● Tablets “It’s part of our HIPAA security program,” T omas said.
“T e actual EHR is accessed via a VDI [virtual desktop in- frastructure] session or Terminal Server session, and patient data never touches the actual device. We gain the benefi ts of mobility and battery life, but the security advantages of data separation. We are currently about to start a pilot program for a native iPad EHR app and will have a PACS iPad app in place Q1 2014, so we’re shifting more towards ways to create secure containers on mobile devices since the access method is changing.” “We have a guest network available for patients, but staff use our corporate WIFI and authenticate via 802.11x with their AD credentials,” T omas explained. “T is allows us to tie IP addresses to users and devices for management and reporting purposes. We run all traffi c through a Dell SonicWall fi rewall and fi lter traffi c for malware, content, and applications, both on the guest and corporate networks. Our networks are also monitored by Dell SecureWorks to add an additional set of eyes to our security. We don’t fi lter traffi c to be harsh to employees. It’s primarily to make sure that streaming audio and video does not eat up all of our bandwidth and that patient information does not get sent outside of our organization insecurely.”
Do you make employees sign an agreement allowing remote wiping of the device should it be lost? It is not a question of if a device will go missing. It’s a ques-
tion of when. While minimizing the amount of data stored on local devices is one solution, it is impossible to eliminate all of it. So what happens if a device is lost or stolen? T e main concern shifts from the actual device and focuses on the data. T ere are several third-party services available that claim they can track and help recover missing devices, but the data on the device should be the biggest concern. T ese third-party services also come at a cost. In 2011, the FBI con- cluded that just 12.7 percent of burglary cases were cleared. T e popularity of mobile devices makes them a prime target, and once stolen they are typically off -loaded quickly. Device
manufactures realize this and are working to help minimize theft. Apple’s new iOS7 requires users to enter their password in order to turn off the native Find My iPhone/iPad feature. T is means that when a device is lifted, the crook cannot disable the GPS location feature without the user’s password. Remotely wiping the data is an excellent way to minimize stolen data. If the device is owned by an employee, the question of policy comes into play. T omas explained that GCHS’ BYOD policy allows the organization to wipe a missing device remotely. He also en- sures that his IT staff trains employees on how to remotely wipe their devices. Actually showing employees what button to press to execute a remote data wipe increases the chances that they will actually do it. Just mentioning this feature is not nearly as eff ective.
How do you overcome the hurdles of interacting with EHRs and recording clinical notes on a tablet? Tablets have come a long way since their conception. T ey
now include keyboards, built-in cameras, and microphones, and can be comparable to a laptop or desktop in certain situa- tions and confi gurations. But in a healthcare setting, are tablets enough to handle everything? “We approach those two issues (interacting with and record- ing notes) by separating them,” T omas said. “Our mobile devices are not intended at the moment to be complete replace- ments for full workstations, but rather a more fl exible way of approaching care. T ey are displays with reduced weight and longer battery life, and most of our physicians and clinicians treat them as such. T ey navigate the electronic chart via touchscreen and pull up relevant information for the current patient visit. In some instances, they will perform some mini- mal documentation, such as issuing an e-Rx or an order, while other physicians choose to do more extensive documentation on the devices. It’s really a matter of physician comfort. “Regardless of how they choose to interact with our EHR system, all physicians have been provided with a workstation in their offi ce loaded with a voice recognition program to give them point-and-click, keyboard-based, and voice-based data entry options.”
Cost? Dollars-wise, what makes sense for your organization?
An upside of using a BYOD program is reduced cost and Surface 2 photo courtesy Microsoft 16 December 2013
increased staff buy-in. If a staff member picks out his or her own piece of equipment and pays for it, IT departments can benefi t greatly. Green Clinic Health Systems feels the benefi ts of BYOD outweigh the negatives. “Right now our BYOD program is entirely staff driven, which is why we are very fl exible with our support,” said T omas. “Mobile devices aren’t that expensive nowadays, and
HEALTH MANAGEMENT TECHNOLOGY www.healthmgttech.com