BYOD Nightmare Perfect Storm of Mobile Devices and Application in Hospitals Neha Patel, MD MS Director of Mobile Strategy and Applications Director of Quality, Section of Hospital Medicine University of Pennsylvania Health System
Agenda Case for mobile strategy in health care Considerations for BYOD in health care Mechanics of UPHS BYOD policy 2
3
Driving factors Mobile devices and apps are ubiquitous Rising demand from patients, providers, and partners for mobile medicine Vendors accept that mobile is inevitable App creation culture expanding at Penn 4
Role for mobile health in hospitals Workaround Culture in healthcare organizations Focus on current, immediate patient care needs rather than on improving system for future patients Fragmented methods of communication and workflow Vicious cycle: bad process workarounds bad process Tethered to desktop Pagers Secured Mobile Paperless handoff Paper handoff Keyhole views Closed loop Real time data 5
Adoption not a problem Medview mobile Cureatr Rolodoc (organic) Carelign iantibiogram 6
Cureatr: secure messaging Mobile, real-time communication for providers HIPAA-secure, Inter- & intra-organization text messaging Web App ios Android 7
Mobile Chart Review & Handoff Tool
PERFECT STORM 9
Penn Medicine current state (July 2015) The Good 4507 Corporate provided Smartphones Mobile Device Management (MDM) Device Encryption Passcode Required Remote Clean/Wipe when Stolen/Lost The Not so Bad 6843 MDM licenses for Smartphones 1387 MDM licenses for Tablets The Ugly Frontline staff are using personal Smartphones (fellows, residents, nurses) in clinical setting 10
Use cases of personal smartphones by clinicians Cellular Medical reference Tactically speaking, bring your own device (BYOD) is an unstoppable user driven force. Texting/Pictures 11
Healthcare institutions are addressing mobility 190 organizations (56% AMC) surveyed in 2015 238 respondents 57% indicated that their organization has a mobile technology policy in place Items included in a Mobile Technology Policy Percent Means of securing devices (i.e. storing information on device) 85% Use of personal devices for clinical/work use 7% Management of lost/stolen devices 86% Ability to access data from remote locations 72% Types of applications approved for use 49% Brand/version of device 36% 86% including in future work Source: 2015 HIMSS Mobile Technology Survey. 12
Penn Medicine mobile device strategy While we work through the development of a mobile device strategy, there is an immediate need to manage users across the organization who currently use personal devices to access Penn Med business and clinical applications. Develop policy Enable mobile productivity Configuration standards Manage mobile risk Locate lost/stolen devices Device encryption Control Penn Medicine data moved to mobile environment 13
Considerations of a Bring Your Own Device policy Privacy and security Financial considerations Stipends Reimbursement User categories Devices and level of support 14
Close the gap between perception and reality when it comes to privacy and information protection on mobile devices Balance information protection and privacy interests in your mobility programs Less Privacy Expectations Corporate Provided Joint Ownership Personal Phone More Privacy Expectations 15
16
Containerization Strengths Enables separation of business and personal applications and data so that a single device Helps an enterprise manage the risk of sensitive data exposure through authentication, encryption, selective wipe and data use controls Provides a common user experience across multiple devices Potential to reduce enterprise support costs for mobility Weaknesses User experience is not the same as native applications on the device UI still has a poor reputation Users do not like the process of switching between the container and the main user screen Do not support the complete separation of phone and texting functions on mobile devices Can provide a single sign on capability across multiple applications 17
Privacy and security addressed in Penn Medicine s BYOD policy We bear the burden of establishing our employees privacy expectations when it comes to mobile devices and so offer two options for BYOD users: 1. Current Mobile Device Manager (Default) 2. MDM Containerization (Opt in) Workspace on the device that is defined and managed by IS Device (Personal Apps and Data) App App App App Data Container (Business Apps and Data) App App App Data 18
Beware: personal information IS sacred Data that is monitored Who What Data that can be wiped Selective wipe 19
