Addendum
14 Pages
Preview
Page 1
GE Healthcare
Addendum for CARESCAPE Monitor B850 technical manual Networking disclosure to facilitate network risk management
Addendum for CARESCAPE Monitor B850 technical manual English 2062978-001 DVD, 2062978-002 DVD (510k) 2062973-014 paper © 2013 General Electric Company. All rights reserved.
Due to continuing product innovation, specifications in this manual are subject to change without notice. For technical documentation purposes, the abbreviation GE is used for the legal entity names, GE Medical Systems Information Technologies, Inc. and GE Healthcare Finland Oy.
2
Addendum for CARESCAPE Monitor B850 technical manual
2062973-014 11 September 2013
Contents Purpose and scope ... 5 Purpose of the CARESCAPE Monitor B850 connection to a network ... 5 CARESCAPE Monitor B850 network interface technical specifications ... 5 Network information flows... 6 Required characteristics and configuration of the network for support of the CARESCAPE Monitor B850... 12 Potential risks to safety, effectiveness, or security resulting from failure of IT network to provide the required characteristics ... 12
2062973-014
Addendum for CARESCAPE Monitor B850 technical manual
3
4
Addendum for CARESCAPE Monitor B850 technical manual
2062973-014
Purpose and scope This disclosure is intended to satisfy the requirements of IEC 60601-1:2005 clause 14.13 and IEC/ISO 80001-1:2010 clause 3.5 for disclosure of network-related specifications, requirements, and residual risks in order to facilitate the responsible organization’s risk management activities (e.g., pursuant to 80001-1) for their networks incorporating the CARESCAPE Monitor B850.
Purpose of the CARESCAPE Monitor B850 connection to a network The CARESCAPE Monitor B850 is intended to be connected to a network in order to support the following functionality: ●
Providing real-time patient data (such as parameters, waveforms and alarms) to compatible network devices such as central stations or other bedside monitors.
●
Remote viewing of 12SL ECG reports at compatible network devices.
●
Remote configuration (patient admission, alarm settings, etc.) from compatible network devices.
●
Remote service diagnostics and configuration (Webmin/InSite).
●
Printing to a compatible network printer.
●
Acting as a Citrix client for network access to applications on remote Citrix servers.
CARESCAPE Monitor B850 network interface technical specifications Connection Name 1
Mission critical (MC) network port - S/5 network port
Physical network connection type
IEEE 802.3-1998 10/100BaseT Ethernet
Speeds and duplex modes supported
10 Mbps half and full duplex, 100 Mbps half and full duplex, Autonegotiate (default)
Default IP Address (from factory)
MC: IP address - 172.16.x.y NOTE: x and y are equal to the last two octets of the MAC address. Subnet mask - 255.255.0.0 Gateway - 172.16.254.254
IP Addressing
MC: IPV4 Static S/5: Virtual Plug ID
2062973-014
QoS Support
IP layer DSCP tagging
Connection Name 2
Information exchange (IX) network port
Physical network connection type
IEEE 802.3-1998 10/100BaseT Ethernet
Speeds and duplex modes supported
10 Mbps half and full duplex, 100 Mbps half and full duplex, Autonegotiate (default)
Addendum for CARESCAPE Monitor B850 technical manual
5
Connection Name 2
Information exchange (IX) network port
Default IP Address (from factory)
IP address - 172.18.x.y NOTE: x and y are equal to the last two octets of the MAC address. Subnet mask - 255.255.0.0 Gateway - 172.18.254.254
IP Addressing
IPv4 Static (default) or DHCP
QoS Support
No Markings
Network information flows Flow Name 1
Unity Services
Network Connection on device
MC network
Usage Type
Clinical
Function
Waveforms, parameters, alarms
Purpose
Transmit clinical data to other devices on the network
Licensed/optional/required
Licensed
Communication Partner Device/IP Address/Network
Unity Devices/MC Network
Middle Layer Protocols
UDP
Application Layer Protocol and Encoding
Unity
Ports
Standard Unity ports
Traffic characterization and Bandwidth Requirements
Periodic traffic. Incoming unicast traffic is approximately 50 Kbps if viewing a remote bed. Outgoing unicast traffic is approximately 50 Kbps per patient view. Outgoing broadcast traffic is small (< 0.7 Kbps). Maximum of 1024 views supported on wired network.
