CARESCAPE
CARESCAPE B850
CARESCAPE Monitor B850 Addendum to Service Manual Networking disclosure June 2018
Addendum to Service Manual
16 Pages
Preview
Page 1
GE Healthcare
Addendum for CARESCAPE Monitor B850 service manual Networking disclosure to facilitate network risk management
Addendum for CARESCAPE Monitor B850 service manual English 2106778-008 paper © 2018 General Electric Company. All rights reserved.
Due to continuing product innovation, specifications in this manual are subject to change without notice. For technical documentation purposes, the abbreviation GE is used for the legal entity names, GE Medical Systems Information Technologies, Inc. and GE Healthcare Finland Oy.
2
Addendum for CARESCAPE Monitor B850 service manual
2106778-008 2018-06-19
Contents Purpose and scope ... 5 Purpose of the CARESCAPE Monitor B850 connection to a network... 5 CARESCAPE Monitor B850 network interface technical specifications ... 5 Network information flows... 6 Required characteristics and configuration of the network for support of the CARESCAPE Monitor B850... 12 Potential risks to safety, effectiveness, or security resulting from failure of IT network to provide the required characteristics ... 12
2106778-008
Addendum for CARESCAPE Monitor B850 service manual
3
4
Addendum for CARESCAPE Monitor B850 service manual
2106778-008
Purpose and scope This disclosure provides manufacturer’s instructions for connecting the CARESCAPE Monitor B850 to the responsible organization’s IT network. It is intended to satisfy the requirements of IEC 60601-1:2012 clause 14.13 and IEC/ISO 80001-1:2010 clause 3.5 for disclosure of network-related specifications, requirements, and residual risks in order to facilitate the responsible organization’s risk management activities (e.g., pursuant to 80001-1) for their networks incorporating the CARESCAPE Monitor B850.
Purpose of the CARESCAPE Monitor B850 connection to a network The CARESCAPE Monitor B850 is intended to be connected to a network in order to support the following functionality: ●
Providing real-time patient data (such as parameters, waveforms and alarms) to compatible network devices such as central stations or other bedside monitors.
●
Remote viewing of 12SL ECG reports at compatible network devices.
●
Remote configuration (patient admission, alarm settings, etc.) from compatible network devices.
●
Remote service diagnostics and configuration (Webmin/InSite).
●
Printing to a compatible network printer.
●
Acting as a Citrix client for network access to applications on remote Citrix servers.
CARESCAPE Monitor B850 network interface technical specifications Connection Name 1
Mission critical (MC) network port - S/5 network port
Physical network connection type
IEEE 802.3-1998 10/100BaseT Ethernet
Speeds and duplex modes supported
10 Mbps half (default) and full duplex, 100 Mbps half and full duplex, Autonegotiate
Default IP Address (from factory)
MC: IP address - 172.16.x.y NOTE: x and y are equal to the last two octets of the MAC address. Subnet mask - 255.255.0.0 Gateway - 172.16.254.254
2106778-008
IP Addressing
MC: IPV4 Static S/5: Virtual Plug ID
QoS Support
IP layer DSCP tagging
Addendum for CARESCAPE Monitor B850 service manual
5
Connection Name 2
Information exchange (IX) network port
Physical network connection type
IEEE 802.3-1998 10/100BaseT Ethernet
Speeds and duplex modes supported
10 Mbps half (default) and full duplex, 100 Mbps half and full duplex, Autonegotiate
Default IP Address (from factory)
IP address - 172.18.x.y NOTE: x and y are equal to the last two octets of the MAC address. Subnet mask - 255.255.0.0 Gateway - 172.18.254.254
IP Addressing
IPv4 Static (default) or DHCP
QoS Support
No Markings
Network information flows Flow Name 1
Unity Services
Network Connection on device
MC network
Usage Type Function
Clinical
Purpose
Transmit clinical data to other devices on the network
Licensed/optional/required
Licensed
Communication Partner Device/IP Address/Network
Unity Devices/MC Network
Middle Layer Protocols
UDP
Application Layer Protocol and Encoding
Unity
Ports
Standard Unity ports
Traffic characterization and Bandwidth Requirements
Periodic traffic. Incoming unicast traffic is approximately 50 Kbps if viewing a remote bed. Outgoing unicast traffic is approximately 50 Kbps per patient view. Outgoing broadcast traffic is small (< 0.7 Kbps).
Waveforms, parameters, alarms
Maximum of 1024 views supported on wired network.
