● BYOD (Bring Your Own Device)
User-centric IT It’s about the user … then the device. By Michael Rice
ealthcare organizations are struggling to satisfy the demands of clinicians and other healthcare workers who want to use their device of choice to perform work and access personal and confi -
dential protected health information (PHI). Regardless if these devices are employee owned (bring your own device, or BYOD) or corporately owned personally enabled (COPE), employees want a simplifi ed approach to working digitally that saves them time and doesn’t require them to carry multiple devices for personal or work use. It’s a balance for IT, and one that is diffi cult to strike when you consider that healthcare is a highly regulated space with precise compliance requirements (HIPAA, HITECH, etc.). IT must fol- low strict protocols when reportable data breaches occur, such as unauthorized access of data (patient, payment and employee), as well as dealing with email security and the criminal activity that may result following a security breach. Although the user may be able to select a work device, ul- timately it will be up to IT to ensure the sensitive patient and healthcare data it contains is secured and risk is minimized. It’s the responsibility of IT to develop a mobility strategy. If the focus is purely on management and security, the list of supported devices may consist of, for example, a PC and a BlackBerry. But in today’s BYOD/COPE environment, the user has a vote, which means that IT must support a much longer list of form factors and operating systems. Typical use cases are driven by the needs of users to access patient data quickly and easily – on site and remotely via their device of choice. But the expansion of healthcare IT beyond a single type of computer and smartphone device cannot be attributed to the whims of the end user. Instead, it’s a refl ection of the fundamental changes that have occurred within healthcare as a business. In the past decade, healthcare has been redefi ned as a result of business decisions based on safety, patient care, profi tability and effi ciencies. Government is pushing healthcare out of the hospital and into the home, where patients are more comfortable and the costs of treating them are typically 50 percent less. One of the fastest growing segments in healthcare is alterna-
tive care, which includes infusion clinics, homecare and visiting nurses. Even the traditional model of healthcare has undergone
8 February 2013
Michael Rice is healthcare business development manager, Absolute Software. For more on Absolute Software: www. rsleads.com/302ht-201
technical transformation, with many organizations transitioning from pagers to smartphones, tablets and other devices. So healthcare has gone mobile, and if IT is going to properly
secure and manage the endpoint (and the protected health infor- mation, or PHI, it contains), then they need to build a mobility strategy based on the needs of the user. Eff ective mobility programs don’t focus solely on the hardware
and related security. Instead, they focus on the end user, in particu- lar how the device will be used and how it can create effi ciencies in the employee’s day-to-day work.
A clinician may need to access patient data on his iPad while
doing rounds on the hospital fl oor. Visiting nurses may need to input and upload patient data using an ultra-portable device while they are on the road. If IT limits the types of devices available to these employees, then it’s likely the employees will be limited in how well they can perform their work. On the other end of the spectrum are healthcare employees who do not require access to sensitive information and pose a low risk to IT. With diff ering levels of service and security, healthcare mobility policies must be built based on users, not devices, since it’s the users that will determine the type of work that’s done, the data that’s accessed and the effi ciencies they can ultimately deliver to the business.
A successful mobility strategy will accommodate the perspec-
tives of both IT and end user, regardless if the environment is COPE, BYOD, or a mix. If users are properly supported, and access to data is eff ectively managed, the device is simply the result of the program. By understanding how the employee will use the device, IT will be able to determine details of strategy, including individual credentials, permissions, appropriate confi guration profi les and acceptable protocols in the event of a security incident. Once users are satisfi ed, it will be easier for IT to control sensitive healthcare data while providing employees with the fl exibility they need to do their jobs well and effi ciently. Once IT has identifi ed their user-centric mobility strategy, the
appropriate technology to support it is imperative. Look for a mobile device management (MDM) solution that allows for multiple user profi les and groups, secure document sharing and distribution, and automated security protocols to lock and wipe at-risk devices.
HMT HEALTH MANAGEMENT TECHNOLOGY www.healthmgttech.com