6
Latency max
250 ms
Flow Name 1
S5 Network
Network Connection on device
MC – S5 network
Usage Type Function
Clinical
Purpose
Transmit clinical data to other iCentral devices
Licensed/optional/required
Licensed
Communication Partner Device/IP Address/Network
iCentral
Middle Layer Protocols
DRI
Waveforms, parameters, alarms
Addendum for CARESCAPE Monitor B850 technical manual
2062973-014
2062973-014
Flow Name 1
S5 Network
Application Layer Protocol and Encoding
DRI
Traffic characterization and Bandwidth Requirements
Variable
Flow Name 2
InSite ExC
Network Connection on device
IX Network
Usage Type
Device servicing
Function
GEHC remote service
Purpose
Device health status notification
Licensed/optional/required
Optional (user can disable service)
Communication Partner Device/IP Address/Network
InSite ExC Server/https://us1-ws.service.gehealthcare.com/Internet, GE VPN
Middle Layer Protocols
TCP
Application Layer Protocol and Encoding
HTTPS/128 bit SSL
Ports
443
Traffic characterization and Bandwidth Requirements
Periodic (4kbytes/minute) On-Demand (file transfers)
Flow Name 3
InSite ExC Tunnel
Network Connection on device
IX Network
Usage Type
Device servicing
Function
GEHC remote service
Purpose
Device health status notification
Licensed/optional/required
Optional (user can disable service)
Communication PartnerDevice/IP Address/Network
InSite ExC Server/https://us1-rd.service.gehealthcare.com/Internet, GE VPN
Middle Layer Protocols
TCP
Application Layer Protocol and Encoding
HTTPS/128 bit SSL
Ports
443
Traffic characterization and Bandwidth Requirements
Periodic (4kbytes/minute)
Flow Name 4
HTTP/HTTPS proxies
Network Connection on device
IX Network
Usage Type/Function/Purpose
Network Services/InSite ExC
On-Demand (file transfers)
Addendum for CARESCAPE Monitor B850 technical manual
7
8
Flow Name 4
HTTP/HTTPS proxies
Licensed/optional/required
Optional (user can disable InSite ExC) and only necessary if hospital requires HTTP/HTTPS proxy for Internet access.
Communication Partner Device/IP Address/Network
Proxy server/Hospital
Middle Layer Protocols
TCP
Application Layer Protocol and Encoding
HTTP/HTTPS
Ports
Customer defined
Traffic characterization and Bandwidth Requirements
Periodic (4kbytes/minute)
Flow Name 5
Webmin
Network Connection on device
IX Network
Usage Type/Function/Purpose
Device servicing/Hospital biomed service
Licensed/optional/required
Required
Communication Partner Device/IP Address/Network
PC/IX, Hospital Network
Middle Layer Protocols
TCP
Application Layer Protocol and Encoding
HTTPS/AES-256
Ports
10000
Traffic characterization and Bandwidth Requirements
On-demand, user-initiated/varies by usage
Flow Name 6
Ping – Hospital Network
Network Connection on device
IX Network
Usage Type/Function/Purpose
Device servicing/Network troubleshooting (IX only)
Licensed/optional/required
Required
Communication Partner Device/IP Address/Network
PC, Other Medical Devices/Hospital Network
Middle Layer Protocols
ICMP
Application Layer Protocol and Encoding
N/A
Ports
N/A
Traffic characterization and Bandwidth Requirements
On-demand, user-initiated/64bytes/sec for any requested ping request, only one ping request can be run at a time, multiple requests could be received from other devices.
On-Demand (file transfers)
Addendum for CARESCAPE Monitor B850 technical manual
2062973-014
2062973-014
Flow Name 7
Ping – IX Network
Network Connection on device
IX Network
Usage Type/Function/Purpose
Device servicing/Network troubleshooting (IX only)
Licensed/optional/required
Required
Communication Partner Device/IP Address/Network
PC, Other Medical Devices/IX Network
Middle Layer Protocols
ICMP
Application Layer Protocol and Encoding
N/A
Ports
N/A
Traffic characterization and Bandwidth Requirements
On-demand, user-initiated/64bytes/sec for any requested ping request, only one ping request can be run at a time, multiple requests could be received from other devices.
Flow Name 8
Ping – MC Network
Network Connection on device
MC Network
Usage Type/Function/Purpose
Device servicing/Network troubleshooting (MC only)
Licensed/optional/required
Required
Communication Partner Device/IP Address/Network
PC, Other Medical Devices/MC Network
Middle Layer Protocols
ICMP
Application Layer Protocol and Encoding
N/A
Ports
N/A
Traffic characterization and Bandwidth Requirements
On-demand, User-initiated/64bytes/sec for any requested ping request, only one ping request can be run at a time, multiple requests could be received from other devices.
Flow Name 9
Software Transfer
Network Connection on device
IX Network
Usage Type/Function/Purpose
Device servicing/perform software upgrades
Licensed/optional/required
Required
Communication Partner Device/IP Address/Network
PC/IX Network
Middle Layer Protocols
TCP
Application Layer Protocol and Encoding
HTTP
Addendum for CARESCAPE Monitor B850 technical manual
9
10
Flow Name 9
Software Transfer
Ports
10001
Traffic characterization and Bandwidth Requirements
On-demand. Approximately 100 MB of software download at low priority and very infrequently.
