Wireless local area network (WLAN) technology has made rapid progress over the past few years. As vendors have worked out initial issues with security, scalability and pervasive network management, WLAN has emerged as a leading candidate to significantly improve communications of all kinds throughout medical facilities.
Toward medical-IT unification
At the University of Miami Leonard M. Miller School of Medicine, we view WLAN technology as a practical way to provide access to any network or information resource to anyone at any time. We envision a future in which voice, data, video and other, unfolding applications can be carried to any part of our institution by means of a converged WLAN infrastructure.
Our institution serves more than 5 million people through hospitals, clinics, research institutes, teaching facilities and administrative offices across south Florida. We have 770 faculty physicians and more than 6,000 employees housed in the 67-acre complex of the University of Miami/Jackson Memorial Medical Center in downtown Miami.
In addition, the institution operates clinical facilities at the Miami Veterans Administration Medical Center, five primary care centers throughout Miami-Dade County, and a half-dozen hospitals, clinics and satellite offices in other cities, including West Palm Beach, Naples and Deerfield Beach.
Our focus on pervasive network access is driven by the growing fusion of biomedical technology with IT resources in current and future applications: for example: radio frequency (RF) identification tracking systems, wireless patient charting systems, voice over Internet protocol, educational wireless video transmissions, and beds that monitor patient's vital signs and relay the information to nurses' stations.
We believe that with unified medical information systems, we can deliver better patient care with lower costs. And for us, a wireless infrastructure has been an effective and economical approach.
First steps to pervasive access
We began our wireless deployments in 2002 with extended-range 802.11b base stations from Vivato Inc., Spokane, Wash., to cover a 1.5-square mile area surrounding our main Miami campus. Our team also established several building-to-building bridges to eliminate monthly leased T1 lines for voice and data connectivity, and this approach has worked out well (average return on investment, 9 to 10 months).
The "community cloud" provides Internet and intranet access to authenticated users, so security was a primary concern. Launching an Internet browser on the WLAN brings up a captured portal page provided by Access Manager from Vernier Networks, Mountain View, Calif. The portal has several options pointing to various organizations' secure socket layer (SSL) virtual private network (VPN) appliances, presenting a shared but secure front.
We enabled secure, identity-based access to all clinical and business applications as well as e-mail via SSL VPNs that were provided with equipment from Neoteris, now part of Juniper Networks, Sunnyvale, Calif. We also used VPN concentrators from Cisco Systems, San Jose, Calif., and Vernier appliances to host client VPN services.
Users' credentials are authenticated against the medical center's active directory. All nonauthorized users can access our network's external Internet gateway through a guest user portal. The portal is well used by visiting staff, faculty, students, patients and even family members (through kiosk-type devices).
To address information security concerns, we regulated the guest user portal by opening only a few select outbound ports for Internet traffic and a few other commonly used VPN ports for use by visiting staff, faculty and vendors.
All ingress/egress network traffic is filtered through several intrusion detection and prevention appliances from TippingPoint Technologies, Austin, Texas, a division of 3Com Corp., Marlborough, Mass. Plus, we throttled bandwidth utilization with the Vernier appliances. This approach has successfully provided Internet access and corporate network availability.
For indoor 802.11b wireless coverage, we initially deployed Cisco Systems Inc., Aironet access points (APs) to operating rooms, cancer treatment and recovery areas, labs and classrooms. By mid-2003, however, we faced two difficult issues as we sought to expand indoor deployments.
First was the cost of reconfiguration of the WLAN infrastructure to support changes, growing data applications and, eventually, voice and video. For example, an area that once served six or seven administrative users had been converted into a classroom with 30 to 40 users and included surrounding labs, all using the same signal. Co-channel interference had become a problem.
Initial AP deployment was intended to serve a small user base. At that time, Cisco's 802.11b products had to be deployed on alternating channels to minimize co-channel interference. We faced time-consuming, expensive network reconfiguration for this and other usage changes. We needed a simpler solution.
Looking ahead to deploying wireless coverage throughout the institution, we anticipated costs of about $300,000 for RF planning and site surveys to determine best placement of APs over the course of three years to support initial and expanding deployments. And the future promised more spending accompanying more changes.