Hospital LAN Initial Evaluation

NIT 362

Explain the network’s fundamental characteristics and components.
The Hospital’s Local Area Network (LAN) consists of two distinct network segments: Clinical and Admnistrative networks and are connected via bridge. The Administrative uses an ethernet backbone that is 1000BaseT using CAT 6 cable while the backbone for branches from each department run on 1000BaseF using single-mode fiber. Each clinical area is connected via a bus architecture to the main 1000BaseF backbone (Apollo, 2013).
The administrative network’s Executive Management has three different types of workstations and two different types printers all networked on the 1000BaseT Ethernet using a bus architecture. The workstations are for Executive Management, Senior Management in HR, Operations and Finance, and Data entry in HR, Operations and Finance. Workstations for Exeuctive management and Senior Management are iMACs while workstations for data entry are Hewlett-Packard thin clients. The printers are the Hewlett-Packard Model 4350 (black and white laser printers) and Hewlett-Packard Model 4200pht (color laser printsers) (Apollo, 2013).
On the clinical side of the network, Apple Mac Pros are used for modality viewing stations, which are each connected to their own DICON digital to film printers (Kodak model 6800) are used in Radiology. The emergency room has a MAC PRO workstation connected to a portable X-Ray machine and each Emergency Room bay has an iMAC workstation. The Lab uses Apple iMACs and has one Hewlett-Packard Model 4700pht color laser printer while the Pharmacy has a similar setup using iMACs for workstations, but connected to Hewlett-Packard Model 4350 black and white printers (Apollo, 2013).
Operating Rooms use Apple MAC PRO’s for RIS imaging with iMAC workstations. ICU is the only place utilizing Wireless Access Points, which are 1250 Series Cisco routers and each room is connected to the network through a 24 port Fiber Optic Hub. The nurses stations are iMACs and are individually connected to their own Hewlett-Packard Model 4350 printer (Apollo, 2013).
The Data Center has Apple Cluster Servers, connected workstations and two shared printers. The Servers are connected to disk storage for data backup using 4 gigabit fiber and a InfraStruXure model ISXT280HD8R power supply ensures uninterrupted power in the event of an emergency.
The IT Data Center uses an IBM Series Z9EC HIS system computer and IBM DB2 database, It is connected to backup storage and Backup power via the same methodology as the Data Center Apple Cluster Servers. The Windows Exchange Server utilizes RAID 1 data storage and is running Windows Server 2003 Enterprise. The Internet Server is an IBM System x3250 with RAID 1 storage and connects to the internet through a Model 7609 Cisco Router. Data center workstations and a Remote Access Server (RAS) is connected to the Internet through a Cisco ASA 5510 VPN router, all connected to the 1000BaseT CAT6 line. This line connects to the 1000BaseF fiber network containing clinical departments via a network bridge (Apollo, 2013).
Evaluate the current network topology and applicable Standards
Using a Bus topology requires “daisy chaining” nodes sequentially along the transmission medium—in this case 1000BaseT over copper cable and 1000BaseF over optical. For 1000BaseT over copper cable, IEEE 802.3z standards apply while for 1000BaseF over optical 802.3ab standards apply (Golenlewski, 2007). The bus topology utilized in the hospital network is one of the easiest and most cost efficient to install, but it suffers from having to ensure lines are terminated, using terminators (Golenlewski, 2007). It also suffers from high rates of collisions (when two packets collide on the network backbone and disrupt transmission of both. The reason for this is that every packet is sent to all systems along the line and is rejected by each node until it reaches the appropriate destination. This not only causes higher collision rates (when packets “collide” in transit on the network), but uses bandwidth that could be better used elsewhere. Segmenting each clinic into their own separate domains and changing the hubs in ICU using bridges/switches will help reduce collisions and will increase performance of the network. A router or firewall would also be helpful for increased security between the Administrative and Clinical segments, and the use of a firewall between the ICU and the other parts of the network would help to ensure security of patient information from being seen by unwanted eyes. This would help to put the clinic back into compliance with HIPAA standards ("Health information privacy," 2014) because as it stands the network is vulnerable to attack and the wireless access point in ICU is one of the central points of failure. As for the bridge in between the two networks, it could easily be replaced by a router and/or firewall to increase security and each clinic could be divided into domains by connecting their end devices to a switch to segment individual domains and reduce bandwidth requirements by directing to segments rather than the entire network. The firewalls can protect the network through packet filtering (Golenlewski, 2007), protecting ports and by containing tables of trusted entities on the network along with their “trusted states” to assess access levels warranted. All these devices fall under the layers 1 and 2 of the ISO model and therefore are also governed by those standards on a broader level.

References:
Apollo Group. (2013, March 10). Information technology network diagrams. Retrieved from https://ecampus.phoenix.edu/secure/aapd/CIST/VOP/Healthcare/PFCH/it.asp?topview
Golenlewski, L. 2007. Telecommunications Essentials: The Complete Global Source, 2nd Ed. Boston, MA: Pearson Education
Health information privacy. (2014, March 10). Retrieved from http://www.hhs.gov/ocr/privacy/