Building a Rock-Solid Network Foundation to Modernize Healthcare at Surrey Place
In the digital age, patients expect medical facilities to be well equipped. They’re almost worried if they aren’t. And when children are involved, parents are especially concerned about privacy: “If I give their medical history, is it going to end up on the web in a security breach?” Part of my job as IT and security manager is putting those concerns to rest. Our environment needs to be modern and our patients’ information needs to be safe.
But we can’t stop there. Our job is also to enable doctors and other healthcare professionals to do their best work. It’s about providing the right tools and ensuring systems are secure and stable. Whether they’re in our facility, at a satellite office, or out in the community, the last thing on their minds should be if the network will work.
This perspective is the starting point for my work at Surrey Place. Our organization exists because people with developmental disabilities, autism and visual impairments require a different level of care than what many of us receive from a traditional doctor. Surrey Place is the bridge for people, of all ages, with disabilities to get the services they need.
In addition to our head office in downtown Toronto, Ontario, we have 12 satellite sites and link to medical services across the region. We also operate within the Toronto, York, and Peel public and Catholic school systems and are affiliated with several research universities and colleges.
This model comes with unique IT challenges, but it’s also uniquely gratifying. Our vision at Surrey Place is to help people reach their full potential. Even though I’m not on the front line with the children or adults receiving our services, my work is an important component of achieving our vision. I know the rest of the IT team feels the same.
Starting Our Modernization Project at the Foundation
Recently, we have been on a mission to modernize. This includes everything from IT systems to our client record management system. Before I arrived at Surrey Place, a lot of our services were managed by an outside service provider. Part of the modernization plan was to build an in-house IT department that could support Surrey Place’s growing needs as we provided better care.
While Surrey Place may be viewed as a traditional social service agency, a lot of our work straddles both the social service and health care sectors. We are accredited by Accreditation Canada and in turn adopt many of the procedures, policies, and practices of outpatient hospitals. While we continue to strategically pursue healthcare funding, we operate with less robust social service funding while needing to have the same functionality as an IT department with a much larger budget line. Whatever solution we put forward, it has to have maximum impact for the organization. When we go hunting for new hardware or software, we’re thinking not only of what it will do for us today, but six months, a year, and five years from now. We have to get the best bang for our buck.
To begin this project, we needed to start at the core of the organization. Before we went ahead with cloud-based applications or a fancy new client management system, we had to ensure our network was stable and reliable. That was the first step, because we knew if we didn’t get that foundation right, all those other projects would lag.
With our old network, connectivity was always a problem. We have around 500 end users, and they’re not just in our head office. They’re at our 12 satellites, they’re in schools, and, since many of our clinicians are community-based, they’re working from clients’ homes.
Our school sites were disconnected from the rest of our organization. We needed to bring those school sites in. Meanwhile, our community-based clinicians often ended up using their phones as hotspots just so they could get a stable enough connection to log in.
For our satellite sites, if we needed to configure a switch, we couldn’t do that from downtown where most of our technicians are located. For those unfamiliar with Toronto, to drive to the east or west end of the city is an hour and a half—one way. The technicians often worried whether they’d make it to the site on time.
It was a lot of work just to make the system work. We relied heavily on our Citrix environment to allow those remote users access. Citrix performs fine on a computer, but it’s not fast, it’s not stable, and certain applications wouldn’t work. The support tickets piled up, as did the funky workarounds—all so that people could do the most basic parts of their job. That’s the exact opposite of the ideal IT environment.
We needed better management of our access points, with all our sites interconnected. Our coverage had to be steady with reliable VPN service. We came up with a list of all our requirements, including automation. I knew if we could make the IT technicians’ day-to-day chores simpler, they could spend their time improving the organization—working on the projects that push us forward.
We reached out to our vendors who gave us a few options, and from there we trialed a few of the devices. We bought a couple of APs and saw if they could handle our needs. We ended up choosing the Cisco Meraki product line for its ease of deployment and management, which would make it vastly easier to oversee multiple sites centrally. With Meraki, we could redo our network infrastructure and manage it ourselves, without having to invest more in staff. This was the bang for our buck that we were looking for.
Easy Deployment—and Fast
When it came time for deployment, we did almost all of it in-house. We took it in stages, site by site. There was some re-cabling to make sure we got proper coverage, because we lacked that under the previous provider. The rollout was easy because configuring Meraki was just the click of a button. That shaved off a lot of time and effort for site-to-site deployments.
Overall, the deployment went very smoothly. It took us about a year to do all 12 sites, and in hindsight we could have done it even faster. About halfway through our site deployments, we realized we could copy settings from one site to another.
If I were to do it all again, I think we could have done each site deployment all at once. We took our time and did the firewall, and then switches, and then APs, but we could have condensed that into an entire site in one go. We didn’t feel comfortable doing that because we were unfamiliar with the product, but looking back, we could have. Deployment was that easy.
Two things jumped out at us immediately after deployment. The first was the stability between sites. Under our previous system, which was basically manual VPN tunnels, we didn’t know a tunnel had gone down until a user complained. Once we got a couple sites up with Meraki, I noticed our reaction time was a lot faster because the dashboards gave us direct insight into what was going. Our increased stability with Meraki meant we weren’t rebooting firewalls and switches weekly.
The second thing we noticed was the coverage with access points. We cut down on the number of access points—we now have 115 APs total—but we’ve had no complaints as to speed or dead zones. With Meraki, it turns out we got more with less.
Reduced Admin Burden and Empowered End Users
Thanks to Meraki, our VPN service has been easier for us—and our staff. We can script most of the VPN deployment, so there’s no manual installation anymore. We also implemented single sign-on (SSO), so our end users don’t have to remember a username and password. With a steady VPN presence and all our sites interconnected, users can just boot up—whether it’s on a laptop, phone, or iPad—and they’re ready to go. I don’t think we’ve received a ticket for VPN setup in months.
The centralized management means no more travel time driving to the other side of the city. Technicians can connect from the main site and make changes remotely. Outside of the occasional power or network ISP-related outage, we no longer have day-to-day maintenance tasks. They’re all scheduled to update on their own. We get the occasional ticket about opening this or that port on the firewall, but that’s it.
I estimate our move to Meraki translated to a 30% reduction in the burden on our network and system admin. Since our technicians were the ones who usually set up the VPN and helped people log in, I estimate their time has been reduced by 10%. This time back in our schedule means we can work on initiatives that we previously didn’t have the bandwidth for.
A centralized dashboard makes security investigations a lot easier. Security is, of course, important in normal corporate structures, but in healthcare we have to think of security at every layer. It’s easier to see logs, so if there is an infection on a computer, we know exactly where it came from.
We used to rely primarily on our antivirus software. Meraki’s alerts mean we no longer scramble when something goes awry, and access to easy-to-read logs allows us to dive deeper and be more proactive. We’ve improved security at every level.
Our Foundation Is in Place
Our end users are now telling us, “This is way easier than what I had to do a month ago.” And where we used to receive a lot of tickets for basic maintenance, we’re no longer hearing complaints. It helps that we have all these alerts in place, meaning I don’t have to wait until someone tells me something’s wrong. It finally feels like we’re out of our staff’s way.
With our foundation in place, we’re building on top of it. We recently finished our server upgrades to make sure we have the right backup and DR set up. We’re now onto the application side, moving from an outdated SQL-based application to a proper CRM system. The data management during this transition requires a lot of man-hours, something we just didn’t have before Meraki. Instead of spending their days putting out fires, my technicians can focus on our modernization project.
Cisco Meraki lets everyone in our organization focus on their job. And when your job is to help others get the most out of life, there’s nothing more important than that.