Why Power over Ethernet-based Computers Strengthen EHR Security

Modern healthcare facilities are continuously challenged to reduce energy consumption while simultaneously adopting higher performance information and communications technology (ICT) that significantly boosts total energy usage and associated costs. Finding the optimal balance between these two requirements can be elusive. It’s a conflict that’s compounded by evolving ICT system mobility considerations and information security concerns.

Historically, healthcare facilities used computers on wheels (COWs) to access and capture patient records. These range from expensive battery-powered carts that could last up to a day without recharging, to notebook computers mounted on carts that last just a couple of hours. These medical carts can be costly to procure, install, power, and maintain. Batteries need to be recharged frequently and have a limited lifetime, warranting periodic replacements. The mechanical parts of the carts could also be damaged due to normal wear and tear, introducing reliability concerns. A recent trend is the use of consumer tablet devices instead of notebook computers.

More so than notebooks, tablets can be stolen or damaged, and present a potential risk of data theft. An alternative is to wall-mount touchscreen computers at various vantage points, such as therapy rooms, corridors outside patient rooms, and cafeterias in senior care facilities. These computers draw power from nearby AC power outlets, which typically cost $250 per outlet to install1. Add an uninterrupted power supply (UPS) for each desktop, laptop, and touchscreen in a large PoC facility, and the costs can rise astronomically.

Wall-mounted touch screen computers powered by Power over Ethernet (PoE) can help overcome these challenges, enabling significant cost savings. PoE computers provide increased energy efficiency and EHR security.

PoE Standard Explained

PoE encompasses several standards that enable electrical power and data to flow across standard Cat5e Ethernet network cabling. PoE allows long cable lengths up to 100 meters using a PoE switch. One of the key advantages of PoE is that it allows network devices to be installed in ceilings or wall spaces where electric outlets are difficult to reach. It is cheaper and faster to deploy Cat5e data points than to install AC outlets.

The original IEEE 802.2af-2003 PoE standard, which was limited to 15.4W, was used to power voice over IP (VoIP) phones and early access points. However, it failed to deliver sufficient power for newer devices that supported unified collaboration endpoints. So, a newer IEEE 802.3at-2009 standard, called PoE+, was developed, supporting up to 30W of power and providing the ability for devices to negotiate their power needs. PoE can also support HD video, surveillance cameras, and the newer generation of wireless access points. Many facilities already have PoE+ switches installed for powering VoIP phones, wireless networks, security cameras, and PoE computers that can operate within 30W specification.

To install PoE, network administrators can purchase network switches with built-in PoE+ support from numerous manufacturers. Network administrators can also add a mid-span injector between an existing non-PoE switch and network devices to add power to the network cable. Most switches and managed PoE injectors allow network administrators to monitor all power consumption and recycle power to the individual ports.

Why PoE-based Computers

As PoE networked devices take a more central role in healthcare organizations, the benefits and cost savings they offer become more apparent. For energy savings alone, consider that typical all-in-one desktop computers such as those often used in POC wall mounted kiosks consume 65W of power or more. A computer operating under IEEE’s 802.3at PoE+ standard will consume less than 30W, or approximately 50 percent of the power of a standard all-in-one desktop. Aggregate this savings across an entire facility, and the numbers are compelling. Additionally, PoE-based computers can be turned off completely; there are no companion adapters or power supply switches that remain powered on, consuming additional energy.

PoE also enables several security advantages for protecting against unauthorized access to EHRs. PoE computers are powered by a network switch and can be controlled via the network. They have only one source of power input (via the network) and therefore can be powered on only with the necessary network permissions. The network manager can also power up or down individual systems remotely across a LAN or WAN, providing an added level of security and reducing the risks of unauthorized access. Additionally, the network can record where and when the PoE computers are being used, creating a useful log of device usage for the organization. However, there’s a possibility for signal leakage, so it’s recommended to encrypt data to ensure it cannot be sniffed.

As previously mentioned, PoE-based computers do not require a separate electrical supply, which means that the potential savings from electrical installations are typically $250 per computer2. The savings add up quickly depending on the number of devices to be installed. With PoE-based computers, healthcare facilities can install devices where they need them (not just where they have power outlets) by fishing a PoE powered low voltage Cat5e cable. The PoE switches or mid-span injectors can then be backed up with a single, central UPS, eliminating the need for an individual UPS for each PoE computer and ensuring that every PoE computer on the network is operational during power outages.

Underlying Platform

As you might expect, PoE computers operating in POC facilities require very high performance, but they also must operate on low power. They require an underlying processing platform that provides high-definition video and graphics processing support. Size also matters; a platform that incorporates a graphics processing unit (GPU) and a central processing unit (CPU) on a single die – a system on chip (SoC) – allows for a smaller footprint, enabling compact yet powerful PoE computers. This is a particularly valuable benefit for wall-mounted touchscreen PoE computers.

As with conventional computers designed for use in healthcare settings, PoE computers can be built with anti-bacterial plastics, support HIPAA compliance via privacy filters, and offer multi-level authentication support. They can be used as standalone networked computers accessing Internet-based EHR applications or used as thin clients to access applications on hosted virtual desktops. For healthcare facilities, these PoE computers enable significant savings on deployment and energy costs, while improving the security of EHRs.

-----

References:

1. http://www.fixr.com/costs/install-electrical-outlet
2. http://michaelbluejay.com/electricity/computers.html