Keeping Radiation Oncology Networks Up and Running 24/7
Compromises to radiation oncology networks, like attacks by computer worms or other network disruptions, simply can't happen with patient-critical information such as that contained in radiation therapy plans. That's why networks carrying this vital information must rely on multiple fiber paths, switches with primary and secondary backup and uninterruptible power supplies that won't let them down. Redundancy and resiliency are musts.
'Just in case' is key when maintaining a radiation therapy network, as our examples will show. If you aren't convinced that your radiation therapy network requires special configuration, consider this.
Late in 2003, a major cancer treatment center in the United States encountered a severe disruption in service when their enterprise network was infected by a variant of a Microsoft Windows-based computer "worm." The resulting outbreak caused a denial-of-service attack across the campus data network that severely interfered with information systems for several hours, including the network used to provide radiation treatment for their cancer patients, necessitating the rescheduling of those treatments. How did they make sure they wouldn't be "hit" again? This specialized cancer treatment center configured a special network to support their key radiology devices that is strictly protected from being affected by worms or similar network disruption.
Several factors lend urgency to the importance of having the radiation oncology (rad/onc) network fully functional 24/7, even though treatment is not administered all of those hours. A typical patient receives this highly complex and exacting treatment every day, five days a week for six weeks, although that varies depending on the treatment plan for a particular type of cancer. The treatment planning systems and simulators require nightly back up by the IT department, usually accomplished during the hours when patients are not being treated.
The network pathway begins at the imaging modality used to define the tumor volume and shape, usually a computed tomography scanner. From there, digital images move often through a server to the radiation therapy planning station where physicians, medical physicists and other staff design appropriate treatment parameters, to the linear accelerator (linac) where the radiation beam is delivered to the tumor site and surrounding tissues. Record and verify activity as well as portal imaging to document the treatment delivered round out the rad/onc pathways. Exquisite pinpoint accuracy is critical to target cancerous cells while sparing normal tissues as much as possible.
Shawn McNeeley, medical physicist at Fox Chase Cancer Center in Philadelphia, explains that IMRT (intensity modulated radiation therapy) requires between 40 and 140 separate, individual radiation fields to be downloaded onto the linear accelerator to provide the appropriate treatment devised by the physician, dosimetrist and medical physicist."We're totally dependent on the server and record and verify system to provide the linac with the configuration for doing the treatment," McNeeley says. "Without that, we're dead in the water."Case studies presented here describe how the IT and healthcare professionals of three major cancer centers ensure that their network is always up and running.
Fox Chase Cancer Center in Philadelphia
Robert Gaul, director of voice and data communications, across this three-building enterprise explains their basic networking guidelines direct that any portion of the network infrastructure considered "mission critical" involves up-front design of some amount of redundancy and resiliency.
"Whenever possible, we have configured multiple network paths between critical data hubs or closets," says Gaul. "Our core network closets have multiple fiber paths between them and most of our switches have a primary and a backup or secondary up-link," says Gaul. All mission-critical data closets have UPSs (uninterruptible power supplies) which are connected to emergency power." In the event of a loss of electrical power, back-up generators maintain continuous service.
Fox Chase's Medical Physicist McNeeley explains that they have designed dedicated pathways between treatment delivery components. Data generated by imaging modalities (usually CT) are sent to a record and verify system controlled by a single server. Communication between that server and the linacs is accomplished over a dedicated fiber-optic line that is isolated onto its own sub-net. They've identified mission-critical computers and isolated them onto a separate network with a different IP address.
In addition, they use hot-swappable hard drives on their high-end server to insure minimal downtime. Spare computers are configured to use in the eventuality that a computer on one of the linacs goes down, to provide a "plug and play" capability. This means that if a component of their system were to fail, they are able to replace parts without having to take the system down.
Fred Wittenberg, senior network engineer, explains that each of the three buildings containing components of radiation oncology, which are connected by their network, is protected behind a switch. The switches are connected via fiber to one another on a separate path that does not touch their basic production network. In other words, the radiation oncology equipment is on a completely separate segment of the network, with a different address base from the primary backbone. In the event of a catastrophic problem on the main Fox Chase network, rad/onc functioning networks are capable of being run independently.
"If Fox Chase's network goes down completely or is infected by a virus, we can pull the plug and their network is completely disconnected physically," says Wittenberg. In the meantime, radiation therapy continues.
The University of Texas M.D. Anderson Cancer Center in Houston
This cancer treatment center has incorporated several components into its system to insure continuous function of their rad/onc activities.
