For healthcare organizations, it’s all about going mobile these days — and for good reason. Mobile devices in the hands of medical professionals and staffers can boost productivity and efficiency, while fostering innovation and vastly improving connectivity and communications with patients.
The rub, of course, is that inherent portability of mobile devices — combined with the considerable amount of data and information they can contain — makes for a significant security risk. That threat was driven home recently by the massive data breach of the nation’s second largest health insurer, Anthem Inc., in which personal data of more than 80 million customers might have been compromised. Beyond the concerns of lost or stolen devices, healthcare providers also need to ensure they operate within compliance of HIPAA and other regulations.
Compiled By Scott Westcott, Contributing Writer
Balancing mobile communication and data security in healthcare is a challenge, especially when your mobile device landscape is vast and varied. Here’s how Intermountain Healthcare accomplishes this feat.
For healthcare organizations, it’s all about going mobile these days — and for good reason. Mobile devices in the hands of medical professionals and staffers can boost productivity and efficiency, while fostering innovation and vastly improving connectivity and communications with patients.
The rub, of course, is that inherent portability of mobile devices — combined with the considerable amount of data and information they can contain — makes for a significant security risk. That threat was driven home recently by the massive data breach of the nation’s second largest health insurer, Anthem Inc., in which personal data of more than 80 million customers might have been compromised. Beyond the concerns of lost or stolen devices, healthcare providers also need to ensure they operate within compliance of HIPAA and other regulations.
Healthcare organizations such as Intermountain Healthcare based in Salt Lake City are focused on developing comprehensive device management plans that meet current needs, as well as future challenges. The nonprofit health system includes 22 hospitals as well as about 1,100 employed primary care and secondary care physicians at more than 185 clinics in the Intermountain Medical Group. In this Q&A, Gordon Smith, supervisor of the Client Hardware Engineering & Mobile Team at Intermountain Healthcare, shares how the health system shored up its mobile device management (MDM) efforts with an investment in AirWatch EMM technology.
Q: What is the makeup of Intermountain’s mobile device landscape?
A: At Intermountain, we have about 7,500 devices that are being managed. We have a variety of options. We have employee-owned, BYOD (bring your own device) devices that include iOS as well as Android. There are also company-owned iPhones for which Intermountain provides the device and the employee pays a fee for data. We also have some corporate-dedicated iPads that are provided by the company. We are currently rolling out iPads that will be used in the clinical process, and we expect to expand that program in the future. All told we have about 2,400 corporate-owned devices, roughly 3,000 corporate-shared devices, and about 2,000 employee-owned devices in the program.
Q: How did Intermountain manage its mobile environment prior to implementing its new MDM solution from AirWatch?
A: With our previous system we had significant limitations. For instance, from a security standpoint, if a phone or tablet was lost or stolen, the only security capability we had was to send an enterprise wipe, which means we had to wipe all the personal data off the phone along with any Intermountain data that was on it. If the employee had Intermountain data on the device, it had to be protected, so that meant all the personal pictures or other personal data had to be deleted. We also had limited ability to manage Windows Mobile, which we use quite a bit for laboratory work and homecare.
Q: So what ultimately led you to seek out a new MDM solution?
A: Intermountain really deepened the commitment to go mobile in 2012 — both as a means to foster innovation and to enhance employee productivity across the organization. We wanted to make sure that we had a way to identify devices that were jail-broken or compromised or not meeting our standards. The need was amplified when Apple introduced iOS 5 which incorporated the cloud. With that, we faced the challenge of preventing devices with Intermountain data from uploading data to the cloud. That concern, along with knowing we needed a better way to manage Windows mobile devices and increase security, led us to seek out the new solution.
Q: Why did you select AirWatch EMM and Content Locker?
A: After doing our initial research, we conducted a very thorough vetting of three or four vendors. We put significant emphasis on their standing in the Gartner Magic Quadrant for Enterprise Mobility Management Report. The key considerations were the vendor’s ability to secure data and make sure we were compliant with regulations. In our view, AirWatch best met these requirements. This was a pretty large deployment, and AirWatch was very stable, and they were able to do everything we wanted to do with the devices.
As I mentioned, we were looking for the ability to effectively manage Windows Mobile, and several of the competitors did not provide the capabilities that AirWatch has to handle that. Content Locker came along later as a real added bonus. Our Life Flight air medical team came to us during the enrollment period and said they were in a pilot program with the FAA to go to a paperless cockpit. They wanted to see if AirWatch could provide a secure Content Locker. We were able to achieve that. Storing the information electronically in Content Locker saves about 30 pounds per aircraft in paper weight. That saves fuel and allows them to fly at higher altitudes in Utah. We are now looking at expanding Content Locker to other areas of the organization such as our primary children’s hospital and the client service field team.
Q: Can you provide some details regarding the implementation of the MDM solution?
A: With the old system, every device we had was configured with an existing profile or tethered to laptop, and those devices had to be updated in the transition. We had to remove the old profile first before we could push out AirWatch. With the size of our organization, we decided to do an on-site rollout that covered our five regions. Each region had an enrollment fair where we were able to answer any questions and get employees enrolled. We did have people worrying about Big Brother, wondering if we would be able to see their banking activity or what they were doing on Facebook. We needed to allay their concerns and let them know what we were doing was simply implementing a way to effectively manage the devices for security reasons, and that we now had the capability to only wipe Intermountain data and not personal data. We put together a FAQ document that addressed many of those concerns.
As far as applications, AirWatch provides a method for us to deploy apps to devices using the Apple Volume Purchase Program. We don’t push apps to BYOD devices on Android. We use the app Workspace only on Android devices. The volume purchase program allows us to buy in bulk and push out to devices. One example is Child Life, which is an app we push out that is for child therapy.
From a policy perspective, one overarching policy is users are not allowed to have an unauthorized system on the Intermountain mobile network. You currently cannot upload iOS 8.2 because of some security concerns we have. If an employee gets 8.2 on their device, they will be unenrolled. Also the device has to be enrolled in AirWatch to get email, and you have a passcode on the device that forces encryption.
Q: What are some of the biggest benefits Intermountain has experienced to date as a result of its new MDM solution?
A: The most visible benefit has been the Life Flight effort with Content Locker. That is a very big deal for them to go paperless and get the weight off the aircraft — it was a real mobile gamechanger. From a broader perspective the biggest benefit has been making sure the Intermountain data is protected and, if a device is lost or stolen, we can wipe it or locate it. Having that added layer of security and more consistency across how we are managing devices allows us to really leverage the benefits of mobile, while significantly reducing the risks.
Q: What advice/best practices can you offer other health providers trying to improve their MDM efforts?
A: From a practical standpoint, you can’t communicate enough before and during enrollment. It was good that we developed FAQs, but it probably would have benefitted us to do that earlier in the process to address questions ahead of time. Beyond that, I think the best advice is to really use the product to its fullest capabilities. I know when we go back to AirWatch and talk with their engineers, they tell us Intermountain continues to use all the products that AirWatch provides. We use the Content Locker as well as Workspace and other capabilities. It’s important not to just implement the solution and think you are then done. To get the most value, you need to use the product and figure out how it can best serve the customer or, in our case, our patients.