How To Manage Mobile Device Management In Healthcare

Similar documents
Insert Partner logo here. Financial Mobility Balancing Security and Success

Mobile Device Management (MDM) Policies. Best Practices Guide.

11 Best Practices for Mobile Device Management (MDM)

Document Sharing on Mobile Devices. Securing Productivity on the Go!

MaaS360.com > White Paper. Mobile Data Security. Finding the Balance

MaaS360.com > White Paper. Cloud-based MDM Makes the Grade in Education.

Btech IT SECURITY SERVICES. Financial Mobility Balancing Security and Success

Mobile Device Management (MDM) Policies

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Mobile Device Management Glossary.

IBM MobileFirst Protect (MaaS360) Mobile Enterprise Gateway Migration Guide

Using the Apple Configurator and MaaS3360

Advanced Configuration Steps

Healthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service

Document Sharing on Mobile Devices: Securing Productivity on the Go!

The Maximum Security Marriage:

Mobilize Your Corporate Content and Apps Enable Simple and Secure Mobile Collaboration for Business.

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

How Technology Executives are Managing the Shift to BYOD

Cloud Backup and Recovery for Endpoint Devices

Extending Compliance to the Mobile Workforce.

The Impact of HIPAA and HITECH

Learn More MaaS360 Cloud Extender Checklist (MDM for Blackberry)

M a as3 6 0 fo r M o bile D evice s

Addressing NIST and DOD Requirements for Mobile Device Management (MDM) Essential Capabilities for Secure Mobility.

Apple Push Notification Service (APNS) Creation Guide

IT Resource Management & Mobile Data Protection vs. User Empowerment

Sophos Mobile Control User guide for Apple ios. Product version: 4

EXECUTIVE SUMMARY Cloud Backup for Endpoint Devices

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment Adaptive Network Security...

WHITEPAPER. Addressing Them with Secure Network Access Control. Executive Summary... An Evolving Network Environment... 2

6 Pillars for Building a Successful BYOD Program. Protecting corporate assets while increasing employee productivity

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

An ICS White Paper. Mobile Device Management for the Agile Enterprise

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

Workarounds in Healthcare, a Risky Trend. Produced by. media

Sybase Afaria. Comprehensive Management and Security for the Mobile Enterprise PRODUCT BROCHURE.

6 Things To Think About Before Implementing BYOD

Securing BYOD With Network Access Control, a Case Study

VMware Point of Care Solutions. for Clinicians and Caregivers

How To Protect Your Data From Being Hacked

Easing the Burden of Healthcare Compliance

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

Securing Healthcare Data on Mobile Devices

IT Resource Management vs. User Empowerment

Mobile Device Management for CFAES

Compliance Rule Sets in MaaS360

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012

MaaS360 Mobile Enterprise Gateway

McAfee Enterprise Mobility Management

Security and Privacy Considerations for BYOD

Gartner's View on 'Bring Your Own' in Client Computing

Boost Healthcare Security and Patient Care with Imprivata Enhanced VDI

5 HIPAA-Compliant Best Practices for Mobile Devices in Healthcare

How To Manage A Mobile Device Management (Mdm) Solution

Managing Mobility. 10 top tips for Enterprise Mobility Management

HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP

MaaS360 Mobile Enterprise Gateway

Symantec Mobile Management 7.1

Cisco BYOD Smart Solution: Take a Comprehensive Approach to Secure Mobility

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

How To Protect The Agency From Hackers On A Cell Phone Or Tablet Device

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP

Guideline on Safe BYOD Management

Kaseya White Paper. Managing the Complexity of Today s Hybrid IT Environments

Mobile Device Deployments-The Security Dangers of Technology on the Go

Athena Mobile Device Management from Symantec

MaaS360 Secure Productivity Suite (SPS): Secure Container User Guide

CA Technologies Healthcare security solutions:

Healthcare Buyers Guide: Mobile Device Management

SOLUTION CARD WHITE PAPER. What is Fueling BYOD Adoption? Mobile Device Accountability and Control

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)

How To Support Bring Your Own Device (Byod)

"Secure insight, anytime, anywhere."

