Implementation best practices: Laying out the infrastructure
Infrastructure is the bedrock of any health IT setup. Everything from electronic health records to telemedicine to cybersecurity to analytics depends on a rock solid, reliable network to operate appropriately and efficiently to help caregivers and administrators perform their tasks and deliver quality care.
Here, three health IT infrastructure experts share their best practices for implementing the various tools and technologies that make up the foundation of IT operations. Their advice is aimed at healthcare CIOs and other healthcare executives and health IT workers.
A risk assessment
First, healthcare CIOs should conduct a project risk assessment to determine any internal or external risk factors, in terms of delivery, security and budget, and the impact of each, said Tony Howlett, chief information security officer at vendor SecureLink.
“If this is a mission-critical, time-sensitive project or it is the critical path in other projects, you need to put much more emphasis on making sure that the estimates your team prepares are accurate and reasonable,” Howlett said. “What is going to happen if you run out of time, money or have a major issue in implementation? Are there any risks of downtime in legacy applications or systems during this project?”
Make sure to think of the worst-case scenarios as well as the rosy best-case scenarios, he added. Security and compliance risk should be included in the assessment, he said.
“A second best practice is do your due diligence on your vendors,” Howlett said. “Make sure they cannot only deliver the product or service you are looking to them for but also have the ability to deliver on time, on budget, consistently, and securely.”
Some key questions to ask vendors, according to Howlett, are:
- Financial stability. That hot startup may have some razzle-dazzle, cutting-edge tech, but will it be around in a year when one is done with proofs-of-concept or evaluations and ready to deploy in production?
- Performance. Can vendors show case studies and use-cases of projects that are not only in healthcare but for the specific use-case at hand and at that scale? Try to select vendors who specialize in healthcare or can at least show multiple successful implementations. Ask for customer references and actually call them and talk to them.
- Security. Can the vendor show it has the processes, procedures and technology to protect data and systems? Google the company for any reports of breaches or big mistakes.
Open and responsive infrastructure
Tapan Mehta, global head, healthcare and life sciences solutions, at cloud computing and infrastructure vendor Nutanix, said another best practice for infrastructure implementation is modernizing infrastructure to be more open and responsive.
“Healthcare organizations are working hard to meet escalating technology expectations from their end users,” said Mehta. “People are now accustomed to conveniences and speed driven by the use of smartphones and apps. Shifting expectations and demographics are driving a rapid growth in demand for healthcare services.”
"IT teams must deal with security issues everywhere in the stack."
Tapan Mehta, Nutanix
In order to accomplish their goals, healthcare organizations need easily managed, high-performing infrastructure solutions that will also enable them to keep their tight IT budgets intact, he explained.
When implementing health IT infrastructure, it is important to prioritize patient safety and security, said Bob Zemke, director of healthcare solutions at Extreme Networks.
“According to the 2019 HIMSS Cybersecurity Survey, 82 percent of healthcare organizations experienced significant security incidents in 2018,” Zemke said. “Due to the troves of sensitive data they house, hospitals are the most targeted sector and remain the most vulnerable of any industry. Furthermore, hospitals are also increasingly vulnerable to ransomware attacks. This is in part due to their unique environments that combine both new IoT devices and legacy technology and infrastructure.”
Legacy medical devices were not built for the security threats in today’s connected world. They often don’t contain the enterprise-grade security features necessary to protect patient security. As such, they are at greater risk for breaches.
“The healthcare sector can help mitigate this risk through their infrastructure strategy,” Zemke explained. “For example, they can start by segmenting the different types of technology across the hospital network. This will help IT professionals isolate and monitor network traffic, quickly identify and address potential vulnerabilities, and prevent access between different network segments.”
Health IT professionals should also consider deploying behavioral AI to monitor, identify and address any anomalies more efficiently, he added. Put simply, behavioral monitoring technology groups similar devices that exhibit similar behaviors. As a result, hospitals will be able to streamline how they detect and respond to potential security incidents.
More security best practices
Healthcare organizations laying out infrastructure should Improve and simplify security, disaster recovery and data protection, said Mehta.
