MDM can keep the professional separate from the personal
Healthcare organisations that are moving towards or have implemented bring your own device (BYOD) policies can help assuage security and privacy fears by using mobile device management (MDM) solutions that effectively “containerise” personal and professional applications on a single device.
Jim Cikanek, senior product manager for mobile communications specialist Spok, told a webinar for Asia-Pacific region hospitals last week that IT departments should investigate the use of MDM as part of their overall BYOD policy.
Mr Cikanek said MDM solutions can not only secure patient information but help control the release of software updates, secure a device and its applications, allow for remote wiping capabilities and separate the user's personal and professional apps.
“You can control access to enterprise networks and systems and on top of that you can also containerise the applications,” Mr Cikanek said. “Right on the actual device you can say, I want these four applications that are for professional use in a secure container and any information that is inside that container cannot be extracted from the container.”
As well as allowing the organisation's IT department to better control access to clinical apps, MDM can also help ensure the clinician's own privacy is protected by blocking access to their personal apps, he said.
Mr Cikanek recommended that hospitals thinking of introducing a BYOD strategy make sure that clinicians, in particular visiting doctors, were assured that IT will not be able to pry into their personal affairs.
“It depends on what level of MDM you are using, whether you are securing the device or wrapping the actual application, but a policy gives employees a heads-up of what access the organisation will have once the MDM is installed,” he said.
“You have to make sure they are going to understand what the IT team is going to be able to see on their phone. A lot of times you are going to get a lot of pushback when you go in and say we are going to put an MDM on the device.
“Physicians will say they don’t want you to see what they are doing on the phone and they don’t want you to be able to control the phone, but with MDM you can containerise one area of the device and you want to make sure they understand that.”
BYOD is not exactly new and doctors in particular have taken to it with alacrity, but many organisations are still grappling with developing a policy that will allow the benefits of BYOD – such as efficiency of communication, immediate access to data and employee satisfaction – to flow.
Mr Cikanek cited a Gartner study that showed that in two years time, 90 per cent of organisations will support some form of BYOD. This is usually a mix of BYOD and enterprise-owned devices, but what Spok and other mobile communications specialists are seeing is a dramatic increase in BYOD.
By 2018, he said, there will be two times more employee-owned devices than enterprise-owned devices. In addition to employee demand to be able to use their own devices, organisations are keen on BYOD as it improves employee satisfaction as well as achieving cost savings by passing on some of the cost to the user.
However, he recommended that healthcare organisations take the time to work out a strategy that encompasses how clinicians are going to be using the devices, what systems they need access to, what levels of security will be required, what applications they can use that are not work-related, and the most important focus for healthcare organisations, how safe it is.
“A BYOD policy should really address a couple of things,” he said. “An environment for BYOD requires more than just making an announcement, more than just sending out an email that says we are going to go BYOD. It takes a lot of careful planning and you have to have the planning in place so you can execute on that.”
When it comes to MDM, organisations will have to evaluate what level of MDM to use, including whether the device needs a tracking app with remote wipe capabilities. They should also consider the needs of visiting doctors who work across multiple sites or for different organisations and how to give them access to different systems from different sites on the one device.
Hospitals should also consider what to do if a doctor refuses to allow the IT department to control part of their device, he said. Should they be denied access to critical systems like the EMR or PAS on their devices if they object to the policy?
“If a clinician does not implement the necessary procedures, what are the implications of that? If they are using their own device and don’t want to put an MDM on their device, what areas are you going to allow them into and what are they not going to be allowed into?
“You can do one of two things with the MDM. You can lock the entire device down but most of the time BYOD users don’t want that to happen because they see it as an invasion of privacy. [Containerisation] allows you to separate your personal information into one container and your business information in another container. If you have a business container, you have an app like Spok Mobile, you might have an EMR app that lives in there, and access to that container is only granted to the IT people. They do not see anything outside of that container.
”Anything that is in a personalised container, which would be your Gmail account and Angry Birds, [the IT department] is not going to have any access to that. Use the MDM to containerise the professional side of things and tell the users that the only thing the IT people can see is what is in that business container.”
Hospitals also need to consider the resourcing required for BYOD, including dedicated help staff, who will pay for upgrades to software, who has to pay for data use for large files such as photos, whether the hospital can support non-approved apps, and even whether the facility has adequate WiFi.
“This is a huge area,” he said. “You know there will be questions. 81 per cent of doctors indicated their facility allowed some form of BYOD but only 32 per cent have access to a dedicated help desk at their hospital.
“And people can miss critical messages if they are having problems with their WiFi. To get rid of things like user frustration, security risks, and delaying patient care based on missed messages, it is important to have [a strategy] in place.”
Hospitals should also consider the different requirements of different disciplines, he said. Spok's mobile messaging app was originally designed with doctors in mind, but the company is increasingly focusing on how nurses use mobile devices as well.
Mr Cikanek said there is a definitive line between how doctors and nurses use mobile devices in the professional setting, which is starting to be more prevalent in the APAC region. For Spok users, he estimated that up to 80 or 90 per cent of doctors were using its messaging application on their own devices, while almost all nurses use devices provided by their institution.
“We are seeing a change in that previously nursing devices were, for want of a better term, a little more on the archaic side,” he said. “They were not smartphone devices.
"But what you are seeing is institutions are buying more smartphone devices for nurses, they are buying iPhones and WiFi devices because of the fact that nurses are using them outside of their workplace, and when they come in to work and pick up one of these older phones, the user experience between the two different phones is huge.
“So you are seeing nurses move more towards the smartphones, but again those are bought by the institutions.”
He said there were also different uses cases between doctors and nurses. “The main use case for the Spok mobile application is critical communication around patient care. It is really that nurse to doctor information and any information around the circle of care around the patient.
“When you look into that, the use cases separate a bit. The physicians, you see the use case as communication. When you look at the nursing side it is more about workflow. Originally our Spok mobile product was built for physicians, but as we move through 2015, you’ll start to see our focus move towards how that workflow goes.”
Posted in Australian eHealth