1.Business white paperBring your own device in healthcare HP BYOD in Healthcare Healthcare providers can use tablets, smartphones, and other personal mobile devices to access vital resources with strong confidence in security and control.

2. Who should read this paper? Healthcare administrators, IT directors, security managers, and network managers should read this white paper to learn how HP Networking solutions simplifies security and network access control to help healthcare providers make the most of bring your own device (BYOD) initiatives.Table of contents 4Executive summary4Healthcare is mobile4Bring it from home5Mitigate the risks of BYOD5Changing the rules of networking6No-fuss network access control6Authentication and authorization with IMC/SNAC7Ensure endpoint integrity7Maintain security compliance7Prevent wireless threats7Monitor the WLAN7Go ahead, bring your own8Additional resources8Conclusion 3. In todays healthcare environment, moreand more people are bringing their Wi-Fi devices into the hospitals infrastructure. This presents a unique challenge to the hospital IT administrator. This paper discusses the challenges and solutions on how HP addresses the securityand management of multiple Wi-Fidevices being introduced into the wireless/wired network.Executive summaryBring it from homeMany healthcare providers are enticed by the idea of allowing caregivers, administrators, and patients to use their own tablet computers, notebooks, and smartphones to access healthcare resources. However, they are concerned about the security risksand the impact on IT operations.Many healthcare professionals, for example physicians who work in multiple hospitals, want the convenience of using their personal devices to access hospital applications. Patients, too, often want to use their own devices, whether they are waiting for their appointment or during an extended hospital stay. And if network access isnt officially sanctioned, patients and healthcare providers alike are probably trying to figure out how to sneak their mobile devices into the organizations network anyway.HP Networking is helping healthcare providers realize the potential of BYOD initiatives by allowing caregivers and administrators to use their own mobile devices in a way that is secure and operationally efficient. HP Intelligent Management Center IMC provides a simple way to enforce network access control that is ideal for BYOD.Healthcare is mobile Healthcare is inherently a mobile work environment. And putting the most up-to-date information into a clinicians fingertips throughout all stages of the healthcare delivery process saves time, reduces error, and ultimately improves health outcomes. Physicians in particular have embraced the idea of using tablets and other mobile devices in their daily routines. The ability to view patients medical records, test results and scans is a huge time saver. And the ability to quickly check medical and drug-interaction databases can literally be the difference between life and death. In addition to physicians, healthcare workers and even billing professionals have taken to the efficiency of using tablets, notebooks, and other mobile devices.If Corporate America is any indication of the BYOD phenomenon, the idea of using personally owned tablets, smartphones, and notebooks is catching on fast. In fact, 72 percent of corporations allowed the use of personally owned mobile devices for business purposes, according to Aberdeen Group.1 Healthcare providers must consider how they will effectively manage and secure personally owned mobile devices. BYOD devices cannot easily be identified, and therefore managed, by the IT department. When a physician, nurse, or administrator brings in their own devices, IT has no control over where it has been or what applications the user has downloaded. The health of the device is unknown, and its virtually impossible for IT to enforce security policies and remediate compromised computers. And that creates a big risk when the mobile device connects to the healthcare providers network and accesses vital applications and information.14Prepare Your WLAN for the BYOD Invasion, Aberdeen Group, July 2011 4. Mitigate the risks of BYODChanging the rules of networkingSecurity is a top priority at healthcare organizations, where patient privacy is paramount. At the same time, medical information can be a treasure trove of Social Security numbers, credit card details, and other valuable data for cyber-criminals.Mobility can drive new levels of patient care, but when legacy networks are pushed to the limit, they become fragile, difficult to manage, vulnerable, and expensive to operate. Healthcare providers whose networks are at this breaking point risk missing the next wave of opportunity.Internet threats are rising, and security attacks have never been more threateningand damaging. Some of the biggest data breaches in history were reported in 2011, and three of the sixbiggest breaches involved protected health information, according to the Privacy Rights Clearinghouse.2 Security breaches can tarnish a healthcare providers reputation and cost immeasurable goodwill. It could also put the organization at risk of running afoul of regulations in the Health Information Portability and Accountability Act (HIPAA). Credit and debit card transactions must also be protected under the Payment Card Industry Data Security Standards (PCI DSS) requirements. Security is not the only challenge of successfully implementing a BYOD initiative. The influx of 802.11n Wi-Fi devices can place increased demands on a hospitals network, necessitating design changes. A recent Gartner paper notes: When enterprises are designing wireless networks, the best practice for allocation of mobile