“Healthcare organizations face cybersecurity threats on a daily basis, posing a considerable risk to critical end-user and patient information,” he said. “IT teams must deal with security issues everywhere in the stack, including the hypervisor, compute and storage. This can hinder the team’s ability to deliver application functionality in a timely manner and is not very cost effective.”
In order to achieve a high level of security, these considerations need to be incorporated into every step of the infrastructure lifecycle, from product development and deployment, to ongoing monitoring and remediation, said Mehta.
"IT practitioners often are challenged to ensure the network can support the volume of IoT technology while maintaining reliable, secure and constant connectivity."
Bob Zemke, Extreme Networks
“Applications should always access data with no single point of failure, enable storage access failover, and automatically perform ongoing data integrity checks,” he explained. “Critical applications and data must be available at all times. Unfortunately, legacy data protection and disaster recovery solutions have failed to adapt to the needs of modern virtualized applications and infrastructure.”
Getting all stakeholders onboard
Howlett at SecureLink said it is key to get buy-in for infrastructure implementations to succeed.
“Just getting a sign-off from the CEO or CFO isn’t always enough to make your project successful,” he explained. “Have you done ample surveys of the end-user departments and stakeholders to make sure they are fully invested in getting the benefits from your project?”
If it is a cross-departmental or company-wide initiative, have the benefits and project timelines been fully communicated to everyone who will be using it, he added. A successful IT project takes more than just successful technology, it takes clear and frequent communications and buy-in from all stakeholders, he said.
On another front, moving to the cloud is a best practice for infrastructure implementation today, argued Mehta.
“Healthcare organizations have much to gain by taking a cloud computing approach to service delivery,” he said. “However, they must have confidence that the promised benefits of increased operational efficiencies and productivity can be achieved without compromising the organization’s core requirements and institutional goals.”
Cloud services provide convenient, on-demand access to a common pool of configurable computing resources: networks, servers, security, storage, applications and services. Moreover, users can access virtualized, productivity-boosting services that were previously unavailable. Clouds enable local communities to share resources across several regions, and innovate in ways that would not be possible were they forced to rely entirely on their own resources.
“There are many ways in which healthcare organizations can benefit from the cloud, including: pay-as-you-grow economics and fractional consumption; platform and infrastructure resources-on-demand for agility and low operational overhead; and continuous improvements to the platform,” Mehta said. “Healthcare organizations should also keep in mind that as workloads change, the balance between owning and renting will change as well, impacting total costs.”
"Make sure the vendor cannot only deliver the product or service you are looking to them for but also have the ability to deliver on time, on budget, consistently, and securely."
Tony Howlett, SecureLink
But public clouds do not always adhere to strict data governance and healthcare regulations or provide quick access to data when needed, which is something that only an on-premises solution can provide, he said.
“Tailored SLAs for mission-critical applications and flexibility in choice of platforms are also limited in a public cloud,” he said. “An effective cloud solution should provide frictionless agility, management simplicity, and fractional consumption of cloud services while still providing control over performance, location of data and services, and enable the choice of platforms. More and more healthcare organizations are adopting a hybrid cloud model as it provides the best of both worlds.”
The Internet Of Things
One final infrastructure implementation best practice the experts offered is optimizing for Internet of Things technology with intelligent network automation.
“From connected infusion pumps to patient monitoring devices, IoT in the health sector is here to stay,” said Zemke. “In fact, Allied Market Research estimates the IoT healthcare market will reach $136.8 billion worldwide by 2021, and Frost and Sullivan found that there is already an average of 15-20 medical devices per hospital bed today. IT practitioners often are challenged to ensure the network can support the volume of IoT technology while maintaining reliable, secure and constant connectivity.”
The majority of hospital networks were designed decades ago and the architectural principals no longer scale along with the device and client usage, Zemke stated. The key to optimizing infrastructure to support IoT devices is to deploy intelligent automation that will connect people and systems across silos to work together in a more seamless and effective way, he said.
“Today, healthcare organizations can augment their networks with artificial intelligence and machine learning technology to help automate various systems and functions,” said Zemke.
“IT teams should consider automating network policy rules so they can monitor and address connectivity issues more efficiently. This will improve overall network connectivity and uptime and will help to ensure that the most critical devices supporting clinical care are constantly connected 24/7/365.”