What is SD-WAN for Healthcare?
| SD-WAN is being used across the healthcare industry to boost security, uptime and allow new network technologies such as IoMT and smart healthcare devices. |
Given the scale of computer-based systems within the healthcare sector and healthcare’s ever-growing reliance on technologies such as Electronic Health Records (EHR), healthcare networks have begun to become a major focus in recent years. When coupling these systems with increasingly adopted advancements, like Telemedicine, it has become clear for many network administrators within the healthcare industry that traditional WAN networks are no longer a viable option when attempting to deliver all of these systems optimally.
As seen across many other industries, Software-Defined Wide Area Network (SD-WAN) solutions offer a clear shift from traditional WAN, with many healthcare providers reporting successful implementations of SD-WAN that have enabled greater adoption of technologies to aid their services.
In this article we’ll discuss the unique demands that SD-WAN supports healthcare providers to achieve, not only alleviating the stresses of enabling new technologies, but also meeting regulatory compliance, data security measures and ensuring that access to real-time data and application performance is maximised.
Key Healthcare-Specific Features of SD-WAN
Within the healthcare sector there are many considerations and requirements for network administrators that aren’t so prevalent across other industries.
One of these requirements is ensuring that all networked systems receive the required resources and bandwidth in order to prioritise critical healthcare operations. With SD-WAN, application-level controls can be utilised to prioritise the more high-impact healthcare technologies, like Electronic Health Records and PACS (medical imaging).
SD-WAN achieves this by implementing dynamic traffic routing and Quality of Service (QoS) to load-balance traffic based on priority. Further to this, SD-WAN can also switch across multiple network underlays to ensure that technologies like remote telehealth are always running across the optimal path, providing real-time data access.
However, whilst prioritising specific traffic types is an important feature, arguably the most important network functionality is the ability to maintain continuous uptime. The aforementioned use of multiple network underlays is essential to SD-WAN offering improved uptime, as by leveraging this capability, redundant underlay can be used in the event of a link outage. This features significance is emphasised within the healthcare sector, with potentially severe consequences faced by (typically traditional WAN) networks unable to meet this demand.
Benefits of SD-WAN for Various Healthcare Sectors
One of the more apparent benefits of utilising an SD-WAN solution within a healthcare setting is the scaling capabilities. Offering networks with improvements for branch connectivity, SD-WAN is ideal for amalgamating clinics, laboratories, hospitals and GP practices for greater connectivity between a range of systems and services. Due to SD-WAN utilising a range of network underlay, healthcare providers no longer have to rely on Multiprotocol Label Switching (MPLS) connections, allowing for cheaper alternatives to be aggregated to achieve similar, if not better performance.
For healthcare providers, a continuously growing number of networked devices means that networks are beginning to become overwhelmed with data. With many interconnected healthcare systems, often including IoT devices, sensors and smart healthcare equipment, high volumes of data are continuously generated and transmitted across the network. Unfortunately, bandwidth limitations mean that networks are restricted in the amount of data they can transmit at any given time and therefore this leads to issues such as collisions which result in packet loss. SD-WAN offers healthcare providers with the solution to this issue by often implementing edge computing support packaged in the solution. Edge Computing distributes computation and closer to the data source, such as the IoT sensor or smart healthcare equipment, reducing traffic sent to a central hub for processing. By reducing the volume of traffic sent across the network, edge computing significantly lowers latency and reduces bandwidth utilisation – meaning that other critical services can utilise these extra resources for greater performance.
SD-WAN’s optimisations aren’t just limited to basic network optimisations though. SD-WAN enables newer technologies such as telemedicine, allowing for HD video consultations with patients, regardless of whether they are rurally/remotely located.
Case Studies of SD-WAN in Various Healthcare Settings
The greatest testament to the importance of implementing SD-WAN in the healthcare sector is successful case studies.
The first of these being Sentara Healthcare, who implemented Equinix SD-WAN. For Sentara, who are based in North America, issues with high volumes of patient connections were becoming more and more apparent, especially for systems like their online portals and telemedicine. These systems were prone to either higher volumes of traffic or more resource-greedy traffic (in the case of HD video telemedicine). Deploying Equinix SD-WAN allowed Sentara to address these issues, with support for utilising hybrid multi-cloud solutions for other network aspects. By introducing SD-WAN, Sentara improved their networks resilience to traffic demands across hospitals, allowing for higher availability to patient records, greater overall uptime of networked resources and failover mechanisms to prevent downtime in the event of high traffic volumes.
Our next example, Bupa Health Clinics in the UK, implemented Cisco Meraki SD-WAN in order to improve their network reliability and security across a large volume of branches. Bupa have over 45 health centres, with hundreds of further dental centres and care homes across the UK – meaning that interconnecting such a high volume of sites successfully was at the forefront of requirements with their SD-WAN solution. Bupa required that, across all sites, each branch performed consistently and could easily access cloud-based health management systems, with minimised latency. By implementing Cisco Meraki, Bupa Health gain centralised, secure management across all of their sites, making policy changes and new site integration far easier than with their old networking system. The improved network visibility and more efficient resource management meant that networked systems and data gained greater availability, with improved data security owing to the policy consistencies.