devices is to move those devices that are 5GHzcapable to the 5 GHz frequency using band steering. The goal is to separate devices capable of performing at higher speeds and move them to 5 GHz, because the additional frequencies allow a better use of the 802.11n standard using bonded channels, which effectively doubles the potential throughput needed for applications such as video. This also leaves the 2.4 GHz band for legacy devices that are not capable of taking advantage of the advanced features of 802.11n, and does not impede the devices that are 802.11n-capable with the additional protocol overhead to maintain backwardcompatibility with 802.11gradios.3Healthcare providers that deploy HP Networking solutions, based on the HP FlexNetwork Architecture, benefit from an open and standards-based solution that can scale across three dimensions: security, agility, and consistency. With HP FlexNetwork Architecture, healthcare providers can support users requirements for mobility in a way that is consistent, secure, and flexible. HP FlexCampus, a building block of the FlexNetwork architecture, allows healthcare providers to converge and secure wired and wireless LANs to deliver consistent, identity-based network access that is ideal for bandwidth-intensive medical applications and mediarich collaboration applications. And FlexManagement, another building block of FlexNetwork, converges network management and orchestration, across the campus and data center.While BYOD can help healthcare providers reduce CAPEX, administrators must help ensure that BYOD doesnt cause OPEX to rise sharply. IT needs a way to enforce consistent network access and manage personally owned mobile devices as well as those devices owned by the healthcare organization, no matter where the user goes on the wired or wireless network.2Data Breaches: A Year in Review, Privacy Rights Clearinghouse, December 16, 2011. https://www.privacyrights.org/top-data-breach-list-20113Without Proper Planning, Enterprises Deploying iPads Will Need 300% More Wi-Fi, Gartner, October 20115 5. No-fuss network access control Healthcare organizations can leverage IMC for protection of both internally owned and employeeliable mobile devices. Administrators can specify the appropriate network access rules, policies, and endpoint health posture requirements to meet the providers own security policies as well as industry compliance requirements. With IMC, administrators know who own the unmanaged devices on the network and control whattheyre doing. IMC provides authentication based on user identity, device, location, time, and endpoint posture. Users can be assigned automatically into the appropriate VLAN based on a variety of parameters, including identity, device type, device posture, and even time of day. Access rights can also be enforced based on a particular application or service, such as VoIP, Microsoft Exchange, or Internet. Users can also be granted access to network resources based on their devices IP or MAC addresses, which isparticularly useful for printers, IP phones, and barcodescanners. IMC fully supports the IEEE 802.1X standard for network access control; however, when supporting a BYOD initiative, many healthcare organizations may opt for IMCs new Simple Network Access Control (IMC/SNAC). SNAC allows healthcare providers to support BYOD more quickly and easily than a traditional 802.1X deployment, which requires deploying client software as well as integration with a RADIUS or Microsoft Active Directory server. IMC/SNAC leverages HP device fingerprinting technology to automatically identify users mobile devices. HP device fingerprinting technology uses the vendors Organizationally Unique Identifier (OUI), a unique number thats assigned to mobile device manufacturers, to automatically identify the device type. HP Networking has conducted extensive interoperability testing to verify the accuracy of device fingerprinting and is continuing to add fingerprinting capabilities.6Authentication and authorization with IMC/SNAC Heres an example of how authentication and authorization works with IMC/SNAC. The administrator creates access policy groups, such as Caregivers or Billing in IMC. The administrator also creates an access policy group called Apple Devices for iPhones and iPads. The administrator can sync with Active Directory, and then import the information into IMC. Users will then be populated into the appropriate accessgroups. The Apple Devices access policy group captures all of the Apple devices requesting access to the network. The administrator can then specify the resources or other actions that should be taken with this special group of users or devices. The same is true for the Caregivers and Billing access policies groups. Healthcare providers can add another layer of security by using different Service Set Identifiers (SSIDs) for mobile devices issued by the provider and those which are personally owned. For example, physicians devices could use secure 802.1X authentication on a caregivers SSID with full access to healthcare resources. Users with personally owned mobile devices could use device fingerprinting or self-registration on a dedicated SSID that has more restricted access and tighter security. Another SSID could be used for open guest access that permits access only to the external Internet. The flexibility of IMC allows IT managers to define the appropriate policies based on their specific organizational requirements. IT managers can deploy IMC/SNAC to quickly and easily supportBYOD today. They may also choose to migrate to a full 802.1X network access control solution over time. Or they may chooseto maintain a hybrid solution, in which 802.1X is used for organizationowned PCs and tablets, and device-fingerprinting withvendor OUI is used for personal devices. 