Keeping personal info safe

Given that security is always a concern with patient information even in a wired environment, ensuring that privacy and security of patient information would not be compromised was the first step of using wireless networking at CancerCare Manitoba.

Formerly the Manitoba Cancer Treatment and Research Foundation, CancerCare Manitoba is a government sponsored organization responsible for cancer detection, treatment and research in the province of Manitoba. Primary cancer treatment is provided at several facilities, all of which report to the main CancerCare facility in downtown Winnipeg.

The organization is wrapping up its Building for the Future campaign which involves transitioning its main site from a 90,000-sq. ft. facility to a new 205,000 sq.ft. world-class treatment and research operation, with completion expected this August.

As CancerCare’s IT infrastructure expanded and available office space diminished, trailers had been placed on the rooftop of the original facility as a temporary solution to house the growing IT staff and equipment. When building the new facility next door, CancerCare also upgraded its network technology to improve the delivery and timeliness of its patient care.

Information services director Mark Kuchnicki is responsible for the IT infrastructure support within what are currently four facilities and 17 hospitals throughout the province.

“Our mandate is to provide cancer care within the province and as such, part of our mandate included the implementation of a clinical system that is used province wide,” he says. “A patient comes in, is inputted into the system and any one of three facilities and four community hospitals and 17 rural facilities all have access to that information so they can do the treatment.”

In addition to clinical systems to deliver patient care, Kuchnicki’s team is responsible for registry systems for epidemiological and preventative studies, reporting to the national cancer registry, and administration systems.

The IT staff of 14 maintains and upgrades 650 workstations within the three main sites and another 150 workstations in community and rural hospitals.

The organization earlier chose to use wireless networking with their clinical application so nurses could do as much charting as close to the patient as possible for the sake of accuracy.

Opting for wireless

Kuchnicki says that previously, “the nurses would scribble their notes on little pieces of paper and at the end of the day they’d sit down with the chart and write all their notes into the chart. Our nursing director at the time indicated you get a big discrepancy in the amount of notes that nurses would provide. One nurse would write one line, and another would give two pages of documentation.”

They decided to implement a questionnaire type system that included standard phrases so a nurse using a laptop could input a patient’s answers to questions right at their bedside and enter the information into the system right away. “The only way we could find to do that effectively was wireless,” says Kuchnicki.

That was four years ago and at the time they chose a megabit wireless system whose slow performance was somewhat boosted by using a layer of software from Citrix Systems, Inc. of Ft. Lauderdale.

“Still, it wasn’t fast enough to be able to allow the nurses to complete the questionnaires within a reasonable timeframe,” Kuchnicki recalls. Nursing staff had to wait for the screens to refresh while searching or entering data.

The transition to the new facility prompted CancerCare to upgrade that wireless system. 3COM provided a wireless starter pack for evaluation and access to 3COM support for testing in mid-April 2001. After two months, CancerCare chose 3COM’s AirConnect wireless solution with the SuperStack II to deliver Ethernet network technology.

Like the previous wireless solution, CancerCare staff can move around the facilities and still have access to a central database of patient information. There is a seamless transition from desktop to wireless access to database information from one building to another while connected to a central data backbone. However, the AirConnect delivers high-speed networking – gigabit compared to megabit — to the desktop anywhere in the building whether it’s hardwired or not.

Also, the new wireless solution was reportedly easy to transition to without disrupting access to patient data. Kuchnicki adds that the 3COM wireless power solution uses a wiring closet, making it easier to maintain since the only equipment in the ceiling is the wireless unit and not a power pack.

Kuchnicki says they use laptops for their mobile devices because the application they had initially didn’t run on wireless pads or tablets. “Four years ago those things weren’t there,” he muses.

He reports that they are looking at using the new wireless ViewSonic airpanel 100 to run the clinical application through a tablet. He sees the tablet size as idea for lab results and notes, but using it will require building a custom front end for CancerCare’s database.

They are also considering replacing the series of charts used when patients consult a doctor with a single tablet which will be preset by a nurse to contain the necessary information for each patient in turn.

Another advantage of the new wireless system is its compatibility with other Wi-Fi wireless products in the 802-11 standard space, giving CancerCare the option to mix and match with various products.

But beyond compatibility is the concern that a wireless system might interfere with existing systems and cause, for example, the IV monitors to suddenly not function. CancerCare’s biomedical engineering department and the Health Sciences Centre put the wireless equipment through some rigorous testing to ensure it was safe to use within clinical areas. Kuchnicki also makes sure all laptops and wireless devices used within the facilities clinics are using 802.11 technology, not Bluetooth since the latter could cause interference with clinical equipment.

Ensuring security

Of course the major concern with wireless relates to security. In fact, Bruce Comeau, 3COM’s Edmonton-based western Canada sales manager who specializes in wireless technology, says security is the most important consideration when adopting a wireless strategy.

He explains that there are some standards that come out of the box for wireless. One of them is called wired equivalency protocol (WEP) which he says is meant to give security similar to a land-wired connection. However, he cautions that WEP in itself is not going to give the security required, especially in the health care environment.

