With so many doctors bringing their smartphones and tablets to work and patient data breaches reported all the time, IT managers need to make the right choices.
By Paul Cerrato, (Featured on InformationWeek)
November 19, 2012
Of all the issues that keep health IT managers awake at night, it’s hard to find one more vexing than mobile device management. A recent survey of healthcare providers makes that painfully obvious.
Security and management concerns are top of mind for many these organizations, according to a KLAS report. The study, “Mobile Healthcare Applications: Can Enterprise Vendors Keep Up?”, asked 105 respondents, most of whom were C-level managers, about their use of mobile technology in hospitals and found that securing personal devices via MDM software is one of their top concerns.
When the execs were asked what their organizations are looking to do to secure personal devices used at work, data encryption was the number 1 response. MDM was number 2, which, according to Eric Westerlind, the report’s author, is telling. Since the use of encryption is already widespread, the high interest in MDM is promising, Westerlind says.
“[Providers] are concerned with making sure tablets are secure, and it’s difficult because it’s a personal device,” he says. “Whatever they install can’t be too intrusive, and sometimes that can be an issue with MDM. But when you’re dealing with patient information, anything that contains data covered by HIPAA needs to be secured, and those devices need to be able to be wiped clean.”
[ How can patient engagement help transform medical care? Check out 5 Healthcare Tools To Boost Patient Involvement. ]
Ken Kleinberg, a health IT consultant with the Advisory Board, told InformationWeek Healthcare that the operating systems of mobile devices have more robust security features than the legacy Windows systems found in hospitals. But he emphasizes that hospitals need strong BYOD security policies, including mobile application management tools. “It’s not just that you’re going to control the configuration on the device; you’re also going to control what application can be loaded on that device,” he says.
A hospital’s IT organization can give doctors a list of the applications it has vetted, Kleinberg notes. If a doctor wants to use a document reader, for instance, the hospital might suggest one. If he wants to use a dosing calculator, it might suggest three apps and make them available on its application server.
During interviews with several IT pros, it became obvious that when the conversation turns to MDM, one size doesn’t fit all. Rather than choose an MDM product, Beth Israel Deaconess Medical Center has for now “settled on enforcing tight security policies through Exchange ActiveSync,” says BIDMC CIO John Halamka. “It is highly likely we are capturing most, if not all, BYODs that access BIDMC resources, as email is by far the most frequently used application,” Halamka says. “We really do not have other applications that have been customized to run on smartphones and tablets. Our applications are native to the Web, so the ability to install and manage mobile applications is not something we’ve encountered as a problem yet.”
For those healthcare providers that do require native mobile apps for their physicians, several vendors offer MDM platforms to address security threats.
Bob DeLisa, president of Cooperative Systems, a Connecticut-based IT support and consulting firm, offers some advice on choosing a system. He tells clients choosing an MDM tool to base their decision “on the age and scalability of your current infrastructure.” DeLisa says to take a look at Meraka, for instance, when doing an infrastructure upgrade and server-based solutions like Good, MobileIron, or BoxTone if they’ve recently upgraded.
Many hospitals and practices prefer to install a custom-built BYOD solution, but those that want to go with an MDM vendor must weigh a long list of issues. Among the technical issues:
– Which mobile operating systems do you need to support?
– Do you plan to host the MDM system on your network?
– What email system do your clinicians use, and will it be compatible with the MDM tool?
– Will the MDM software enable you to remain HIPAA-compliant?
– What are the software’s lock and wipe capabilities?
– Will you use the MDM tool to push out other apps that clinicians insist on using to manage patients?
Most of these questions are outlined in an Avema Critical Wireless Buyer’s Guide, which Halamka mentioned in a recent email exchange.
George Brenckle, CIO at UMass Memorial Healthcare in Worchester, Mass., takes a different approach to BYOD. He prefers to focus on managing data rather than managing devices, which is one reason UMass has switched to a virtual desktop approach. With all of its sensitive patient data on hospital servers, there’s no risk of breaches from stolen or lost iPads and laptops.
What about commercial MDM products? Brenckle says the challenge is trying to keep one step ahead of the rapidly changing mobile device ecosystem. “So you invest in one of these MDM tools and it’s working well, and suddenly a new tablet or smartphone comes on the market that the tool isn’t equipped to manage,” he says.
BOYD isn’t going away — and why would we want it to? It helps clinicians provide better, speedier patient care and has no doubt saved lives on occasion. Once you find the right IT solution, it will certainly save you some sleepless nights as well.