Whilst Bupa is one of the biggest healthcare providers in the UK, in North America Universal Health Services (UHS) is one of the largest hospital management companies, with acute care and behavioural health offices.
For UHS, being able to implement and scale telehealth services across many locations was highly important. Due to this, UHS had focused their attention towards their bandwidth utilisations and had noted that their outdated network lacked the bandwidth availability in order to meet demands for video conferencing. Further to this, UHS also desired local breakout capabilities in order to harness cloud applications in a HIPAA compliant manner. By moving to an SD-WAN solution, UHS became able to scale their Zoom-based telehealth services across over 400 locations, primarily due to the bandwidth management capabilities that SD-WAN offered them. This bandwidth management prioritised the telehealth traffic, allowing for higher quality calls, whilst the implementation of local breakouts meant that cloud applications could be harnessed within the security limitations that HIPAA compliance requires.
Regulatory Challenges and Considerations in Healthcare SD-WAN
One of the challenges faced by network administrators is the need to navigate regulatory compliance on a regional basis. The matrix below highlights some of the legislative differences when comparing the UK with North America. The UK guidelines are led by GDPR and NHS Digital, while North American healthcare is guided by HIPAA and PIPEDA.
Different Aspects of Healthcare's Digital Protection Regulations From UK and North America
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Aspect | UK (GDPR, NHS Digital) | North America (HIPAA, PIPEDA) |
|---|---|---|---|---|---|---|---|
| 1 | hyelland | 07/11/2024 02:42 PM | hyelland | 07/11/2024 02:42 PM | Legislation Type | Comprehensive data protection (GDPR) with healthcare-specific guidelines (NHS Digital) | Healthcare-specific regulation (HIPAA) in the USA, and general data protection regulation (PIPEDA) in Canada, with adaptations for the healthcare sector |
| 2 | hyelland | 07/11/2024 02:42 PM | hyelland | 07/11/2024 02:42 PM | Scope | All personal data, including healthcare data handled by both public and private sectors | In the USA, applies to healthcare providers, insurers, and their business associates. In Canada, applies to all personal data, including healthcare data handled by commercial organisations |
| 3 | hyelland | 07/11/2024 02:42 PM | hyelland | 07/11/2024 02:42 PM | Data Sharing within Networks | Strict rules about sharing with third parties without explicit consent, NHS Digital oversees secure data sharing within NHS networks | Allows sharing of patient data for treatment, payment, and operations without explicit consent but requires safeguards in the USA. In Canada, allows sharing with adequate consent, organisations must establish policies for data exchange security |
| 4 | hyelland | 07/11/2024 02:42 PM | hyelland | 07/11/2024 02:42 PM | Data Encryption Requirements | Encryption is recommended under GDPR as a security measure, NHS Digital has strict guidelines for encryption to protect patient data during transfer | HIPAA mandates encryption of electronic Protected Health Information (ePHI) during storage and transmission, particularly in networks. In Canada, PIPEDA recommends encryption as a best practice for secure data exchange, focusing on minimising unauthorised |
| 5 | hyelland | 07/11/2024 02:42 PM | hyelland | 07/11/2024 02:42 PM | Data Breach Notification | Mandatory notification to the ICO within 72 hours for breaches, including those impacting healthcare networking | Mandatory notification to HHS and affected individuals without unreasonable delay, generally within 60 days, in the USA. In Canada, mandatory notification to the OPC and affected individuals is required when a breach poses a significant risk of harm |
| 6 | hyelland | 07/11/2024 02:42 PM | hyelland | 07/11/2024 02:42 PM | Patient Consent | Explicit consent is required for the processing of patient data, NHS Digital provides a framework for managing patient consent for data sharing | Implied consent is sufficient for treatment, payment, and operations in the USA, while written consent is needed for non-standard use. In Canada, implied consent is used for essential healthcare services, while explicit consent is needed for secondary use |
| 7 | hyelland | 07/11/2024 02:42 PM | hyelland | 07/11/2024 02:42 PM | Data Portability | Patients have the right to request copies of their data in a portable format, including healthcare records (applies under GDPR) | HIPAA guarantees patient access to health records, allowing digital copies if feasible, but no specific portability format is mandated. In Canada, PIPEDA requires organisations to provide access to personal data in an accessible format upon request |
| 8 | hyelland | 07/11/2024 02:42 PM | hyelland | 07/11/2024 02:42 PM | Third-Party Vendors | GDPR holds both data controllers (e.g. hospitals) and processors (e.g. vendors) accountable, Data Processing Agreements are required | Both HIPAA in the USA and PIPEDA in Canada require organisations to ensure third-party vendors meet privacy obligations. HIPAA mandates Business Associate Agreements (BAAs) for all third parties handling ePHI, whereas PIPEDA recommends contracts to ensure |
| 9 | hyelland | 07/11/2024 02:42 PM | hyelland | 07/11/2024 02:42 PM | Data Localisation | Data can be processed within the EU/EEA or other countries with adequate protection, special considerations apply to NHS patient data for security and privacy | No localisation requirements in the USA, patient data can be stored offshore provided HIPAA requirements are met. In Canada, there are no specific localisation requirements, but organisations must protect transferred data, including cross-border data shar |
| 10 | hyelland | 07/11/2024 02:42 PM | hyelland | 07/11/2024 02:42 PM | Interoperability & Standards | NHS Digital supports interoperability and data standards such as FHIR (Fast Healthcare Interoperability Resources) to facilitate secure networking between systems | Encourages interoperability through ONC standards and FHIR adoption in the USA, focusing on secure communication channels within healthcare networks. Canada also supports interoperability, often guided by provincial regulations, and generally follows FHIR |
The requirements mean that IT and administrative staff must be trained on how SD-WAN security protocols are intrinsically linked to UK and North American regulations. The result is that the configuration and deployment of SD-WAN must not be conducted in isolation — the IT team must work closely with healthcare compliance experts. There are managed service providers or professional services companies that can help ensure your business remains compliant when deploying SD-WAN.
