Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

BYOD Deploying a Mobile Device Management Strategy

Posted on April 30, 2013 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The following is a guest blog post by Marcus LaFountain.
Marcus LaFountain Headshot
LaFountain has worked in IT for the last 10 years as a PC Technician, Help Desk Analyst, and System Administrator. He is currently a Healthcare IT Consultant specializing in Cerner and HIM implementations.

A recent Ovum study showed that almost 60% of employees bring some type of mobile device into the workplace. There are a few names for this, Bring Your Own Device (BYOD), Bring Your Own PC (BYOPC), Bring Your Own Phone (BYOP), User Introduces Unsecure Device onto My Network and Then Loses My Secure Data (UIUDOMNTLMSD). Alright, so I made that last one up, but that is how most IT Managers feel when the discussion is started about BYOD. An end user bringing a device to work is both a gift and a curse for any sized company. We see an increase in productivity but also the increased threat of data being lost or stolen. Having a strong Mobile Device Management (MDM) strategy can help companies reap the benefits of BYOD while limiting the consequences.

Let’s start by going over some numbers. By 2014, the number of mobile devices (mostly mobile phones) in the workplace is expected to reach 350 million globally. A remarkable 57% of full time employees are already using mobile devices for work related tasks. Out of that 57%, about half is unmonitored, unmanaged BYOD activity. Another study shows that in 2011, 78% of companies did NOT have a BYOD policy and only about 20% of employees actually sign a BYOD policy.

There are many reasons to justify a BYOD policy:

Productivity:  An employee who uses their personal device for both work and play is on average likely to work an extra 240 hours per year than those who do not. They can answer emails on the go, answer phone calls while on the road (using a hands-free device of course!) and receive that last minute meeting update. . Most employees won’t want to bring a work laptop home just to check emails after dinner or during downtime at home. Letting them receive push emails may empower them to write a quick mail back to a client in a different time zone rather than having to wait until the morning.

Cost: There is also a cost justification. Not having to provide every employee with a business only device can save not only the cost of the device but the monthly service plan that goes along with it. The number of devices can be reduced as well. A mobile phone is a cheaper and sometimes more convenient alternative than a laptop with a 4G cell card. Employees can still stay connected when not physically at their desk.

User Experience: Tech Savvy employees tend to have strong preferences when it comes to the technology they choose to use. Forcing an Android user to use a BlackBerry device may not be an ideal situation. Giving employees the ability to choose their mobile operating system, screen size and other technical specs may make them more likely to use the device rather than it sitting in a desk drawer unused.

However, it isn’t all sunshine and rainbows in the world of BYOD. As the use of mobile devices increase in the work place, so do the number of malicious attacks. According to the Ponemon Institute, 6 out of 10 security breaches were traced back to mobile devices. Apple and Google are constantly removing mobile malware from their app stores. And as always, attackers are trying to pick the low hanging fruit of the mobile community first. Businesses must have policies and security measures in place to protect their data. In 2009, the US Government enacted the Health Information Technology for Clinical Health Act (HITECH) that requires healthcare companies to notify patients if they have had their health records compromised. Similar acts were also put in place in the financial industry.

Constructing a comprehensive Mobile Device Management (MDM) policy is imperative when users are allowed to bring and use their own devices. As with many policies, the contents may vary greatly by company. However, almost every company from small businesses to enterprises will need to focus on security and support.

Security:  A lost or stolen device is the most common type of security breach. A company must have measures in place to combat this. While an entire article can be written about mobile security, I will touch on some common features.  Both Android and Apple offer AES 256 – Bit encryption as a standard on their devices.  Lock screens, passwords and certificates all play a role in device management as well. Microsoft Active Sync and other software also allow administrators to perform a remote wipe of a compromised device. This is a necessary requirement when employees have company data on their mobile phones.  Samsung has developed an Enterprise suite called SAFE that allows the user to partition company data with personal data. It also gives administrators the ability to perform a complete or selective wipe, tracking of the device and local password enforcement.  Apple and other mobile providers are starting to or already have incorporated these features as well. If your company is using application virtualization, you may need to define new rules for allowing mobile devices. Users will also need a way to get a hold of someone 24/7 in the event of a lost or stolen device.

