All medical data transferred and stored must meet DICOM and PACS standards and guidelines.
A Telemedical Remote Office Facility Routed Through a Virtual Private Network
This is the sample design of a telemedicine virtual private network using routers to create
connections for medical data transfer between medical and healthcare remote locations securely
and in accordance with United States HIPAA laws and HL7 telemedicine guidance.
Although dedicated encryption devices are best for setting up encrypted VPNs over the Internet, this project will
use MS Windows VPN to initially set up the VPN network. Cisco router VPN hardware solutions would
be implemented in the future after requirements for license and router upgrades are satisfied.
A VPN amounts to encrypted TCP/IP links between LANs. We can create one using a software-only
product, with software installed on a router or a firewall, or with dedicated encryption hardware.
By using Virtual Private Networks we can secure Internet data transfer. It will make our Internet
communications secure and extend our private network with a virtual private network (VPN) connection.
A VPN connection uses encryption and tunneling to transfer data securely on the Internet to a remote
access VPN server our medical network. Using a VPN will save money by using the public Internet instead
of using direct connections and other more expensive methods of connection (including direct phone calls).
When connecting to the Internet using a dial-up connection, the connection is first with the ISP and then
a VPN connection is made to the private network's VPN server. After the VPN connection is established, we
can access the private network.
When we are already connected to the Internet on a local area network, a cable modem, or DSL (digital subscriber
line) we can make a VPN connection directly to the VPN server.
This design can be accomplished with a broadband VPN router that provides IPsec based virtual private networking
(VPN) (and quality of service arrangements), supporting both two-way real-time video and audio, camera control,
streaming video and access of medical records using the Internet with Cable-modem connections.
This design can be accomplished with a broadband VPN router that provides IPsec based virtual
private networking (VPN) (and quality of service arrangements), supporting both two-way real-time
video and audio, camera control, streaming video and access of medical records using the Internet
with Cable-modem connections
Sample Design Overview
In this telemedicine VPN, the doctor's office is connected through cable-modems. Each location has
one our VPN routers establishing an IPsec tunnel through the Internet linking to a central VPN router
in the nursing home. A portable video cart is connected through a wireless network to this central router.
The VPN is designed as an "overlay network", i.e. using an address space that is distinct from but mapped
to the global IP address space through the use of IP aliases to hosts and tunnels between distant physical
networks. For example, as Figure 1 shows, our telemedicine network uses a "private" IP address space such
as 172.31.0.0/16. Nodes that are only part of that telemedicine network only have addresses in this network.
Nodes that are part of multiple networks have aliases in those networks. Physically distant sub-networks are
connected through IPsec tunnels. The IPsec tunnels are established between VPN routers in a star-topology
with one central VPN router at the nursing home facility and multiple remote VPN routers, one for each
participating physician's home.
A VPN router in the doctor's office has three networks attached: (1) the Internet through the cable-modem,
(2) the office network that is part of the telemedicine VPN, and (3) the physician's private network that
has no route to the VPN.
Packets that travel between the office network and the public Internet are not routed through the tunnel,
which would only add load to the tunnel endpoints and increase the physical path lengths.
The VPN routers are developed as a custom device based on a generic UNIX operating system (FreeBSD 4.2-RELEASE)
and small generic PC compatible hardware.
It was found that it is necessary to configure the pieces of FreeBSD, compile them into a form that is easy to
deploy and maintain, make the pieces play together and deal with bugs and missing features.
A customized network can be developed and deployed without great expense using the methods described. A Microsoft
VPN and FreeBSD are show here but there are many different solutions using various hardware and software combinations
that may be customized. The successful development of this type of network, in addition, requires understanding of
firewalls, network address translation, quality of service, and possible Novel IPX.