6. Figure 1. Access control solutiondeployment scenarios and benefitsVirtual Machines Remote Oces and Branches Data Center/ Cloud1.WANWireless LANEnsure only authorized devices and users get on network Guest management Endpoint health Visibility and control of trac Uniform wired/wireless experienceCore2.Campus LANEnsure only authorized devices and users access network Endpoint health Visibility and control of tracEdgeInternetUnied Network Security Mgmt and Policy Console Remote UsersHealthcare providers can use HP IMC to help ensure that only authorized devices get access to the networkand to support BYOD initiatives in a way that mitigates risk and is operationally efficient.Ensure endpoint integrityMonitor the WLANIMC allows administrators to control endpoint admission based on the devices identity and posture. If an endpoint is not compliant with the established policies, access to the network can be isolated for remediation or blocked to protect network assets. IMC security policy component also provides non-intrusive actions to proactivelysecure the network edge including endpoint monitoring and notification.Healthcare providers can also leverage IMC Wireless Service Manager (WSM) module to monitor wireless networks, aid in RF visualization, and manage the wireless devices and clients. It integrates with IMC base platform to protect and control access to wireless services. Administrators can use IMC WSM to monitor SSID status, view RF heat maps, as well as performance graphs, status views, and performance and inventory reporting.Maintain security complianceGo ahead, bring your ownIMC also allows healthcare providers to maintain security and regulatory compliance. Administrators can centrally monitor and keep records on all users and devices that access the network, including personally owned devices. Administrators can use rich reporting to assist in documenting compliance.Healthcare providers can leverage HP suite of intelligent wireless networking solutions as part of an integrated wired/wireless infrastructure and enjoy a low cost of operation and strong, consistent security. Simplified network access control allows healthcare providers to easily and securely support mobile devices on the campus network for caregivers, administrators, and guests while holding the line on operational expenses. With HP, mobility is simple to deploy, easy to manage, and based on industry standards.Prevent wireless threats Healthcare providers can use HP Mobility Security IDS/IPS System Series to detect and prevent wireless threats with automated policybased security and locationtracking capabilities for all 802.11 WLAN networks. It uses patented automatic classification and mitigation techniques to block unauthorized wireless traffic without disrupting the performance of authorized wireless devices. It also includes reporting for HIPAA.7 7. ASAN Medical Center boosts efficiency for staff and patients with new WLAN ASAN Medical Center, based in Seoul, is the largest hospital in both Korea and Asia. The main medical center is a massive complex that treats 9,600 outpatients and 285 emergency patients on an average day. The medical center wanted to boost staff productivity and efficiency for patients by upgrading to a reliable, costeffective WLAN and VoIP smartphones for faster access to electronic health records. ASAN Medical Center also wanted to provide Fixed Mobile Convergence (FMC) for staff and Real time Locating Systems (RTLS) for tracing medical equipment on site. ASAN Medical Center rolled out HP Networking WLAN infrastructure over two years. Weve had great local technical support from HP Korea, and we have seen big improvements since using this new solution, said Cheon-Gueon Kim, IT Manager, ASAN Medical Center. With most employees using Wi-Fi phones, laptops, and smartphones, we can access patient data much faster and diagnose treatments than ever before. With HP, ASAN Medical Center has high-quality voice over Wi-Fi. The network also provides fast transfer of data, including images, as well as groupware collaboration. The solution is cost-effective, and provides staff and patients with higher quality care and services with access to patients historical health records. The staff is more productive because they can access key information via smartphones and laptops. And diagnosis and problem solving is as much as two or three times faster than before the WLAN was in place.Additional resourcesConclusionFor more information on HP Networking, visit hp.com/go/networking.When considering how you are going to handle the influx of wireless client devices penetrating your network, you need to consider what security policies you will enforce, how granular do you want to control what network access you may or may not allow. HP FlexNetwork architecture with, FlexManagement provides single pane-of-glass, core-to-edge network control, security, and much more. Intelligent Management Center Unified Access Manager (IMC/UAM) Intelligent Management Center Endpoint Defense (IMC/EAD) Intelligent Management Center Wireless Service Manager (IMC/WSM)HP FlexNetwork Architecture h17007.www1.hp.com/us/en/solutions/flexnetwork/index.aspxSimplify the IT experience Visit http://h17007.www1.hp.com/us/en/solutions/mobility/ index.aspx to understand what Bring Your Own Device can do for yourorganizationASAN Medical Center boosts efficiency for staff and patients with new WLANGet connected hp.com/go/getconnected Get the insider view on tech trends, support alerts, and HP solutions. Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Microsoft is a U.S. registered trademark of Microsoft Corporation. 4AA3-9250ENW, Created March 2012; Updated May 2012, Rev. 1