Careful layouts of antennas will limit how much of the radio signal “leaks” beyond the facility’s perimeter, Comeau advises. He suggests hospitals go beyond the standard 40-bit WEP and instead gain greater security by selecting a product with at least 128-bit encryption capability. The latter makes it significantly more difficult for attackers to discover the access key to your wireless local area network (WLAN), he says.

Comeau also encourages hospitals to make their data more secure by augmenting the basic firewall protection on the wired network by investing in hardware with additional security options such as a dynamic security link that automatically negotiates a unique security key for each session.

He adds that companies in the health care or financial environment should use 128-bit encryption and provide dynamic keys. “So every time a user connects to the access point, the PC in the access point will talk and exchange a new key every time a session has started,” he explains. “You can’t hack that, because it’s changing every time.”

He also recommends using Virtual Private Networks (VPNs) on top of wireless to create a secure connection to databases. He points out that remote authentication dial in user service (RADIUS) offers another layer of security by providing a user name password scheme.

Network security

Kuchnicki says that they made sure the CancerCare internal network is secure by designing it so that they know about everything that plugs into each and every port. “If a user phones in and says I need to do this or that, we ask them for the port number on the wall, connect into the switch or whatever device and activate it on the fly so we’ve made sure at least only people we know of are connecting to our system. We don’t even allow them to move their own equipment.”

He says they started with 3COM’s hardware encryption built into the box because of the speed, then subsequently added a product from Cranite Systems Inc. of San Jose, Calif., layered on top to give patients access to the Internet via their own wireless laptops. Cranite Systems’ WirelessWall uses Advanced Encryption Standard (AES) tunnels to create creating per-connection firewalls between the wireless nodes and the rest of a network.

“Since you don’t have our client installed, we’ll give you access to the Internet, but that’s it,” Kuchnicki stresses. “You can’t even see the rest of our network with the security that we’ve put in.

“With the 3COM (solution) on the bottom end, because it is 802-11, we are able to just layer it right on top without any additional work,” he says. “The only thing we had to do is rewire the nodes into a separate DLAN (Defense Local Area Network) so we can segregate them and make them run through the firewall or, as it is actually called, the wireless access controller.”

To access beyond the Internet onto any of CancerCare’s systems requires authenticated access which is further controlled by role-based access which grants access appropriate to user’s jobs.

CancerCare just purchased hardware for proximity cards for authentication with Citrix to provide mobile sessions, Kuchnicki reports. When authorized staff members walk up to a workstation, the proximity card will kick in the sequence, they will put their finger on a scanner and, if allowed, will enter their session, he says. When they walk away more than five feet for more that 15 seconds, they will be logged out automatically. When they walk somewhere else to another workstation, they are logged in where they left off.

“We need to be able to make sure that we’ve got the flexibility, whether (staff) are on a laptop, workstation, the network security with authentication with proximity card and fingerprint scanners and then the application and carrying that session wherever you go. We’re putting all the building blocks together for ensuring privacy of data.”

He estimates the use of proximity cards will save nursing staff a half hour each day just logging in and out.

“The philosophy we try to follow is create the building blocks that allow us to layer things on top of different areas,” Kuchnicki summarizes. “Starting with the network, we made sure it had enough security in it that we implemented a consistent network through the building. Next we layer in biometric and proximity card authentication in the areas that need general purpose. In the office areas, we don’t need to (so) that’s done through standard workstation authentication. We force the employees to do their own security.”

For example, doctors are responsible to log out or lock their office doors when they leave their workstations.

“We’ve tried to take a building block approach that allows us to layer things on top to increase security where we need it and relax it where it is not as stringent to have it,” he says. “It is always a trade off between security and convenience for the staff.”

The privacy challenge

Privacy is certainly another issue facing CancerCare Manitoba and Mark Kuchnicki, information services director, says they address it separately from security.

Manitoba’s Personal Health Information Act (PHIA) legislates that anytime a patient record is touched by an employee, it has to be noted in the logs who accessed that record, says Kuchnicki. “When the legislation was implemented, they did do some grandfathering because most of the systems don’t do that level of auditing for logging. For example, our current systems actually log (just) the last person to touch it. We’re looking in the next newer versions of the application to add the functionality of tracking everyone who has touched it.

“When you run a report to find out how many breast cancer patients we’ve had that month, to get that I may have to touch (a) record,” he adds. “Even though in the summary release it won’t show (whose record it is), I still had to touch (a) record to get it. That’s one of the issues that still has to be resolved in the legislation.”

The amount of logging that actually generates is overwhelming. “We’ve done some statistics… we will have more data in logging than we will have in patient data,” he adds. “So that’s one issue we have to resolve: how can we get the logging to meet the legislation but at the same time not kill our systems?

“That legislation passed a year and a bit ago now, so any new systems we are implementing do have to have that capability,” he continues. “Our registry system for cervical cancer screening does provide that capability, but their logging is on the basis that if you open the patient record, then it is logged. If I do a report, that’s not specifically logged. At this point, it is a reasonable compromise that has been accepted by Manitoba Health.”