Healthcare Requirements & How SD-WAN Achieves Them
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Healthcare Digital Regulation Requirements (UK and North America) | How SD-WAN Meets These Demands |
|---|---|---|---|---|---|---|
| 1 | hyelland | 07/11/2024 02:41 PM | hyelland | 07/11/2024 02:41 PM | Data Protection & Privacy Regulations | SD-WAN solutions offer integrated security features, such as end-to-end encryption, authentication protocols and segmentation to maintain the integrity of data, whilst restricting access from unauthorised sources. |
| 2 | hyelland | 07/11/2024 02:41 PM | hyelland | 07/11/2024 02:41 PM | Data Sovereignty and Localisation | SD-WAN enables healthcare organisations to utilise intelligent traffic routing capabilities to direct traffic through specific pathways and network links in order to match data sovereignty requirements, ensuring that sensitive data remains within authoris |
| 3 | hyelland | 07/11/2024 02:41 PM | hyelland | 07/11/2024 02:41 PM | Network Resilience and Reliability | SD-WAN increases network availability and failover capabilities through the ability to transmit traffic over multiple network underlays. This means that traffic can be routed dynamically, unlike traditional WAN which uses static routing configurations, wi |
| 4 | hyelland | 07/11/2024 02:41 PM | hyelland | 07/11/2024 02:41 PM | Secure Remote Access and Telehealth Support | SD-WAN supports secure remote access capabilities by establishing encrypted connections for telehealth services, ensuring that patient consultations and data exchanges are protected from unauthorised access. |
| 5 | hyelland | 07/11/2024 02:41 PM | hyelland | 07/11/2024 02:41 PM | Compliance with Industry Standards and Certifications | SD-WAN solutions often come with built-in compliance tools and reporting capabilities, assisting healthcare organisations in meeting industry standards and maintaining necessary certifications. |
| 6 | hyelland | 07/11/2024 02:41 PM | hyelland | 07/11/2024 02:41 PM | Scalability and Support for Emerging Technologies | Adapting to the increasing use of Internet of Things (IoT) devices and artificial intelligence (AI) in healthcare, requires networks to be scalable. SD-WAN meets this infrastructural requirement, easily integrating IoT devices and helps to support AI appl |
| 7 | hyelland | 07/11/2024 02:41 PM | hyelland | 07/11/2024 02:41 PM | Comprehensive Network Monitoring and Management | Understanding if data has been breached is extremely important, especially in a healthcare setting where data is often sensitive. SD-WAN provides centralised control and real-time monitoring of network traffic, allowing healthcare IT teams to detect anoma |
| Healthcare Digital Regulation Requirements (UK and North America) | How SD-WAN Meets These Demands |
However, it is important to also ensure that healthcare IT and administrative staff receive adequate resources and training for SD-WAN security protocols. This is a major consideration as, especially with some solutions that may be lacking customisability, administrators will need to be aware of how their SD-WAN solution will need to be configured to meet all of the regulatory requirements.
Whilst considering training, for larger healthcare organisations it’s important to introduce customised training for multi-location healthcare systems on secure management and compliance best practices. This is important due to the complexity of storing sensitive data across multiple locations, further made more complex by differences in geographical regulations for the industry.
Conclusion
In summary, meeting the diverse healthcare regulations is protracted and presents serious risks if the organisation is not working with a detailed understanding of SD-WAN solution capability. At a basic level, SD-WAN can improve the WAN performance of healthcare by introducing centralised management, AI, IoT support, reporting, and traffic management. These aspects work directly to keep telemedicine and electronic health records (EHR) both secure and accessible to users, whether they are in a branch office or working remotely.