By Ken Congdon
Follow Me On Twitter @KenOnHIT
Green Clinic Health System proves that you can satisfy physician BYOD demands without sacrificing data security.
Healthcare IT professionals can be a skittish lot, and rightfully so. After all, they are the ones responsible for ensuring the technology systems they deploy don’t put patient data at risk. With PHI backed by the likes of HIPAA, and hefty fines levied for data breaches, this responsibility is not taken lightly. This is the root of why so many health IT leaders are so vehemently opposed to the concept of BYOD. To the IT contingent, BYOD is the equivalent of giving up the reigns of centralized control over a healthcare facility’s mobile environment. A frightening proposition, indeed — even if this perception isn’t entirely accurate. In response, many IT departments have instituted strict policies to prevent the spread of BYOD in their organizations. While these draconian measures may preserve the illusion of centralized mobile control and security (for now), they can also lead to an unsatisfied clinical workforce and prevent healthcare providers from realizing significant workflow benefits.
I’ve always asserted that BYOD is too powerful a movement to ignore or thwart. The reason? Unlike other IT initiatives that are the brainchild of the IT department or driven by federal incentives, the BYOD movement is being propelled by the end users themselves — namely doctors and nurses. An overwhelming number of clinicians want to use their own mobile devices (i.e. tablets, smartphones) on the job. Denying these caregivers a means to do so in line with IT policies will only encourage some to sidestep IT roadblocks and use personal devices haphazardly. Better to find a way to address the BYOD demand as securely as possible, than to stand in the path of the avalanche.
MAINTAIN CONTROL & SECURITY IN A BYOD ENVIRONMENT
Green Clinic Health System, a 45-physician multi-specialty practice in Ruston, LA, provides a great example of how to embrace BYOD without compromising data security.
“Green Clinic is physician-owned, and a lot of our IT drivers are based on what our physicians want,” says Jason Thomas, CIO at Green Clinic Health System. “We implemented an EMR about 4 years ago and, shortly after, a lot of our physicians started getting iPads, iPhones, and Android tablets and smartphones for Christmas, birthdays, or just because. Soon enough, many of these physicians began to inquire how they could access the EMR on these personal mobile devices.”
At the time, Thomas knew that the clinic’s Vitera Intergy EMR platform wasn’t designed to work with mobile devices. However, he found it difficult to explain this in a way that made sense to his physicians.
“From the physicians’ standpoint, the EMR was electronic and the mobile devices were electronic,” says Thomas. “Me telling them that the two systems weren’t built to communicate with one another just made it sound like I didn’t want to fulfill their request.”
Rather than deny the doctors’ demands, Thomas and his team decided to leverage many of the technology components already in play in other areas of the clinic to make enterprise systems, such as the EMR, compatible with personal mobile devices. For example, Thomas’ IT team not only supports the main facility in Ruston, but several satellite clinics and a hospital as well. In an effort to ensure IT employees could address technology requests on any workstation at any of these facilities, Green Clinic created tunnel service interfaces using several web-based tools. One of the primary tools was PocketCloud Web from Dell, which allowed Green Clinic to search, view , organize and share files across all of the providers’ computers via a web browser. The clinic leveraged a sister product called PocketCloud Remote Desktop to extend this capability to iOS and Android tablets and smartphones.
“PocketCloud basically provides our physicians with a virtual Windows desktop environment on their tablet or smartphone,” says Thomas. “We just load the PocketCloud app onto their mobile devices and they can access the EMR system on that device just as they would on a desktop or laptop. Best of all, no PHI is actually stored on the device itself, which keeps sensitive data from walking out the door and keeps us HIPAA complaint.”
Green Clinic also installed a new email server during this time that leverages ActiveSync. Thomas and his staff basically used this email server as a mini mobile device manager.
“Using the email server, we were not only able to push corporate email to personal mobile devices, but we were able to leverage ActiveSync to automatically encrypt and password-protect those devices as well,” adds Thomas.
The virtualization software and email server are not the only measures Green Clinic has put in place to secure its BYOD environment. The clinic also uses SonicWALL Internet Security to filter Internet surfing on the corporate network — whether via a desktop or mobile device. Using this software, Green Clinic blocks its users from accessing questionable websites (e.g. adult sites, e-commerce sites, etc.) while at work. The clinic has also decided to block bandwidth-hogging streaming sites (e.g. YouTube, Pandora, Spotify, etc.) to ensure adequate bandwidth is always available for clinical applications.
Finally, Green Clinic has also made some tweaks to its terminal server to prevent employees from saving or transmitting sensitive data outside the corporate network (e.g. to local drives, external/personal email addresses, etc.).
BYOD DELIVERS POWERFUL CLINICAL WORKFLOW ADVANTAGES
While Green Clinic’s BYOD strategy is designed to accommodate any mobile device or operating system, Thomas says the vast majority of devices in play at the clinic are Apple and Android devices. “We have 475 users in our organization and I have yet to encounter a Blackberry or Windows phone,” says Thomas. “We haven’t restricted these devices from participation in our BYOD program, we just don’t support them because none of our physicians or employees has ever purchased one.”
While the limited devices and operating systems in play at Green Clinic may have been coincidental at first, the perpetuation of this trend seems to be largely influenced by IT. “Now, when an employee says they are thinking of purchasing a new tablet or smartphone, IT provides them with a list of devices that are already in use in our BYOD environment,” says Thomas. “That way, the physician can go to a store with a list of devices that are have been tested and proven by our IT staff as opposed to relying on the salesperson to pitch them whatever device will net him or her the highest commission.”
To date, the biggest benefit Green Clinic has realized as a result of its BYOD strategy has been the ability for doctors to customize their own workflows. “When we initially implemented our EMR, we rolled out 150 corporate-issued tablet computers for use with the system,” says Thomas. “These devices worked well in the beginning because they helped train our physicians. It showed all of them how use the EMR the exact same way. However, as time passed, each doctor felt limited by this hardware from a workflow perspective.”
For example, many of Green Clinic’s physicians desired a “less bulky” hardware option that would allow them to share lab results more effectively with patients. Others wanted a mobile device with longer battery life. Another interesting wrinkle at Green Clinic is the fact that the main practice and the associated hospital are right across the street from one another. Most doctors walk from the practice to the hospital on a daily basis and they don’t want to have to drag a laptop or bulky tablet with them in order to access corporate networks. The use of Apple and Android devices via Green Clinic’s BYOD program has met these demands.
“Our BYOD solution allows doctors to pick and choose what device they use to do their jobs most effectively,” says Thomas. “Plus, since the physicians are the ones investing in these devices, they have more incentive to make the device work for them. This is a big difference over our former corporate-issued device strategy.”
While Thomas states that BYOD has made for a more productive and satisfied workforce, he also suggests that another key reason for embracing BYOD is to support future recruitment efforts.
“The physicians entering today’s medical workforce grew up with mobile devices,” says Thomas. “They are not going to part with their devices just because they walked through the doors of your organization. Today’s practices and hospitals need to get on board and adopt a BYOD policy that will enable these doctors to work in the manner they desire. If you fail to address these demands, you’ll have a hard time recruiting and retaining key talent.”