Sophos Mobile Control User guide for Windows Phone 8. Product version: 3.5

When enterprise mobility strategies are discussed, security is usually one of the first topics

Hoster Improves Remote Access, Increases Revenues with Virtualized Desktop Solution

Enroll a Windows Phone 8 Device

Featuring industry research by. Produced by

HIPAA Myths. WEDI Regional Affiliates. Chris Apgar, CISSP Apgar & Associates

WHITE PAPER SOLUTION CARD. What is Fueling BYOD Adoption? Mobile Device Accountability and Control

ios Enterprise Deployment Overview

efolder White Paper: HIPAA Compliance

Consumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions

White Paper. Identifying Network Security and Compliance Challenges in Healthcare Organizations

How To Secure Your Mobile Devices

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice

Five Best Practices for Secure Enterprise Content Mobility

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

How To Use Isalus Officeemr

HELPFUL TIPS: MOBILE DEVICE SECURITY

Copyright 2013, 3CX Ltd.

Everything You Need to Know About Effective Mobile Device Management. mastering the mobile workplace

HIPAA Myths. WEDI Member Town Hall. Chris Apgar, CISSP Apgar & Associates

Overview of the HIPAA Security Rule

trends and audit considerations

Am I a Business Associate? Do I want to be a Business Associate? What are my obligations?

Mobile Device Strategy

Transcription:

HIPAA! HITECH! HELP! Mobile Device Management (MDM) in Healthcare www.maas360.com

Copyright 2014 Fiberlink Communications Corporation. All rights reserved. This document contains proprietary and confidential information of Fiberlink, an IBM company. No part of this document may be used, disclosed, distributed, transmitted, stored in any retrieval system, copied or reproduced in any way or form, including but not limited to photocopy, photographic, magnetic, electronic or other record, without the prior written permission of Fiberlink. This document is provided for informational purposes only and the information herein is subject to change without notice. Please report any errors to Fiberlink. Fiberlink will not provide any warranties covering this information and specifically disclaims any liability in connection with this document. Fiberlink, MaaS360, associated logos, and the names of the products and services of Fiberlink are trademarks or service marks of Fiberlink and may be registered in certain jurisdictions. All other names, marks, brands, logos, and symbols may be trademarks or registered trademarks or service marks of their respective owners. Use of any or all of the above is subject to the specific terms and conditions of the Agreement. Copyright 2014 Fiberlink, 1787 Sentry Parkway West, Building Eighteen, Suite 200, Blue Bell, PA 19422. All rights reserved. 2

HIPAA! HITECH! HELP! Mobile Device Management (MDM) in Healthcare Table of Contents Mobility Puts PCs to Pasture with the COWS... 4 Patient Safety and Care Come First... 5 HITECH & HIPAA Demand Security... 5 Categories of Mobility Management... 6 The MDM Solution... 6 MDM in the Cloud... 7 Laying Out the MDM Strategy... 8 MDM in Action... 9 3

The FCC is pursuing a health strategy fostering fast-paced innovation of wireless networks, medical devices, and mobile apps The number of mobile devices in healthcare facilities is increasing rapidly, as is the diversity of mobile platforms, operating systems (OSes) and communication methods that need to be supported by these organizations. In fact, in remarks made at George Washington University Hospital in Washington D.C., FCC Chairman Julius Genachowski said that healthcare is being transformed by broadband, and called out wireless and mobile in particular. For its part in this transformation, Genachowski said, The FCC is pursuing a health strategy with three key components: promoting connectivity; fostering fast-paced innovation of wireless networks, medical devices and mobile apps; encouraging greater adoption of life-saving health technology; and ensuring that spectrum is optimally allocated and managed. So on the outside, infrastructure and promotion is progressing, but what does mobility in healthcare look like from the inside? A recent poll of managed Healthcare providers by the Aberdeen Group found three clear expectations for mobile healthcare technology: stem the rising costs of healthcare processes, improve staff productivity, and decrease the entry erroneous data. To understand where mobility is headed though, it would first help to remember the mistakes of the past. Mobility Puts PCs to Pasture with the COWS In the past, technology in healthcare settings was limited to desktops and workstations. Then there was a move to make computers on wheels (COWS) the standard for healthcare technology mobility. COWS were desktop-type computers affixed to carts that would be travel from nurses stations to patients rooms. Their popularity was short lived, though, primarily due to the cumbersome nature of the units and the increasing availability of newer, more mobile technology, such as laptops. Now, despite their portable nature, even laptops are becoming obsolete. With anytime, anywhere access to patient data becoming the standard, agile mobility is seen as a must. In addition to the fact that doctors like to bring their own devices (BYOD) to work, this has made smartphones and tablets the most popular mobility tools in the industry. In using these devices, the providers are also using a variety of apps. They want the same ease of use, functionality and access that an app gives at work, too. The ipad is becoming the new patient chart. And patients, too, are using apps to manage their health, connect with their providers and access their own records. 4