Support:  This may be a slippery slope for some. Most IT policies only allow for support of company devices. So who supports a personal device that is used for business? Depending on the size of your company, you may want to assign a dedicated resource from your IT Security team to manage your MDM policy. If you are an enterprise, you may need a small team to manage different aspects of the policy. Your Help Desk will need training on the various mobile operating systems and communication will need to be sent out to end users on how to stay on top of security. Documentation will need to be created on how to setup email, VPNs and passwords. Do you need to setup an approved device list or will you allow any manufacturer or mobile OS on the network? A pilot group (usually IT) will need to be put in place to test your new systems and policies as well. Audits should also be enabled to check for OS updates, application updates and security updates.

In a growing mobile market and the on demand nature of business today, IT Management will need to be one step ahead of its users by developing a MDM policy. When developing an MDM strategy, you must take into account your business needs as well as infrastructure requirements. Like any new implementation it is ideal to begin testing your technology and policies with a small subset of users and conducting a review process before rolling out corporate wide. Doing so may limit mistakes while in a beta phase instead of having them on a mass scale. Focusing on security and support will allow for a comprehensive strategy that will allow employees to operate efficiently and productively but most importantly safely.

Related Whitepaper:
How Technology Executives are Managing the Shift to BYOD
This white paper looks at the growing adoption of BYOD in healthcare and the possible benefits and hurdles of enabling employees to use their own consumer devices in the workplace.

Download Whitepaper or see More EMR and Health IT Whitepapers

BYOD, Skype, and Apps for Medical Emergencies: Around Healthcare Scene

Posted on December 9, 2012 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.


BYOD and HIPAA Compliance: Can You Have Both

With the increased use of smart phone and tablets by doctors, BYOD (bring your own device) is on the rise. With it comes the risk of almost inevitable risk of HIPAA violations. There needs to be some serious talk of protocols for BYOD, as the trend is here to stay. Can BYOD and HIPAA Compliance coexist? Weigh-in here.

Skype HIPAA Risks Not Given Enough Attention

Skype use among medical professionals isn’t high, but enough do that proper attention should be paid toward making sure these phone calls are HIPAA-compliant. There are quite a few risks associated with Skype-calling, and this post discusses why providers should be concerned, and poses some ideas on how to lessen these risks.

Key Radiology Takeaways from RSNA

CIO Janakan Rajgendran from GNAX Health guest posted at EMR and HIPAA this week. He discussed some of the highlights from RSNA 2012. The theme of the conference was ‘Patients First,’ which was reflected in a lot of the addresses from the conference. This post focuses on several different highlights, such as dosage tracking, image parts of HIE, and RSNA conversation changes.

Hospital EMR and EHR

Expanding HIEs Taking Role As Backbone For Reform Efforts 

HIEs have grown significantly in the past year and continue to do so. Because of this, it appears that they are becoming the “backbone” for reform efforts. HIEs are also playing a big role in health reform-related efforts such as with ACO and Patient-Centered Medical Homes.

Smart Phone Healthcare

Five Essential Apps for Medical Emergencies

There are lots of apps that have been created to help people be prepared in case of an emergency. Here are five that seem to stand out, from first aid tips to emergency information cards. Check out this list and see if you can benefit from any of them.

Homegrown Health IT Innovation Takes Center Stage

Posted on November 29, 2012 I Written By

As Social Marketing Director at Billian, Jennifer Dennard is responsible for the continuing development and implementation of the company's social media strategies for Billian's HealthDATA and Porter Research. She is a regular contributor to a number of healthcare blogs and currently manages social marketing channels for the Health IT Leadership Summit and Technology Association of Georgia’s Health Society. You can find her on Twitter @JennDennard.