Flow Name 10
View 12SL from MUSE
Network Connection on device
IX Network
Usage Type
Clinical
Function
Retrieving
Purpose
Displaying 12SL reports
Licensed/optional/required
Licensed/Optional
Communication Partner Device/IP Address/Network
Muse Server/Hospital
Middle Layer Protocols
TCP
Application Layer Protocol and Encoding
HTTP
Ports
80
Traffic characterization and Bandwidth Requirements
On-demand, user initiated, from 500 KB to 1 MB.
Flow Name 11
Printing
Network Connection on device
IX Network
Usage Type/Function/Purpose
Clinical
Licensed/optional/required
Required
Communication Partner Device/IP Address/Network
Networked printer/IX Network
Middle Layer Protocols
UDP/TCP
Application Layer Protocol and Encoding
IPP
Ports
80,631
Traffic characterization and Bandwidth Requirements
On-demand, user initiated
Flow Name 12
DNS
Network Connection on device
IX Network
Usage Type/Function/Purpose
Network services/Domain name resolution
Licensed/optional/required
Required
Communication Partner Device/IP Address/Network
DNS server/Hospital network
Addendum for CARESCAPE Monitor B850 technical manual
2062973-014
2062973-014
Flow Name 12
DNS
Middle Layer Protocols
UDP
Application Layer Protocol and Encoding
DNS
Ports
53
Traffic characterization and Bandwidth Requirements
Sporadic
Flow Name 13
DHCP
Network Connection on device
IX Network
Usage Type/Function/Purpose
Network services/Dynamic address assignment
Licensed/optional/required
Required
Communication Partner Device/IP Address/Network
Networked printer/Hospital network
Middle Layer Protocols
UDP/TCP
Application Layer Protocol and Encoding
DHCP
Ports
67,68
Traffic characterization and Bandwidth Requirements
Sporadic
Flow Name 14
Citrix ICA
Network Connection on device
IX Network
Usage Type/Function/Purpose
Clinical/Connection to Citrix Server
Licensed/optional/required
Licensed/Optional
Communication Partner Device/IP Address/Network
Citrix server/Hospital network
Middle Layer Protocols
TCP
Application Layer Protocol and Encoding
Citrix ICA
Ports
Customer defined (default 1494)
Traffic characterization and Bandwidth Requirements
On-demand, user initiated
Addendum for CARESCAPE Monitor B850 technical manual
11
Required characteristics and configuration of the network for support of the CARESCAPE Monitor B850 The network must meet the specific requirements identified in the network information flows described in this document for all traffic flows associated with the subset of features, use cases and workflows required by the responsible organization’s users.
Potential risks to safety, effectiveness, or security resulting from failure of IT network to provide the required characteristics Loss of network connectivity can result in the following hazardous situations: Missed alarm at a remote viewing station (bedside or display) ● Complete or partial loss or deterioration of remote monitoring of waveform and parameter data at remote viewing device ●
Device mitigations: ● ● ● ● ●
Low alarm volume is increased if network communication fails. Audio off, audio pause, and sleep states are interrupted if network communication fails. User is notified of network communication failure. A message is displayed until the user acknowledges it. User is notified if a duplicate IP address is detected. User is notified if a duplicate unit or bed name is detected.
WARNING
- BEFORE INSTALLATION - Compatibility is critical to safe and effective use of this device. Please contact your local sales or service representative prior to installation to verify equipment compatibility.
WARNING
- INTERFACING OTHER EQUIPMENT - Connect only items that are specified as part of the system and as compatible. For more information, see the CARESCAPE Modular Monitors Supplemental Information Manual.
In addition to the hazardous situations identified in this section, connection of the CARESCAPE Monitor B850 to a network that includes other equipment could result in other unidentified risks to patients, operators, or third parties. The responsible organization should identify, analyze, evaluate and control these risks on an ongoing basis, including after changes to the network such as these listed, which could introduce new risks and require additional analysis: ● ● ● ● ●
12
Changing the network configuration. Connecting additional items to the network. Disconnecting items from the network. Updating equipments connected to the network. Upgrading equipments connected to the network.
Addendum for CARESCAPE Monitor B850 technical manual
2062973-014
content
Headquarters
Asia Headquarters
GE Healthcare Finland Oy
GE Medical Systems
GE Medical Systems
Kuortaneenkatu 2
Information Technologies, Inc.
Information Technologies Asia; GE (China) Co., Ltd.
FI-00510 Helsinki
8200 West Tower Avenue
No1 Huatuo Road,
Finland
Milwaukee, WI 53223 USA
Zhangjiang Hi-tech Park Pudong
Tel: + 358 10 39411
Tel: + 1 414 355 5000
Shanghai P.R.China 201203
Fax: + 358 9 1463310
1 800 558 5120 (US only)
Tel: + 86 21 5257 4650
www.gehealthcare.com
Fax: + 1 414 355 3790
Fax: + 86 21 5208 2008
www.gehealthcare.com