Focus: Cybersecurity

The blueprint for IoT infrastructure in healthcare

By Justin Rigling / Special to Healthcare Facilities Today
July 23, 2019

Improving the patient experience, increasing the number of positive healthcare outcomes, and reducing the costs associated with day-to-day operations are goals shared by healthcare administrators and facilities managers alike. New technologies have been the obvious contributors to improving these efforts for years – be it through a new medical procedure or a digital upgrade to a filing system or staffing roster. Now, developments in technology that contribute to the Internet of Things (IoT) are introducing some extremely interesting innovations for healthcare providers. 

Healthcare IoT applications utilizing the tracking and sensing of devices have increasingly become more affordable and more precise. These developments bring with them the promise of a next level of quality in terms of patient experience and operational efficiency provided through connected healthcare facilities. Improved patient monitoring will allow for a safer and less intrusive check-in regimen during overnight stays. The tracking of critical assets – such as storing medicines in individual rooms while maintaining a security audit and cold chain – brings both increased operational efficiencies and quicker care to patients. Implementing data-backed approaches to employee scheduling presents benefits to staff and improves their ability to provide care for individual patients. 

Of course, the world of IoT also comes with risks that rightfully leave those in IT departments wary. With HIPAA requirements in place, IoT in healthcare introduces several unique security and confidentiality components that must be taken seriously and planned for well in advance. To introduce an IoT application at the scale of a hospital, a healthcare campus, or entire healthcare system, requires flawless execution in terms of secure connectivity and edge computing. That “edge” component is critical. It provides the computing power to effectively process data near the source and allows an IoT task to execute without delay.  

This need for reliability and security can be challenging – and expensive – especially if healthcare providers attempt to design, develop and deploy their own solutions. Healthcare facilities are not alone in facing the challenge of occupying buildings that are ill-equipped for in-house development and deployment of an edge-capable system.  

It is these factors – the complexity, risk, connectivity, and cost – that have historically been barriers to the adoption of IoT in the healthcare space. 

However, solutions are now available thanks to a secure and scalable edge architecture model: the utilization of edge-capable wireless gateways that bring IoT applications under a single access point, provide the necessary compute power for IoT, and connect devices to cloud providers seamlessly and securely. Furthermore, the proliferation of Bluetooth Low Energy 5 (BLE) has made the connectivity of devices far more cost effective – both in terms of the actual devices and in the required power draw.  

The result is sensors, asset tags, and gateways that are affordable enough – and managed well enough – to be deployed at scale. Here are a few examples of what this looks like in practice, as well as instances where the industry is seeing success, momentum and innovation with IoT in healthcare. 

Patient monitoring 

BLE-based sensors – for measurements such as temperature or other vital signs – offer real advantages in patient monitoring. The devices are sophisticated enough that they can transmit data by the second, allowing for more visibility into a patient’s status – even as in-person check-ins are conducted less frequently. 

Wireless capabilities are critical as well. Using BLE means a longer battery life and a more effective wireless connection. This results in patients who can be more mobile and monitored outside of their hospital rooms. In turn, this results in a more comfortable experience for the patient, as it eliminates a constant, tethered connection to wired bedside devices. 

With HIPAA as an additional consideration, confidentiality components must be designed into the network. For example, using techniques such as MAC-address rotation allows facilities to collect employee or patient-level data without it being tied to an individual. This means that even in the event of a security breach, the information can’t be connected to a single person. 

This form of advanced, confidential and real-time patient monitoring is one of the most in-demand IoT applications in healthcare today. Healthcare providers, such as elder-care facilities and in-patient hospitals, are installing gateways in every patient room and in common areas to provide safer, less intrusive, and more flexible monitoring. 

Tracking key assets 

Keeping track of important and expensive equipment, such as oxygen tanks or wheelchairs, may not be a new concept in healthcare, but the reduction in the cost of tracking tags and monitoring solutions means loss prevention is being extended in terms of what can be inventoried and tracked. 

Utilizing wireless IoT gateways allows for coverage to be extended all the way to the perimeter of a campus. This provides for real-time location of an asset and an alarm to be triggered if an asset enters a geographically restricted area. 

Key assets, such as medicines or medical devices, can also be tracked by implementing locks with a credential system and an audit trail. Cold-chain management for medicines and vaccines can also be deployed at scale. The costs for sensors have been reduced to the point that individual containers can now be affordably temperature tracked as they move about a facility. When the cost and effectiveness of perishable treatments is at stake, this becomes a critical need as it brings additional confidence in the service a facility provides.  

There are some key considerations for this type of IoT deployment, such as what level of accuracy is required and what level of cost and performance trade-offs must be balanced. For that reason, a best practice is to implement a flexible gateway infrastructure where all types of IoT applications can be installed and configurations can more easily be changed as necessary. 

Staff scheduling & optimization 

Scheduling has long been a hot category in healthcare as providers seek optimization of staff hours with patient care. However, seeking out accurate information as to how worker skills relate to task times has always been a challenge. Self-reporting of how time is used can often be estimated in a way that results in half-baked assumptions for schedulers. 

The ability to cost-effectively gather real-time data about staff location significantly alters this equation. By understanding where staff are located during a day, and what areas require certain levels of attention, IoT applications can offer new options for optimizing staff scheduling. In turn, this can help improve both staff utilization and patient care. 

Always considering security 

In each of these use cases, security remains paramount. We previously looked at one strategy of ensuring confidentiality for patients – the rotation of MAC addresses – but key considerations must go into each level of network design. 

Utilizing providers – both on the application and hardware side – that provide constant security patches and support is a must. Also make sure they have developed systems and safeguards to protect both from digital attacks as well as physical ones. An individual removing a gateway from a wall, or a sensor from a device, should not be able to access any data being transferred or any security keys being stored.   

Partnering for success 

To effectively implement these solutions, healthcare facilities should look to an edge infrastructure partner that understands the desired IoT applications and can bring them together onto a unified and secure gateway. The flexibility of allowing multiple applications to run through a single access point is critical when installing and managing devices at scale. It also ensures the system exists as a cost-effective model throughout the life of the installation. 

Edge solution providers and application developers must also approach such installations as a partnership, as opposed to a sale. Long term support, potentially through a subscription model, providing constant and consistent security updates is critical. These “as-a-service” subscriptions ensure you have assistance in monitoring the system and replacing the devices if the technology becomes obsolete or fails. That said, make sure you are not being locked into a closed technology or an infrastructure tied to exclusive partnerships. Open platforms are important to ensuring the long-term success as your needs shift or the scale of your deployment changes. 

These partnerships reduce the complexity and risk associated with Healthcare IoT. They empower facilities and providers to make the promise of IoT a reality. The result is healthier patients, more effective staff, and more efficient healthcare operations.  

Justin Rigling is the co-founder & CTO of Rigado. See the latest posts on our homepage


Topic Area: Security

Recent Posts
Recent Posts

Twice as Nice: Hospital To Double Bed Count

Expansion will add 200,000 square feet, more than double number of beds, and renovate and expand surgical and other facilities


Rethinking Emergency Preparedness in Assisted Living

Research findings underscore importance of understanding ‘unique challenges’ communities face


Ronald McDonald House in Hotel Links to Hospital

First-ever Ronald McDonald House designed and built for hotel has opened


Health-Housing Project Targets Community Needs

3.7-acre complex is designed to increase access to healthcare and affordable housing for area’s most vulnerable


Seismic Shift: System Opts To Build New, Not Retrofit

Retrofitting existing facility would cost about as much as building new hospital


Post Comment


News & Updates • Webcast Alerts • Building Technologies

All fields are required.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.