More and more sensitive information, both facility and patient information, ends up on these devices. Patient Safety and Care Come First Improving patient safety is driving adoption of mobility in healthcare. According to a U.S. Department of Health and Human Services report ( Reducing and Preventing Adverse Drug Events to Decrease Hospital Costs ), the number and severity of patient safety incidents can be significantly reduced with the use of automated detection and computerized records. Electronic access to information reduces the potential for errors, since information is no longer transcribed by hand from document to document. Increased safety means improved care and outcomes as well. For example, mobile devices provide easy, quick and accurate access for physicians and other healthcare providers to nurses notes, lab results, patient history and more, for a more productive and efficient patient visit, and more timely decisions about care. This information can easily be shared across the organization and to other providers who may be working with the same patient. With the low cost of smartphones and tablets, compared to desktops and laptops, healthcare facilities can realize a cost savings in both a corporate liable and BYOD environment where the users are responsible for the costs of replacing their devices. HITECH & HIPAA Demand Security So far the case for mobility in healthcare is solid with uses across the organization, for the many disciplines and for the patient as well, but in this highly regulated industry, mobility faces some tough challenges. Security is the largest concern from an IT standpoint making sure the healthcare workers who are using the devices are in compliance; that the medical records they access are logged. It s important that the movement and use of any data is constantly tracked and logged, especially when it comes to a lost or stolen device, or if an employee is no longer eligible to view the information, says Chris Hazelton, Research Director, Mobile & Wireless, 451 Research. Yet, as devices proliferate, IT departments struggle to manage security policy and technology. More and more sensitive information, both facility and patient information, ends up on these devices. Of particular concern for healthcare facilities are the requirements of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). The potential for risk of patient and healthcare data privacy is tremendous and non-adherence to these strict government regulatory requirements can result in severe financial penalties and damage to a provider s image. 5

MDM is software that secures, monitors, manages and supports mobile devices that are deployed across mobile operators, service providers and enterprises. HITECH, enacted as part of the American Recovery and Reinvestment Act of 2009, focuses on patient care and safety and clinical efficacy. According to the U.S. Department of Health & Human Services (HHS) most breaches reported to HHS so far under the HITECH Act have been theft or loss of mobile computing devices, resulting in the exposure of millions of patients protected health information. Categories of Mobility Management Security across platforms adds another level of complexity as does the mix of user-owned with facility/corporate owned devices. BYOD leads to the expectation of support, but many businesses have only one standard corporate platform. This is not uncommon, but is just one of four models that the Healthcare Information and Management Systems Society (HIMSS) sees in its observation of the industry. (HIMSS, a not-forprofit organization, is focused on providing global leadership for the optimal use of information technology (IT) and management systems for the betterment of healthcare.) 1. Ad-hoc: Workers bring their own devices unbeknownst to the healthcare organization which has no official policy. 2. Uncontrolled: A mix of formal and undocumented policies and a combination of ownership. Support is also fairly undefined and provided by the user/owner, the providers IT department, the carriers and the manufacturers. 3. Controlled: Policies are defined and enforced. Ownership is also defined but is both BYOD and corporate liable. Apps are usually managed by the enterprise. 4. Owned by the enterprise: The business issues, manages and supports the devices and apps. The MDM Solution So how does a healthcare facility/provider easily get from the first category to the fourth? Mobile Device Management (MDM). MDM is software that secures, monitors, manages and supports mobile devices that are deployed across mobile operators, service providers and enterprises. The purpose of MDM is to provide security on a mobile communications network, doing so while supporting multiple devices, which may be facility-owned, user-owned or a combination. MDM functions include over-the-air distribution of apps, as well as data and configuration settings for all types of mobile devices, including smartphones and tablets. MDM can manage all of the exponentially growing devices and data in healthcare today, explains Neil Florio, vice president of marketing at Fiberlink, an IBM company. For example, a doctor is at a patient s bedside and then decides to go to lunch. Then by pure accident the doctor leaves behind her ipad. She has not only left behind a $500 device, but all of her patients records along with it. Without MDM, someone could walk away with the device and gain access to all of the highly confidential data that it holds. With MDM, the doctor can report the loss to IT, and all patient data can be wiped clean saving the organization hefty compliance fines and reputation loss. 6

