Cisco Medical-Grade Network Wireless Architectures for Healthcare Collaboration and Security Wireless networks deliver a wide range of benefits to a healthcare facility. They can connect mobile caregivers with their colleagues, make it easier for medical personnel to access backend clinical systems, and enable a new set of patient and guest services. Wireless networks can also simplify the tracking of mobile equipment and personnel, and can even link together the facility’s many clinical and robotic systems as well as its various biomedical devices. Cisco wireless technologies enable reliable, continuous communications throughout the healthcare facility, while helping keep sensitive medical data private and secure. Wireless IP Phones Given the highly mobile nature of healthcare providers, it is important that they have an effective way to collaborate in real time while protecting patient privacy and data security. The Cisco® Medical-Grade Network (MGN) offers a robust, highly secure platform for delivering higher-quality patient care throughout the continuum of care. MultiMode Phones •Increased productivity through Cisco technology-enabled IP phones, mobile phones, video, and presence capabilities •Advanced network security that lets electronic protected health information (ePHI) traverse the network safely, without loss of data Laptops with Voice Clients Third-Party Integration to RTLS (Nurse Call, BioMed, EMR) Cisco Catalyst® 3750G Integrated Wireless LAN Controller Smartphone with WebEx Client DNS Guest Wireless Services WCS Hospitals must facilitate information sharing by providing highly secure, wireless guest services for patients, contractors, and guests. Medical-Grade Network DMZ Wireless Management PC—Browser Based •Ethernet-over-IP tunnels allow guest traffic to traverse the campus network in a highly secure manner LWAPP CAPWAP Tunnels •Guest users can be authenticated against existing authentication services Cisco ISR Wireless LAN Controller Module Medical-Grade Network: Campus •Minimizes IT staffing requirements through centralized control •Scales to support local or remote wireless LANs of any size MSE ACS WCS Remotely Managed H-REAP AP Many healthcare organizations extend their reach with remote locations. The connectivity between these remote locations and the main campus needs to be secure and robust. MGN 2.0 Campus Cisco MGN 2.0 incorporates remote access architecture that supports real-time reporting and a wireless intrusion prevention system (IPS). •Cisco OfficeExtend is a highly secure, simple, cost-effective solution for remote site connectivity EHR VPN •OfficeExtend provides guest wireless services and highly secure connectivity to the hospital electronic health record (EHR) system and other systems Voice & QoS Enabled Access Switches •H-REAP access points deliver wireless services from a centrally administered wireless LAN controller (WLC) or wireless control system (WCS) Guest User Login Page Acceptable Use Policy Voice over Wireless LAN (VoWLAN) •Delivers comprehensive lifecycle management for the Cisco Unified Wireless Network •Improves IT efficiency through an intuitive GUI and flexible ease of use Wireless LAN Controllers/Foreign •Web portal for guest login page and Acceptable Use Policy (AUP) help standardize security The Cisco Wireless Control System (WCS): Wireless Remote Access Connectivity Cisco Catalyst 6500 Wireless Services Module (WiSM) EoIP Tunnel EoIP Tunnels The Cisco MGN architecture supports highly secure wireless guest services. NAC WEB Anchor Controllers N+1 Redundancy The shielded rooms, different types of construction, and large, dense equipment often found in the healthcare environment can pose a challenge for wireless technology. •Protects 802.11n performance by mitigating RF interference with Cisco CleanAir technology Wireless LAN Controller (WLC) Internet Network Management •Reduces operational costs with built-in tools, guides, and templates Wireless Architecture •Highly secure collaboration capabilities and protection against data loss to help satisfy regulatory and compliance requirements •Pervasive device coverage throughout the healthcare facility Cisco’s wireless networking products have the exclusive endorsement of the American Hospital Association (AHA). Medical-Grade Network WCS Cisco Office Extended AP Establishes VPN tunnel Automatically Internet Secure Datagram Transport Security VPN 5500 Wireless LAN Controller Regulatory Compliance Floor 2 WLC Integrating mobile devices with the appropriate clinical applications can improve workflow and productivity. Using the Wi-Fi network for on-campus calls reduces costs. Healthcare providers are subject to a multitude of national, state, and local regulations, and must ensure compliance with all relevant regulations. Cisco’s VoWLAN application delivers ubiquitous, robust coverage and enables instant communications among mobile care providers. The Cisco MGN 2.0 architecture facilitates compliance in the following areas: •Support for fast-optimized roaming of voice clients •User authentication and granular access rights •Real-time RF scanning and monitoring to minimize interference, helping ensure high-quality voice communications •Transmission and encryption •Network security Elevator WLC •Management tools for monitoring roam time, jitter, and client connectivity •Remote access •Wireless security •Advanced quality of service (QoS), extended talk time and battery life, and call-admission control •A choice of client devices that interoperate in a highly secure way with the Cisco Unified Wireless Network, tested through the Cisco Compatible Extension program www.cisco.com/go/mgnfoundation www.cisco.com/go/designzone/healthcare SSC Floor 1 WLC Location- and Context-Aware Services Biomedical Devices Clinical Systems Assets and services need to be tracked effectively and efficiently. These mission-critical devices require pervasive coverage throughout the healthcare facility. In order to maintain patient privacy and data security, ePHI must be kept protected when transmitted over a network. The Cisco MGN 2.0 architecture optimizes the core infrastructure to facilitate highly secure interaction among various biomedical devices. The Cisco MGN 2.0 architecture enables the safe passage of clinical data while in