TriHealth's VPN, when completed later this year, will connect its 80 affiliate physicians' offices and hospitals in Cincinnati, Kentucky and Indiana. The latest addition to the network is the Cisco Systems VPN 3002 Hardware Client box, an alternative to installing VPN software on PCs at remote sites. TriHealth is placing 3002s at the edge of each of its physician and hospital sites, replacing remote routers. The hardware VPN client comes packaged with security features included in the HIPAA regs, such as 3DES. TriHealth runs Cisco 3030 VPN Concentrators, also HIPAA-compliant, in its data center.
HIPAA or not, TriHealth needed to replace its old, private frame relay network with a secure VPN. The frame relay WAN became too costly and slow to support the company's remote offices, especially with applications like imaging on the horizon. A TriHealth radiologist, for instance, now can download 20 images in one minute from his or her cable modem-outfitted office on the VPN, rather than drive to the hospital to view X-ray and MRI images.
"A large frame relay network between Cisco 1600 routers and 7000s worked fine. But now that we're getting into imaging for radiology, 128-Kbps frame relay just doesn't do it," says John Mettey, network administrator for TriHealth. The VPN also has shaved the time to connect TriHealth's transcriptionists to the VPN from nearly eight minutes to 20 seconds.
In addition to running the IPsec 3DES encryption that comes with the 3002s and 3030 concentrators, TriHealth has its own RSA Security Keon certificate-authority server for doling out digital IDs that prove a node is legitimate and RSA's SecurID for authenticating users. HIPAA doesn't dictate which security protocols to use -- it offers a menu of technologies for handling authentication and encryption requirements. "Even without HIPAA, we would still be using the highest level of encryption we could for this data," Mettey says.
Each TriHealth physician's office has a cable modem or DSL connection to the VPN, and Mettey's network team can remotely configure VPN policies for users at each site from the CiscoWorks management platform at TriHealth's data center. "The Cisco 3002 is configured remotely with a browser and managed using HP OpenView and CiscoWorks 2000," Mettey says.
Meanwhile, the only catch with the 3002 is that it doesn't support TriHealth's legacy IPX traffic. "If you want to send IPX traffic, you have to dial the Cisco 5300 via modem, and it's very slow," Mettey says. But only four of TriHealth's 40 Novell NetWare servers run IPX-only -- the others are IP-aware NetWare 5.1 -- so it's not a major problem, he says. TriHealth is considering Citrix Systems MetaFrame servers and clients to handle the IPX traffic. "That way, the MetaFrame server talks IPX to the local Novell 3.2 server, and the MetaFrame sends screen images via IP through the VPN," he says.
TriHealth also is looking into adding IP phones to the network for some of its out-of-state sites that could place voice calls for free over the VPN. All 80 sites will be on the VPN by the fall, and TriHealth will monitor bandwidth usage to determine if its 1-Mbps Internet connection that can burst to 3 Mbps is enough to support the imaging applications, Mettey says.
REPORTS
ANALYTICS
Follow 
