By Ken Congdon, editor in chief, Health IT Outcomes
Like it or not, the use of mobile devices in the healthcare industry is beginning to explode. According to recent research by Bulletin Healthcare, physician use of smartphones, tablets, and other mobile communication devices increased 45% between June 2010 and February 2011. Moreover, the physicians themselves, rather than healthcare IT departments, are driving much of this mobile device adoption. In other words, physicians are purchasing mobile devices for personal use and using them on the job as well. With a surge of new 4G smartphones and tablet computers currently on the market, this trend is likely to continue. The question is: do you have a systematic plan in place for tracking, managing, securing, and supporting this influx of new devices to protect your healthcare facility from potential privacy breaches or data theft?
Establish The Right Mobile Device Management Policy
With the growing consumerization of IT, banning use of personal mobile devices in the workplace is becoming harder and harder to control and enforce. Many healthcare facilities attempt to counter this threat by providing employees with corporate-issued devices for work use that are centrally controlled by IT. However, nowadays clinicians may have strong preferences to the mobile platforms they leverage for personal use and push hard to leverage these platforms at work as well. The best course of action may be to establish a mobile device management policy that allows employee-owned devices to be used on the job.
This may seem like a daunting task, but with recent technology advancements, this endeavor is much less complex today than it was a year or two ago. For example, today's Apple iOS 4.x platform for the iPhone and iPad and the Android OS both support some fairly robust security features including encryption, centralized management, and remote data swipe. Moreover, several independent mobile device management (MDM) solutions exist that can extend the security capabilities of these popular devices and give IT personnel the control they need to keep your healthcare facility's data safe. For example, these MDM tools can be configured to provide IT with remote configuration and policy creation capabilities that allow enterprise data to be kept separate from personal apps on the device using password and encryption tools. These solutions also enable IT to wipe the device clean remotely in the event that it is lost or stolen.
When developing a mobile device management policy that allows for use of employee-owned devices, be sure you consider the following:
- Start with documentation. Require employees that wish to use their own mobile devices on the job to complete a consent form that grants permission for the healthcare provider to install enterprise applications and MDM software on their personal device. This form should also outline enterprise usage policies and authorize IT to wipe the device clean if it is ever lost or stolen.
- Craft or amend usage policies to enforce best practices for mobile device use, including multilevel passwords and device certificates
- Establish tiered access to network resources to secure critical data and applications
- Re-architect application delivery mechanisms
Determine you will be responsible for application and device updates on the device and ensure these rules are well documented. Some organizations have begun establishing internal enterprise app stores on iTunes and Android Marketplace that are managed by IT to centralize upgrades and even restrict certain applications from being uploaded to tablets or smartphones.
Ken Congdon is Editor In Chief of Health IT Outcomes. He can be reached at email@example.com.