BYOD Making Inroads
Network infrastructure is key
By Alexandra Sewell, Executive Director of Enterprise Marketing, Comcast Business
Mobile devices and apps have changed the way we conduct business, and now they’re changing the way healthcare is delivered. In fact, 90 percent of healthcare providers surveyed in the 2015 HIMSS Mobile Technology Survey report that their organizations use mobile devices to improve patient engagement, and more than half report leveraging mobile technology to coordinate or impact patient care.
From quick clinical decision-making and improved staff productivity, to enhanced patient engagement and cost controls, providers have a number of reasons to embrace mobile technology and, along with it, the capability that allows clinicians to use their own mobile devices to deliver care. This bring-your-own-device (BYOD) model lets clinicians do the following, and more:
• Securely access and share EHRs and patient information – even from remote locations;
• Quickly document patient encounters;
• Communicate directly with patients;
• Consult with other clinicians and specialists;
• Conduct remote diagnostics; and
• Receive anytime, anywhere training and education.
Before providers adopt a BYOD policy, however, they must address two key concerns: security and bandwidth.
The addition of mobile devices to an organization’s infrastructure means increased vulnerabilities. Providers need to make sure their communications are secure and HIPAA compliant, including when communicating externally. The underlying data network that provides the connectivity backbone and Wi-Fi access must also be secure. A well-crafted BYOD policy and mobile device management (MDM) system can help ensure the devices of clinicians and staff who participate in BYOD are password protected and can encrypt data.
Providers also must take a hard look at the bandwidth limitations of their internal legacy data networks that support Wi-Fi service. They must determine the viability of existing external networks to keep pace with growing network demand for high-capacity data storage and anywhere/anytime mobile access that works as efficiently from a provider’s office or home as it does in the hospital.
To create an effective mobile technology environment, it’s crucial to adopt a unified, scalable, and secure high-performance network that enables continuity of care across multiple locations.
Ethernet can be the engine that drives mobility by helping to improve productivity and collaboration. Its blend of sheer capacity and scalability makes it ideal to support mission-critical applications for EHRs, PACs, remote diagnostics, and other data-intensive mobile healthcare applications – including cloud-based applications. Data is secure as it travels over a private network (not the public Internet) to and from the data center/cloud provider.
The increasing use of laptops, tablets, and smartphones to deliver quality care places additional bandwidth and security requirements on a healthcare provider’s network. Before moving forward with a formal BYOD policy, healthcare IT professionals must adopt a high-performance network that enables continuity of care across multiple locations and devices.
How-To Guide
Keep medical info secure on mobile devices
A new guide from the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) demonstrates how healthcare providers can make mobile devices, such as smartphones and tablets, more secure in order to better protect patient information and still take advantage of advances in communications technology.
“Securing Electronic Records on Mobile Devices” gives IT implementers and security engineers a detailed architecture so they can copy (or recreate with different-but-similar technologies) the security characteristics of the guide. It also maps to standards and best practices from NIST and others, and complies with Health Insurance Portability and Accountability Act (HIPAA) rules. The guide takes into account the need for different types of implementation for different circumstances such as when cyber security is handled in-house or is outsourced.
The draft was developed by industry and academic cybersecurity experts, with the input of healthcare providers.
The team at the NCCoE built a virtual environment that simulates interaction among mobile devices and an EHR system supported by the IT infrastructure of a medical organization. They developed a scenario in which a hypothetical primary care physician uses her mobile device to perform recurring activities such as sending a referral containing clinical information to another physician or sending an electronic prescription to a pharmacy. Then, using commercially available technologies, they built a solution to improve privacy and security protections.
The draft guide package in PDF form includes: Executive Summary; Approach, Architecture, and Security Characteristics; How-To Guide; Standards and Controls Mapping; and Risk Assessment and Outcomes.
NCCoE is actively seeking comments. Go to “Get the New Health IT Practice Guide” at https://nccoe.nist.gov.
