CIOs agree that the issue of data security around the use of mobile carts is a multi-faceted one, and in fact, they say, security considerations cut different ways. On one level, for example, is the choice of whether to put fully loaded laptop or notebook computers on mobile carts, versus “dumb” terminals, usually with flat screens, that can only operate within very defined physical parameters. In fact, all those CIOs interviewed for this article whose organizations deploy laptops or notebooks also make use of proliferating technologies that can automatically shut down those computers if they are stolen or used by unauthorized persons, and which can sometimes also even send GPS-facilitated locationing messages to the IT department.
But as smaller mobile devices evolve forward into the marketplace, CIOs’ calculations around mobile computing security become that much more complex. Which is preferable, for instance - to deploy locked-down computer carts within a facility, or to begin to allow clinician end-users to use certain kinds of applications on handheld mobile devices, such as iPhones, iPads, and others, following careful policies and procedures? CIOs are only beginning to figure out the answers to those questions.
What's clear is that security remains of paramount concern. “Right now, we use quick time-outs, between two and 10 minutes, depending on the unit,” reports David Muntz, senior vice president and CIO of the Baylor Health Care System, a 14-hospital system based in Dallas. “We also use a commercial device locator technology on all our laptops, so that if a laptop is stolen and the person who stole it fires up the Internet, the laptop will ‘phone home’ to us. And then we send the police out.” Further, Muntz says, “We'Re about to go to a virtual desktop, so that the end-user will put their ID badge into an authentication device, and if they need to quickly take their card out and run somewhere, in an emergency, for example, the device logs out automatically; and then they can sign into any other device and start up again exactly where they were in their computing. That's very cool.”
The ongoing advance of such technologies is easing the security concerns around laptops on carts that had bedeviled their deployment several years ago. Of course, many hospital organizations are also continuing to lock down their laptops in some physical fashion, as with lock-bars strapping the computers onto the carts, for added security.
The question, some CIOs say, is whether and how the calculations they'll have to make around the security of handheld devices will change how they view mobile computing cart security concerns. For some, like Gregory Veltri, vice president and CIO of the 500-bed Denver Health, a public hospital in Denver, Colo., the security concerns around the new smaller devices are daunting. “The iPad is still on a cell phone OS,” Veltri notes. “If you'Re not too worried about security or your data lock, maybe you might try iPads, but…” His voice trails off as he ponders the potential security breaches. The iPad and iPhone particularly concern some CIOs, including Jim Venturella, CIO, hospital and community services, at the 20-hospital University of Pittsburgh Medical Center health system. Venturella contrasts the more open platform of the Apple devices with the tight security he says he and his colleagues have maintained on behalf of Blackberry users. He adds, however, that “Our security team did review the iPad for access to our wireless network directly, and they've signed off on the use of the iPad here.”
There is as of yet no consensus on how all these issues will play out, or indeed even on whether the security issues around handheld mobile devices will change how CIOs and their teams view the security of laptops on carts. The only thing that is absolutely clear, everyone agrees, is that the security question, like all other questions in the mobile computing area, remains fluid and constantly changing.
Healthcare Informatics 2010 July;27(7):30