I’ve had the good fortune over the last few months to be involved in the marketing efforts surrounding the Health IT Leadership Summit happening next week at the Fox Theatre in my hometown of Atlanta. A joint effort of the Technology Association of Georgia’s (TAG’s) Health Society, the Metro Atlanta Chamber of Commerce and the Georgia Department of Economic Development, the annual event does a wonderful job of spotlighting the strides Georgia is making in healthcare IT, both on the provider and vendor sides.

I’m particularly excited to learn more about the four finalists of the Intel Innovation Award, which will be presented to the winner at the summit. I think it’s no coincidence that Solo Health, last year’s winner, has seen a number of newsworthy business developments happen since accepting the award in the Fox’s Egyptian Ballroom last November.

I thought I’d share a brief synopsis of the finalists (courtesy of their respective websites), and then take bets on who will take home bragging rights!

AirWatch (@airwatchMDM)
“AirWatch is the leader in enterprise-grade Mobile Device Management, Mobile Application Management and Mobile Content Management solutions designed to simplify mobility. More than 4,700 customers across the world trust AirWatch to manage their most valuable assets: their mobile devices, including the apps and content on those devices. Our solutions are comprehensive, built on a powerful yet easy to use platform by leaders in the mobile space.”

In a word, it’s all about security in healthcare right now, as iPad minis, iPhone 5s and yes, even a new Blackberry or two make physicians that much more likely to join the BYOD movement. AirWatch is certainly in the game at an opportune time.

CardioMEMS (@cardioMEMS)
“CardioMEMS is a medical device company that has developed and is commercializing a proprietary wireless sensing and communication technology for the human body. Our technology platform is designed to improve the management of severe chronic cardiovascular diseases such as heart failure and aneurysms. Our miniature wireless sensors can be implanted using minimally invasive techniques and transmit cardiac output, blood pressure and heart rate data that are critical to the management of patients. Due to their small size, durability, and lack of wires and batteries, our sensors are designed to be permanently implanted into the cardiovascular system. Using radiofrequency, or RF, energy, our sensors transmit real-time data to an external electronics module, which then communicates this information to the patient’s physician.”

I first came across this company nearly two years ago, when I heard founder Jay Yadav, M.D., speak at a TAG luncheon, and I’ll be eager to see how their technology has evolved since then. From an EMR perspective, I’m especially interested in where the real-time data goes when a physician receives it. Is it fed into an EMR, perhaps? I’m taking a field trip to the CardioMEMS office next week, so hopefully I’ll find out. I’d also like to get their thoughts on the FDA’s move to regulate mobile health apps, which I assume will impact them in some tangential way.

Cooleaf (@cooleafhealth)
“Cooleaf is the easiest way to enroll in classes and programs for your health while earning rewards. Our mission is to harness the power of classes and programs to enhance the well being of the planet. We founded Cooleaf on the following principles:

  • There is no “one size fits all” solution in health and wellness
  • Living a healthy life should be easy
  • If you live a healthy life, you should be rewarded
  • If you live a healthy life and get rewarded, you should own those rewards
  • If you’re guided by experts face-to-face, you’re more likely to achieve your health goals (and enjoy yourself)”

Certainly the most consumer-oriented of the bunch, the Cooleaf website seems like a great way to get employees engaged in wellness initiatives. I wouldn’t be surprised if a few payers start sniffing around as its user base grows, and resource database moves beyond Atlanta-based locales.

Monocle Health (@monoclehealth)
“Monocle Health Data is the only company solely dedicated to providing independent, unbiased healthcare provider ratings and rankings based on both price and quality, for both episodic care and chronic illnesses.

Monocle’s tools – price rankings, quality ratings and analytics-based reporting – are the foundation of true healthcare price and quality transparency.”

As a patient – especially one who is in need of new family physicians – I am especially interested in transparency. How do the doctors in my area stack up against each other when it comes to patient satisfaction, quality and what my hard-earned dollars will get me? As patient engagement efforts continue to take off, so too I think will provider comparison tools such as this.

Only time will tell which of these Atlanta-based companies will win. I’ll follow up in a subsequent post with the victor’s details, and future plans for continuing to change the landscape of healthcare IT.