6
Latency max
250 ms
Flow Name 1
S5 Network
Network Connection on device
MC – S5 network
Usage Type Function
Clinical
Purpose
Transmit clinical data to other iCentral devices
Waveforms, parameters, alarms
Addendum for CARESCAPE Monitor B850 service manual
2106778-008
2106778-008
Flow Name 1
S5 Network
Licensed/optional/required
Licensed
Communication Partner Device/IP Address/Network
iCentral
Middle Layer Protocols
DRI
Application Layer Protocol and Encoding
DRI
Traffic characterization and Bandwidth Requirements
Variable
Flow Name 2
InSite RSvP
Network Connection on device
IX Network
Usage Type
Device servicing
Function
GEHC remote service
Purpose
Device health status notification
Licensed/optional/required
Optional (user can disable service)
Communication Partner Device/IP Address/Network
InSite RSvP Server/https://us1-ws.service.gehealthcare.com/Internet, GE VPN
Middle Layer Protocols
TCP
Application Layer Protocol and Encoding
HTTPS/128 bit SSL
Ports
443
Traffic characterization and Bandwidth Requirements
Periodic (4kbytes/minute)
Flow Name 3
InSite RSvP Tunnel
Network Connection on device
IX Network
Usage Type Function
Device servicing GEHC remote service
Purpose
Device health status notification
Licensed/optional/required
Optional (user can disable service)
Communication PartnerDevice/IP Address/Network
InSite RSvP Server/https://us1-rd.service.gehealthcare.com/Internet, GE VPN
Middle Layer Protocols
TCP
Application Layer Protocol and Encoding
HTTPS/128 bit SSL
Ports
443
Traffic characterization and Bandwidth Requirements
Periodic (4kbytes/minute)
On-Demand (file transfers)
On-Demand (file transfers)
Addendum for CARESCAPE Monitor B850 service manual
7
8
Flow Name 4
HTTP/HTTPS proxies
Network Connection on device
IX Network
Usage Type/Function/Purpose
Network Services/InSite RSvP
Licensed/optional/required
Optional (user can disable InSite RSvP) and only necessary if hospital requires HTTP/HTTPS proxy for Internet access.
Communication Partner Device/IP Address/Network
Proxy server/Hospital
Middle Layer Protocols
TCP
Application Layer Protocol and Encoding
HTTP/HTTPS
Ports
Customer defined
Traffic characterization and Bandwidth Requirements
Periodic (4kbytes/minute)
Flow Name 5
Webmin
Network Connection on device
IX Network
Usage Type/Function/Purpose
Device servicing/Hospital biomed service
Licensed/optional/required
Required
Communication Partner Device/IP Address/Network
PC/IX, Hospital Network
Middle Layer Protocols
TCP
Application Layer Protocol and Encoding
HTTPS/AES-256
Ports
10000
Traffic characterization and Bandwidth Requirements
On-demand, user-initiated/varies by usage
Flow Name 6
Ping – Hospital Network
Network Connection on device
IX Network
Usage Type/Function/Purpose
Device servicing/Network troubleshooting (IX only)
Licensed/optional/required
Required
Communication Partner Device/IP Address/Network
PC, Other Medical Devices/Hospital Network
Middle Layer Protocols
ICMP
Application Layer Protocol and Encoding
N/A
On-Demand (file transfers)
Addendum for CARESCAPE Monitor B850 service manual
2106778-008
2106778-008
Flow Name 6
Ping – Hospital Network
Ports
N/A
Traffic characterization and Bandwidth Requirements
On-demand, user-initiated/64bytes/sec for any requested ping request, only one ping request can be run at a time, multiple requests could be received from other devices.
Flow Name 7
Ping – IX Network
Network Connection on device
IX Network
Usage Type/Function/Purpose
Device servicing/Network troubleshooting (IX only)
Licensed/optional/required
Required
Communication Partner Device/IP Address/Network
PC, Other Medical Devices/IX Network
Middle Layer Protocols
ICMP
Application Layer Protocol and Encoding
N/A
Ports
N/A
Traffic characterization and Bandwidth Requirements
On-demand, user-initiated/64bytes/sec for any requested ping request, only one ping request can be run at a time, multiple requests could be received from other devices.
Flow Name 8
Ping – MC Network
Network Connection on device
MC Network
Usage Type/Function/Purpose
Device servicing/Network troubleshooting (MC only)
Licensed/optional/required
Required
Communication Partner Device/IP Address/Network
PC, Other Medical Devices/MC Network
Middle Layer Protocols
ICMP
Application Layer Protocol and Encoding
N/A
Ports
N/A
Traffic characterization and Bandwidth Requirements
On-demand, User-initiated/64bytes/sec for any requested ping request, only one ping request can be run at a time, multiple requests could be received from other devices.
Flow Name 9
Software Transfer
Network Connection on device
IX Network
Usage Type/Function/Purpose
Device servicing/perform software upgrades
Licensed/optional/required
Required
Addendum for CARESCAPE Monitor B850 service manual
9
10
Flow Name 9
Software Transfer
Communication Partner Device/IP Address/Network
PC/IX Network
Middle Layer Protocols
TCP
Application Layer Protocol and Encoding
HTTP
Ports
10001
Traffic characterization and Bandwidth Requirements
On-demand. Approximately 100 MB of software download at low priority and very infrequently.
