Guide to mobile computing: Q&A with Zebra’s Chris Sullivan

Aug. 9, 2017

HMT reached out to Zebra Technologies to ask about mobile computing in addition to the companies featured in the August edition. Here’s what Chris Sullivan, Global Healthcare Practice Lead had to say.

What is your current security protocol or suggestion regarding mobile devices?

To properly implement and monitor mobile devices and mobile device service providers in a healthcare environment, a risk management process should be employed once it’s determined how the component/service will be used and managed. For example, in a situation where malware has been downloaded onto a mobile device that processes Electronic Protected Health Information (ePHI), a risk analysis would determine the appropriate remediation/mitigation based on the device’s capabilities, configuration, and the operational environment prior to the download. The risk analysis would positively ensure compliance with the HIPAA security rule that requires reviewing and modifying security policies and procedures. Device capabilities play a critical role in assessing threats and developing a mobile device security policy. What if the device cannot prevent copying data?  What if an interface cannot be disabled? Can a denial-of-service (DoS) attack be created by simply powering down the device? By asking these types of questions as part of the assessment, the resulting policies have meaning and can be easily interpreted by employees during training.

Do you recommend that staff use their own devices, or should devices be provided?

Healthcare organizations should provide staff with enterprise-owned and managed mobile computing devices. This best practice behavior helps establish effective and unified communication systems across all employees, reduces cybersecurity risks, decreases the workload and pressure on the information technology staff, and allows for the use of healthcare-specific devices and solutions.

How is mobile computing bettering the healthcare experience? 

Mobile computing improves the communication capabilities of healthcare professionals and enables them to reach their co-workers in real-time via texting or voice/phone interactions. Enhancing communication between colleagues improves the clinical integration between the various specialists in the healthcare environment. In addition, mobile computing can increase efficiency such as retrieving patient health information from the healthcare network enabling nurses and clinicians to enhance the patient experience and spend more time focusing on the patient. Mobile computing also enables clinicians to consolidate numerous disparate devices such as pagers, phones, scanners, and cameras into a single unified healthcare-specific work tool. This streamlines workflows, simplifies tasks, and increases productivity.

What are the biggest challenges surrounding mobile computing in the HIT field?

Management of mobile computing devices and the availability and quality of medical professional apps are huge issues.  Exposure to liquid spills, dust, and physical drops can shorten the life expectancy and increase the total cost of management expenses for a mobile computer. Bacterial infection risks and the potential for mobile computing devices to contribute to hospital-acquired transmitted infections are also cause for concern, especially if not properly managed. Both of these can be mitigated by selecting an enterprise-grade mobile computing device designed for the healthcare environment. Other challenges include issues with Wi-Fi connectivity within a hospital environment that can compromise voice quality and result in dropped calls. Cybersecurity and ransomware attacks on mobile computing devices can also be an issue but are offset by properly understanding the role of mobile computing in a healthcare environment.

What advice do you have for training staff for being cognizant of the potential threats to security with mobile devices?
As part of an existing security program, training on potential threats to mobile devices should be mandatory and an extension of existing training surrounding other information systems.  Malicious attackers can gain access or deny services in numerous ways through viruses, email hacking, social engineering, etc. However, most of the threats to mobile devices come from two sources: software loaded onto the device and from web services.  Users must understand that any software being downloaded to a device can potentially be harmful, and only trusted stores should be accessed. Links in any form of communication (email, SMS) to unknown sites should be scrutinized before following.  Many general computing security paradigms directly transfer from the desktop environment to the mobile environment so additions to existing training can be leveraged.

How are operating system challenges best dealt with?

Device features rely on OS services meaning the device drives the OS decision-making process in order to match the features to the device’s task. Remaining current with the latest patches is the best method as a continuous software update program provides the most protection from known vulnerabilities.  Today’s converged environment warrants the need to protect the confidentiality and integrity of all services which typically rely on the latest OS to provide availability. This limits the window of vulnerability from the last update. However, updating can be expensive if the environment is not designed to accommodate updates.  By securing the device to perform a specific function or set of functions that are impervious from any threat, updates can be minimized but not negated.  Hence the logic that if you must update, do it frequently and be good at it.

Please feel free to tell us anything else about mobile computing you’d like to give insight on.

Mobile computing devices are increasingly playing a critical role in the overall coordination and delivery of patient care as the convergence of electronic health information systems, IoT, cloud computing, big data analytics, and mobile technologies fuse together. The healthcare mobile computing device of the future will not only serve as an employee communications platform, but also as a data capture device for barcode scanning and patient images, a data retrieval tool for patient health information and clinical decision support tools, and a smart, situationally aware workflow efficiency tool. Many of tomorrow’s mobile computing solutions will help keep the clinician with the patient, enhance their decision making while they are with the patient, and contribute to a higher quality and more rewarding overall patient experience.

Sponsored Recommendations

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...