including Medical Body Area Networks (MBANs)
- Medical Implant Communication Service (MICS)
- Near-field communication (NFC; 13.56 MHz)
- Radio frequency identification (RFID)
- 125 KHz, 134 KHz
- 13.56 MHz
- 433 MHz
- 900–915 MHz (RAIN RFID [RAdio frequency IdentificatioN] for medical unique device identification)
- “TV white space”
- Two-way radios
- Wi-Fi
- Wireless Medical Telemetry Service (WMTS)
- Ultra-wideband (UWB)
- Zigbee
3. Are personal wireless devices (e.g., phones, iPads, etc.) in a hospital a problem?
Medical device manufacturers (MDMs) test to several standards and are held accountable for ensuring that their products are safe and effective, while personal consumer devices are not. Personal wireless devices can present various issues and prudent institutions should have a strategic plan and a security policy and framework allowing for their use that protects patient data and the clinical networks.
We will consider three areas: guest (patient, family) personal devices, clinician personal devices, and clinician bring your own devices (BYODs), where the clinician’s personal device
is used in a clinical role. For each of these areas, the risk topics include security and interference.
Risk mitigation plans and policies should consider how a device might allow breaching of network security, result in a
HIPAA (Health Insurance Portability and Accountability Act) violation, and/or compromise operation for medical devices.
For guest personal devices, there is little control other than providing a Wi-Fi connection, such as captive portal, to provide an Internet connection with no access to the hospital network. The terms and conditions of use might include requests to respect privacy of other patients in the hospital.
Assuming the clinicians carry personal devices that are not allowed for clinical use, these policies should define whether those devices are allowed on the hospital network. The policies should also define whether employee devices are allowed on the guest network, where they compete with patients for bandwidth. As with patients’ personal devices, there is little control over their use, except as part of an employment agreement.
Most hospitals mandate some form of mobile device management software to be installed on clinician BYODs that includes restricted/limited network access, an endpoint integrity scan to ensure the device is not infected with a virus, restricted ability to save patient data locally, and the ability to remotely wipe the device in case of theft or loss.
Finally, personal devices are not tested to the electromagnetic interference (EMI) standards of medical devices. Whether emissions from these devices will produce harmful interference, causing a medical device to malfunction, is an unknown potential risk. Educating clinicians and healthcare technology management professionals that personal devices should be considered as part of investigating device malfunction is prudent (since restricting personal devices isn’t realistic!).
4. What are the biggest mistakes that healthcare delivery organizations (HDOs) make in managing wireless issues?
Top 10 mistakes from AAMI’s Going Wireless8 publication:
- Underestimation of the potential risk to patient safety
- ;Lack of planning
- Inadequate testing
- Too little time for verification
- Unrealistic and/or incomplete budgeting and schedule
- Lack of foresight about the pace of change and the need to plan for it
- Failure to hire sufficiently trained professionals to support and maintain wireless technology
- Decision making with false assumptions
- “Shiny object syndrome”—assuming the desire for a new product trumps the need to design a system to support it
- “Believing the hype”—assuming vendors have the healthcare organization’s best interests in mind
- Failure to consider electronic medical records, personal health devices, and consumer mobile devices, such as smartphones and tablets, as “medical devices”
- Failure to read manuals
- Purchasing end-point wireless devices before realizing the limitations of the current infrastructure
- Failure to design with a safety margin
- Failure to properly manage changes made to the wireless network, such as failure to analyze and verify the impact of a firmware change to an access point on the medical devices on that network, or failure to properly analyze and test the impact of adding new applications to the network
- Failure to embrace vendor site testing of the network
- Failure to take into account different environments of care, intended uses, and intended use environments
- Failure to perform routine maintenance
- Failure to consider that construction projects, or physical changes to a facility, could impact wireless performance
At a high level, these mistakes may be summarized as: The biggest mistake an HDO can make with wireless is failing to create a strategic plan on how to use and implement wireless technologies. Implementing each wireless technology—whether WMTS telemetry, cellular telephones, Wi-Fi networks, Bluetooth, or proprietary technologies for RFID—requires planning as each may present multiple risks, including security breaches, patient safety issues, and adverse impacts to other wireless applications.
Failure to create a foundational strategy increases the probability that the risks become adverse events. Lack of a dedicated, qualified wireless team is common. Hospitals need to invest in the appropriate technical staff and ensure that they are trained appropriately.
5. Is there a glossary of terms that would help me understand all of the acronyms people throw around?
You will find a glossary of terms in Appendix B of this document. Additionally, the books and websites referenced in Question 1 provide material containing many of the terms and their definitions.
6. I’m a healthcare technology management professional. Why should I care about wireless when it’s not in my job description?
If you are working with medical devices, you are touching devices with wireless technology. Whether it’s specifically written into your job description or not, a certain level of understanding of wireless technology is essential to doing your job well. Developing the skills to address wireless issues will make you a more valuable part of the team. In some hospitals, IT personnel may focus on the networking aspect of wireless and may not understand the technical aspects of RF or the potential clinical impact.
In some cases, this lack of understanding has severely affected patient care. The healthcare technology management professional can serve a critical role in bridging IT and clinical viewpoints. As medical devices continue to be more mobile and connected, understanding wireless, RF, and basic IT concepts is becoming a core requirement for clinical engineers, whose electronics training provides a solid base to which wireless skills may be added.
7. Why are there so many contradictions in best practices from different MDMs?
Many standards allow for various settings to allow the users to modify operation to improve performance. Best practices for wireless devices are specific to the application and vendor, each of which is optimizing the performance of their medical devices. The HDO needs to understand from each vendor why each “best practice” was selected for those products, and then determine what set of wireless practices are best for the HDO. This determination would typically include a risk analysis, which in turn depends on clinical importance, hazard level, probability of occurrence, and business needs. As an example, an 802.11 delivery traffic indicator map (DTIM) period of 10 might be used to optimize run time, but a different vendor trying to minimize response time might choose a DTIM period of 1. As another example, a vendor might choose to preferably run at low data rates to maximize range and data reliability, but the hospital IT group prefers high data rates to maximize data throughput and the number of supported devices.
8. What skills and tools do my team need to support a Wi-Fi network?
To be successful, team members need to have good communication amongst themselves and within the HDO concerning the challenges and requirements of a wireless network addressing: published policies, change control, security, guest access, devices supported, and general access. The team needs a willingness to keep up with technology and must have the discipline to plan and test the changes before going live.
The team should have available people with expertise in the following areas:
- Communications standards used in the hospital
- Wired networking: routers, switches, VLANs, trunking, servers, architecture, QoS, etc.
- Wireless networking: data rates, security, wireless architecture, RF concepts and experience with the various tools (see below)
- Wired and wireless security: authentication, encryption, authentication servers, certificates, penetration testing, intrusion detection/prevention
- Risk management
- Clinical workflows
- Requirements of the various medical devices
The team needs tools to test, monitor, maintain, and troubleshoot infrastructure (wired and wireless) and devices, and know how to use the tools. Such tools include:
- RF spectrum analyzer to view the RF environment, irrespective of the source of the RF signals. The spectrum analyzer requires a bandwidth of at least 6 GHz to support 802.11 standards through 802.11ac, and at least a 60 GHz bandwidth to support 802.11ad. 18
- Wireless packet analyzer (also known as an RF sniffer) to capture wireless packets, preferably multi-channel.19
- Wireless site survey tools to measure and map coverage by APs.20