Analytics
IBM provides cyber threat analytics from the cloud
IBM QRadar security intelligence technology is now available through a cloud-based Software as a Service (SaaS) model to help companies prioritize real threats quickly and free up critical resources to fight cyberattacks. Two main services are available:
• IBM Security Intelligence on Cloud helps organizations determine if security-related events are simple anomalies or potential threats. Users can quickly correlate security event data with threat information from over 500 supported data sources for devices, systems, and applications. Data can be presented using more than 1,500 pre-defined reports for use cases such as compliance, vulnerability management, and security incident response.
• Intelligent Log Management on Cloud is designed to simplify security and compliance data collection and reporting. It uses analytics and a hosted, multi-tenant technology to deliver comprehensive compliance with real-time correlation and anomaly-detection capabilities. Through support for more than 400 platforms, security managers can also capture logs from nearly any device in their security operation.
Solutions
Secure Dell Android devices anywhere
Under a new agreement, Persistence technology from Absolute Software will be embedded in the firmware of Dell’s Android devices at the factory. By activating Persistence technology, Dell customers receive endpoint security and data risk management, allowing IT to remain connected with all corporate devices, regardless of user or location. If an Absolute software client is removed from an endpoint, it will automatically reinstall so each device and the sensitive data it contains can be secured. Device data includes asset, status, and location details. Absolute Software, Dell
Imprivata Cortext is a cloud-based healthcare communication platform that enables providers to securely communicate across their mobile devices, tablets, or desktops to better coordinate care. This solution streamlines clinical workflows and enhances provider satisfaction by overcoming the inefficiencies of pagers and other outdated communication technology. Alerts reach every device or desktop the provider uses in real time, which substantially improves response time. Designed to protect PHI, Imprivata Cortext is verified by an independent third-party audit agency for compliance. Imprivata
Have your network hacked
The Cyber Security “Red Team” assessment is a tailored service designed to uncover realistic paths that external adversaries may take to compromise computer systems and networks, steal confidential data, and gain access to facilities. It combines identification of information leaks, analysis of the security of Internet-facing networks, advanced social engineering tactics, and physical security tests at sensitive locations using long-term surveillance and multiple attempts to gain unauthorized facility access. The team reports on critical flaws, highlights potential impact to the organization, and prioritizes recommendations for remediation. Redspin
Managed Mobile Services provide an all-inclusive suite of mobile device and application management tools to help address the concerns of sensitive data in a mobile environment. Clinicians benefit from knowing their private emails, photos, and personal applications are untouched, while IT administrators can help ensure patient data is secure. These mobile services enforce security requirements for your BYOD policy, while providing IT administrators with access to a real-time, easy-to-use dashboard to manage end-user devices. McKesson
Simplify data protection
Unified Security Services feature a pre-configured set of services that are monitored and managed by Verizon. This option, designed to protect the network edge where IP data comes in and flows out of the organization, can help organizations enhance their overall security posture, reduce complexity with remote setup by Verizon’s deployment team, and reduce waste by consolidating multiple security functions into a single service. Three tiers of service are available (basic, intermediate, and advanced) to provide: 24/7 service event monitoring, 24/7 device availability monitoring and alerting, 24/7 access to a security support team, and security device O/S upgrades and patch management. Verizon
University Health System (UHS) in San Antonio, TX, is rolling out the Spok on-call scheduling, secure texting, critical test results management, and hospital call center solutions. As part of the implementation, UHS plans to provide the Spok Mobile secure texting app to 1,600 physicians and residents in the academic medical center and network of outpatient healthcare centers, giving staff the ability to communicate and send patient data and messages securely. There will be an automated, protected process for delivering critical test results, and physicians will be able to connect and consult with each other quickly and easily. Spok
TigerText for the Apple Watch enables users to preview, read, and send secure messages in real time, as well as dictate message replies. Like the TigerText mobile app and Web console, users will also be able to see when a message has been sent, delivered, and read. The TigerText Apple Watch app is fully compliant and allows for the sending of PHI and other sensitive information. TigerText