Other implementations

Following on from the Silent Hospitals trial to identify noise levels the trust introduced a new IP based nurse call system. This was intended to be a flexible and agile solution that would be plug and play and introduce new patient and staff friendly features, such as voice activation and 2-way voice. As the solution is IP based it would also provide greater access to data and functionality and integrate with EPR, RTLS and third-party systems.

Implementing the nurse call system as digital rather than analogue came with its own issues. Challenges and lessons learned from implementing included:

• The handsets issued required modifications on systems that are antiquated and can potentially clash with pre-existing systems. They required DHCP setting modifications of option 43 which is also sometimes used for the wireless controllers. 
• The nurse call had to be set up on a legacy (unused) IP range to ensure that there were no clashes on our main IP range. This has the potential to cause issues on a wider deployment if the IP range required isn’t available.
• The supplier limits access to some of the server data required for their systems as part of their security processes. As a result the trust has still not deployed part of the infrastructure needed for full rollout of the system. This will require establishing new security policies and practices to protect systems that the trust previously had control over. 

There is also a concern that this could hide important data on how the system is designed and built, potentially disguising aging software and concepts in its design. 

It is vital to have digital and cyber security expertise involved when selecting new technical solutions. This helps identify complex limitations at an earlier stage rather than after installation, when it may be too late to resolve.

NUH deployed a room booking platform as part of the Digital Twin work at the hospital. The capabilities this enabled included:

• a visitor management system and room and desk booking functionality
• environmental monitoring 
• people counting sensors (room occupancy and space utilisation)
• Building Management System (BMS) integration
• asset tracking and management (RTLS)

The room booking solution required the deployment of several IoT devices and room occupancy sensors. This added to the need of specific firewall rules to be established to maintain security and limit the effect of having any of the devices breached in a cyber-attack. 

While working it would be better to place the devices into the IoT network and limit connectivity capability.

It is worth having separate DHCP and DNS servers in a DMZ location to fully isolate IoT ranges from internal networks. 

This implementation is a significant change in network topology and needs input from a cyber security specialist to establish best practice.

Network segmentation is the process of separating a network into multiple segments or subnets to improve performance and security. Network segmentation supports IoT deployments by: 

• allowing IoT devices and sensors to be kept logically separate from other areas of the network 
• allowing for prioritisation of data package
• reducing security threats, for example, by segregating third parties or applying different network posturing and rules for certain users or devices.

This is a well-established approach and has been implemented at Linden Lodge, and Milton Keynes are looking to implement this technology on their network to support future IoT implementations. 

NUH has contracted a supplier to support a segmentation piece as part of the National Rehabilitation Centre (NRC) deployment and had that already been in place it might have affected how some products were deployed.