motion. Cisco location services can locate medical devices, people, and can provide appropriate clinical information based on the location of the device. •Room-level accuracy with access-point perimeters or exciters for tracking assets •Telemetry information such as temperature, humidity, motion, pressure, etc. EHR/Lab Systems PCI MGN Regulatory Compliance EC95/46 •Antivirus and patch management •Database security Meaningful Use Red Flags RF Spectrum Intelligence RF analysis is critical to the effectiveness of wireless infrastructures in all healthcare environments. Cisco WLA WLAN Controller Smart Phones /PDAs Cisco Access Points The Cisco MGN 2.0 architecture can help with real-time spectrum analysis, which can be performed pervasively across the entire healthcare enterprise. •Cisco CleanAir technology provides real-time spectrum intelligence as a standalone tool or as an access-point feature •The Cisco Wireless Control System allows real-time reporting of RF conditions •Rapid response to sources of interference provides higher levels of availability and performance •Medical devices should use an 802.1X EAP type for authentication and WPA2 for encryption of ePHI •O ffers guidelines for supporting special wireless considerations in the areas of medical device traffic flows (unicast, multicast, broadcast) •Ecosystem of partners offering increased choice and delivery of customized healthcare solutions LAN/WAN Network •Pervasive coverage to support varied wireless client RF characteristics •Supports various authentication and encryption methods, including WPA, WPA2, and 802.1X •An open API for integration with third-party tracking and medical applications such as sensor technologies, inventory management, and bed management WoWs •WPA, WPA2, or 802.1X support for authentication/encryption of workstations on wheels (WoWs) and wireless tablets Si •Supports the most typical implementations used by manufacturers of medical devices, including Layer 2 isolated, Layer 3 routed, and hybrid Layer 2/3 Pharmacy Systems HIPAA •Access-point-based solutions: General Computing Devices Tablets – Automatically optimize the wireless LAN by avoiding interference and resuming client activity on another channel – Perform remote troubleshooting for fast problem resolution and less downtime – Detect non-Wi-Fi security threats and resolve issues in real time – Set and enforce policy with intelligent identification of wireless devices 1250 1240 3500e 1260 Access Points •Reliable and predictable WLAN coverage •Internal or external antennas for demanding RF environments Inernal Antenna Surface Mount •Data rates of up to 600 Mbps 1130 1140 3500i •Integrated spectrum intelligence with Cisco CleanAir (Cisco 3500 Series) Wireless LAN Controller 5508-12, 25, 50, 100, 250 (LICENSE-BASED) 5508-12 Performance & Scale External Antenna Ruggedized Product Overviews 5508-25 5508-50 4402-12, 25, 50 5508-100 •Offers a flexible, scalable wireless platform that provides mission-critical wireless network performance and availability 5508-250 4404-100 WiSM-300 •Scales from a few to thousands of access points to meet healthcare requirements 3750G-25, 50 Management Planning •Comprehensive wireless network visibility Reporting Deployment •Pervasive spectrum intelligence dashboard with Cisco CleanAir heat maps •Facilitates wireless guest services 2106, 12, 25 •Includes RF spectrum intelligence with Cisco CleanAir WLCME-6, 8, 12, 25 1 11n 11n + CleanAir 6 12 Encryption Troubleshooting 25 50 Logging Reporting •WCS provides troubleshooting, reporting, and trend analysis in one complete platform Monitoring 100 AP Density 250 300 Wirelss IDS Location-Based Services •Authentication performed by Cisco Secure Access Control Server (ACS) •Logging and reporting with Cisco WCS •Cisco Mobility Services Engine provides location-based services and supports an open API for third-party integration •Adaptive wireless IPS from Cisco Unified Mobility products •RFID tags enable asset tracking and inventory control •Encryption using Cisco Wireless LAN Controller and access points •Temperature tags are available for local regulatory compliance •Location-based services integrate with physical surveillance video security systems Rouge n Detection H-REAP 11abg Identity Cisco TrustSec Security Components •Location data available on Cisco desktop phones and wireless VoIP phones 500 Resilient Protected Interactive Responsive Wireless networks in the acute-care and in-patient environments must be resilient enough to support flexible, highly available access to care providers. Access to any clinical system involves the transmission of electronic Protected Health Information (ePHI). Controlling access and preventing unauthorized access to ePHI is a key requirement of every clinical network, regardless of its geography. Cisco’s MGN architecture offers a complete set of wireless technologies and products to help the care provider improve the quality of care—at the point of care. The same wireless architecture can support both patient and guest access, for a greater variety of communication channels. The resulting flexible, rich interactions are valuable to both patients and care providers alike. Cisco’s MGN approach includes a set of architectures and products that let the network adapt to shifting demands and environmental transitions. Using advanced technologies, such as Auto RF and Event-Driven Radio Resource Management (EDRRM), Cisco Unified Mobility overcomes the RF challenges present in most healthcare environments and can dynamically react to changing requirements without network redesign or manual interaction. The Cisco MGN wireless architecture gives clinicians, patients, biomedical devices, and vendors access to the critical systems and services needed within the healthcare environment. Cisco’s wireless networks provide a number of high-availability features with the intelligence to detect and isolate failures, whether they are hardware-based or RF-spectrum-based. Cisco is a leader in providing comprehensive, end-to-end security products and architectures that address privacy and regulatory compliance. Cisco Unified Mobility products and the MGN 2.0 architecture provide a rich set of security services to enable highly secure, seamless access for authorized individuals only.