Trojan horse strategy for shifting costs to employees? Corporate issued How much will be spent on each device Cost of a fully subsidized data plan Cost of recycling devices every few years Warranty plans IT time and labor in managing the program BYOD Cost of a partially subsidized data plan Eliminates cost of the device purchase Cost of mobile device management 20
Models to finance BYOD Employee pays Employees are responsible for all costs related to operating the device they own. Company pays service plan Company reimburses employee Company pays all operational costs associated with the employee owned device. Allows the enterprise to aggregate voice minutes and data usage, which often allows the enterprise to negotiate lower overall rates Requires regular payments to an employee that are designed to offset the cost of service plans and other operational investments May be considered taxable revenue Employee reimburses company Company makes the payments for the service plan and other costs and deducts them from an employees pay 21
Financing BYOD from the employer side Stipend: a fixed sum paid periodically (usually monthly) to defray a specific expenses; it is usually added on to an employee s regular pay as a gross up on their paycheck Reimbursement: a payment to the employee for a business expenses, typically after the expenses has been incurred and in response to the employee filing an expense report. Allowance: a fixed amount of money allocated on a periodic basis (often per year) for an employee to spend on specified goods or services related to his or her job. Advantage Disadvantage Fixed Payment (Stipend or Allowance) Low process overhead (just add to paycheck) No action is required on the user s part to initiate the payment Payroll tax implications for the organization Tax implications for the users (potential for income, social security, Medicare, and state taxes) Reimbursement Provides the user a chance to substantiate the expense Avoid taxes on reimbursement Increased process overhead for organization Administrated work for user (required to submit a bill) 22
Pay up: Is the free ride over for Corporate BYOD? 23
24
User categories for UPHS BYOD policy The BYOD program is intended to be voluntary for exempt employees. Incentive to enroll will be access to apps that add value to workflow Eligibility for participation in the BYOD Program will be assessed by the user s department manager. There is a justifiable business requirement for having mobile access to Penn Medicine information The user has elected to use his/her own device Human Resources approval is required before a nonexempt employee may participate in the BYOD Program 25
BYOD Initiatives Take on a variety of different approaches We are here INFORMAL Users can access apps and data from their personal device FORMAL BYOD policy, stipend, selfservice web site and support 26
Barriers to use of mobile technology Lack of Funding Limited Incentives for Use Immaturity of Vendors Lack of Standards/Interoperability Lack of IT Staff Inadequate Privacy/Security Lack of Staff Expertise Challenges Regarding Wireless Capabilities Lack of Executive Support Clinician Resistance to Technology Doesn't Fit in Workflow 13% 36% 32% 32% 32% 29% 27% 24% 22% 20% 51% N = 231 Source: 2015 HIMSS Mobile Technology Survey 27
Penn Medicine mhealth Governance focus Smartphones >> Tablets Corporate-BYOD Policy setting (security, eligibility) Infrastructure & Support Financial implications Mobile Devices Mobile Applications Functionalities Secured messaging Directory/schedules Workflow Resources Software Architecture Native vs Web App 28
Apps will change care delivery Courtesy of Glenn Steele, CEO of Geisinger EHR World Today The Future Benefits Data dispersed, not easily found, Useless Copy and Paste Workflows not efficient or userfriendly Minimum analytically supported clinical decision support Data extracted, reorganized and presented in a userfriendly way Workflow facilitated via clinical logic; results of analyses integrated into workflow Decision support based on analysis of data outside and inside of EHR Saves clinician time Improves quality of care Easier and less expensive to employ Difficult to implement changes Easy to program changes Increase coding scores and documentation requirements
Considerations of leveraging mobility in healthcare Design for today but need to anticipate tomorrow Develop and invest in existing talent (PI specialists, clinicians, designers) Incremental build start with an idea/prototype and get it into hands of frontline providers Build vs buy decisions Lack of scientific evidence to measure the efficacy of mobile apps Measure what we can, but not what counts Develop evaluation criteria focused on business cases and patient care benefits EMR integration To do or not to do Accept timeline of vendors? Partnership between Clinicians and IS 30
Join us Neha.Patel@uphs.upenn.edu 31