Flow Name 10
View 12SL from MUSE
Network Connection on device
IX Network
Usage Type
Clinical
Function
Retrieving
Purpose
Displaying 12SL reports
Licensed/optional/required
Licensed/Optional
Communication Partner Device/IP Address/Network
Muse Server/Hospital
Middle Layer Protocols
TCP
Application Layer Protocol and Encoding
HTTP
Ports
80
Traffic characterization and Bandwidth Requirements
On-demand, user initiated, from 500 KB to 1 MB.
Flow Name 11
Printing
Network Connection on device
IX Network
Usage Type/Function/Purpose
Clinical
Licensed/optional/required
Required
Communication Partner Device/IP Address/Network
Networked printer/IX Network
Middle Layer Protocols
UDP/TCP
Application Layer Protocol and Encoding
IPP
Ports
80,631
Traffic characterization and Bandwidth Requirements
On-demand, user initiated
Addendum for CARESCAPE Monitor B850 service manual
2106778-008
2106778-008
Flow Name 12
DNS
Network Connection on device
IX Network
Usage Type/Function/Purpose
Network services/Domain name resolution
Licensed/optional/required
Required
Communication Partner Device/IP Address/Network
DNS server/Hospital network
Middle Layer Protocols
UDP
Application Layer Protocol and Encoding
DNS
Ports
53
Traffic characterization and Bandwidth Requirements
Sporadic
Flow Name 13
DHCP
Network Connection on device
IX Network
Usage Type/Function/Purpose
Network services/Dynamic address assignment
Licensed/optional/required
Required
Communication Partner Device/IP Address/Network
Networked printer/Hospital network
Middle Layer Protocols
UDP/TCP
Application Layer Protocol and Encoding
DHCP
Ports
67,68
Traffic characterization and Bandwidth Requirements
Sporadic
Flow Name 14
Citrix ICA
Network Connection on device
IX Network
Usage Type/Function/Purpose
Clinical/Connection to Citrix Server
Licensed/optional/required
Licensed/Optional
Communication Partner Device/IP Address/Network
Citrix server/Hospital network
Middle Layer Protocols
TCP
Application Layer Protocol and Encoding
Citrix ICA
Ports
Customer defined (default 1494)
Traffic characterization and Bandwidth Requirements
On-demand, user initiated
Addendum for CARESCAPE Monitor B850 service manual
11
Flow Name 15
ADT
Network Connection on device
IX Network
Usage Type/Function/Purpose
Clinical/Connection to ADT Server
Licensed/optional/required
Optional
Communication Partner Device/IP Address/Network
ADT Server
Middle Layer Protocols
TCP
Application Layer Protocol and Encoding
ADT
Ports
11111
Traffic characterization and Bandwidth Requirements
On-demand, user initiated
Required characteristics and configuration of the network for support of the CARESCAPE Monitor B850 The network must meet the specific requirements identified in the network information flows described in this document for all traffic flows associated with the subset of features, use cases and workflows required by the responsible organization’s users.
Potential risks to safety, effectiveness, or security resulting from failure of IT network to provide the required characteristics Loss of network connectivity can result in the following hazardous situations: ●
Missed alarm at a remote viewing station (bedside or display)
●
Complete or partial loss or deterioration of remote monitoring of waveform and parameter data at remote viewing device
Device mitigations:
12
●
Low alarm volume is increased if network communication fails.
●
Audio off, audio pause, and sleep states are interrupted if network communication fails.
●
User is notified of network communication failure. A message is displayed until the user acknowledges it.
●
User is notified if a duplicate IP address is detected.
●
User is notified if a duplicate unit or bed name is detected.
Addendum for CARESCAPE Monitor B850 service manual
2106778-008
WARNING
BEFORE INSTALLATION. Compatibility is critical to safe and effective use of this device. Please contact your local sales or service representative prior to installation to verify system compatibility.
WARNING
INTERFACING OTHER EQUIPMENT. Connect only items that are specified as part of the system and as compatible. For more information, see the supplemental information provided.
In addition to the hazardous situations identified in this section, connection of the CARESCAPE Monitor B850 to a network that includes other equipment could result in other unidentified risks to patients, operators, or third parties. The responsible organization should identify, analyze, evaluate and control these risks on an ongoing basis, including after changes to the network such as these listed, which could introduce new risks and require additional analysis: ●
Changing the network configuration.
●
Connecting additional items to the network.
●
Disconnecting items from the network.
●
Updating equipments connected to the network.
●
Upgrading equipments connected to the network.
If you have enabled the Visit Number Query to the ADT server, the medical record number, the last name of the patient, or the last and first names of the patient are sent over the IX network.
2106778-008
Addendum for CARESCAPE Monitor B850 service manual
13
14
Addendum for CARESCAPE Monitor B850 service manual
2106778-008
content