Erdal Sipahi, manager of systems analyst services, explains that they gather tumor information via multislice CT scans and then transfer the digital images to one of their three treatment planning systems.
"At that point, the clinicians work together, the dosimetrist or physicist with the physician, to further define and optimize the treatment plan," says Sipahi. Once the plan is delineated, the beam information is transferred to the treatment delivery management center (by Impac Medical Systems) that includes patient information from the electronic medical record.
The treatment delivery management center, in turn, interfaces with the linac control system to enable the prescribed radiation dose to be verified, delivered and recorded.
Craig Wright, director of information services, for radiation oncology describes their core network as fully redundant with 1 Gigabit links for all of the core devices and between buildings. All of the treatment systems reside on one sub-net, and all of the information systems not related to patient treatment occupy another segment of their network. This configuration provides a much higher bandwidth and reduces the possibility of a virus or other threat intrusion into the treatment environment.
"We also use firewall technology on the front-end of our patient treatment systems, that disallows any intrusion of viruses, spyware, or spam," says Wright. "And we are making some additional changes that will disallow anyone at a patient delivery system to access any portion of any other part of the network other than for the typical types of service requirements."
The concern rises from having close to 100 non-treatment, non-planning components on the network, which increases opportunities for introducing contaminants from the outside world onto the treatment network.
Wright describes that their front-end firewall protection begins at the desktop level, where they use Trend Micro as the network antivirus and internet content security software. Additionally, he recommends an external checkpoint firewall be deployed on the edge of the network, because it enables full manageability while simultaneously disallowing viruses or other problems to be moved between sub-nets.
In addition to their physical networks, M.D. Anderson uses wireless technology with computers on wheels (cows) that can be moved from place to place and used for documenting patient care. Wright says the redundant nature of the environment allows them to provide portable services across a number of capabilities.
"We follow an institutional standard that allows us to take advantage of economies of scale, and also to follow the standards used for compliance with HIPAA regulations," Wright says.
Memorial Sloan-Kettering Cancer Center in New York City
With their primary data center located in New Jersey, and a total of six cancer treatment centers, Memorial Sloan-Kettering Cancer Center's network features T3 connections throughout, used to treat their 500 patients per day.
The CT images, used to define the target area, are transferred to a centralized server in New Jersey, according to Gig Mageras, PhD, attending physicist in the department of medical physics, to make them accessible to the one of numerous treatment planning workstations.
Once the treatment plan is completed, including total dose, the number of fractional doses, quantity of dose per fraction and anatomic structures such as patient organs, the information for setting up the radiation treatment system and verifying it is transferred into an information management system - VARiS Vision by Varian Medical Systems.
To address important issues in data management, the IT department is involved in a works-in-progress approach that is scheduled to "go live" later this year.
Michael R. Sullivan, manager of radiation oncology systems, explains their use of a data replication tool called Double-Take from NSI Software. He describes Double-Take as a pseudo-clustering system.
Using this system, real-time data replication from the primary server to a back-up server is enabled. Staff can use the primary server without interruption, and there is no requirement for load-balancing from one server to the other.
"The secondary server can support daily backup, so you don't have to take the primary server down or out of use at any point during the day," Sullivan explains. Because they treat patients from 7:00 a.m. until 10:00 p.m. weekdays, and they have several system maintenance processes that require server involvement, they found they had a small window of opportunity to accomplish nightly back-up routines.
Additionally, this system will allow them to take the primary server down, switch staff to the back-up system, and use the primary system to upgrade or add maintenance software to the primary system. Once those tasks are accomplished, they can return to the primary server to drive operations.
Returning to a discussion of Double-Take's capabilities, Sullivan says, "You can have multiple backup servers and geography means nothing, so long as the servers are connected on the same virtual network. We'll also use Double-Take to replicate our primary server to our disaster recovery server located in another state."
Double-Take works at the file system level by continually monitoring changes to open files to reduce exposure to data loss. Only byte-level changes are replicated over standard IP connections, so data are always protected and available across any distance. Other systems move entire disk blocks, which require a greater proportion of bandwidth that may affect network and server performance. But this approach to replication allows IT professionals to allocate resources and bandwidth more effectively.
Conclusion
Given the importance of radiation therapy to the management of cancer patients, constant network availability assumes top priority. IT professionals involved in managing this critical resource must design a system that enables continual function. M.D. Anderson's Wright offers two vital pieces of advice:
- Segment your network to separate your patient treatment systems and planning systems away from your non-treatment and planning systems.
- Provide firewall protection for your system from the desktop and externally.