In healthcare facilities, you often have a lot of employees who are transitional. According to a recent Gartner report ( Magic Quadrant for Mobile Device Management Software ), a fully-managed mobility solution cuts across standard MDM and telecom expense management and includes: Software distribution: The ability to manage and support mobile application, including deploy, install, update, delete or block Policy management: The development, control and operations of enterprise mobile policy Inventory management: Beyond basic inventory management, including provisioning and support Service management: Rating telecom services MDM in the Cloud Fiberlink s MaaS360 product, using a cloud-based delivery model, manages and secures all types of mobile device platforms used in healthcare facilities and enables compliance with HIPAA and other regulations, satisfies auditors and reduces the cost of managing mobile devices. It provides users with the flexibility to work anywhere, any time and IT with the tools to secure, monitor and maintain the mobile assets on the network, including facility- and user-owned devices. With MaaS360, you can configure devices over the air, track assets across your organization, secure access to sensitive patient data, distribute apps and documents, and ensure devices are compliant with healthcare institution policies and industry standards. Ultimately, MaaS360 helps healthcare organizations meet the strict regulatory requirements surrounding these mobility initiatives. Selective wipe is one of the most important features. If a doctor is using her own device, she may have a lot of his own personal data on it as well. With other MDM solutions and approaches, if a device needs to be wiped, the user loses everything. MaaS360 compartmentalizes personal data from professional and patient data to prevent this. Hazelton recommends the cloud for MDM in this industry. In healthcare facilities, you often have a lot of employees who are transitional. They may come in for short periods of time, or they may work for multiple organizations. It can be a challenge to support this transitional staff structure. Having the cloud capability, so you can scale up or down to support the users as you need, can be a real benefit. If you are able to find a cloud service that has an initial lower cost and initial set-up for additional devices, this can be a significant advantage, versus premises-based. 7

Laying Out the MDM Strategy As a healthcare facility or provider, ask the following questions when considering MDM: What kinds of devices (and how many) are going to be on the system as it is rolled out, and what kinds of devices (and how many) are anticipated in the future? Who in the organization will be able to use a mobile device and what type of support will they get from IT? What level of security policy management are you going to need to require of the MDM system? What device features do you need to restrict for certain employees? What apps and data are currently needed on the devices, and what may be required in the future? What type of mobility operations and compliance reporting do you need? Initially, the most important concern, according to Hazelton, is to make sure that the MDM offering meets the requirements of regulations, including a controlled BYOD program. After that, it is important to consider applications, especially electronic health record applications. A lot of facilities are rolling out apps to help the healthcare workers, and there are usually one or two that are large, system-wide applications. However, over time, as healthcare organizations begin to get their hands around mobility, you may begin to see additional smaller apps, possibly many dozens, being used by different departments. As a result, they will need greater capability within their MDM offering. It will involve more than just being able to lock down devices, but controlling the apps and making sure that they are being used correctly, especially in terms of following the required regulations. 8

Once it became known that these apps were available for handheld devices, we saw an avalanche of them being brought in, particularly iphones and ipads MDM in Action As part of Australia s largest not-for-profit healthcare provider, St. Vincent s Hospital in Australia offers bestin-class services, facilities and expertise, along with educational opportunities, to residents of Sydney and New South Wales. The hospital wanted to automate many of its clinical systems and begin porting them to the smartphones and tablet devices on which many of their staff had begun to rely. This development included apps that presented test results and correlated them to patient histories, and one that provided instant access to radiological and other scans. Once it became known that these apps were now available for handheld devices, we saw an avalanche of them being brought in, particularly iphones and ipads, said Peter Param, manager of IT security. We had quite a mix of devices in use at the hospital, from those distributed by us to personal ones brought in by the clinical and administrative staff. We needed to act quickly to be able to manage their use securely. Param and his team selected Fiberlink s MaaS360 for its cloud deployment model and resulting efficiency in deployment management. With MaaS360, there were no servers to install, no configurations or infrastructure changes, and no investment in expensive business software. The hospital also found the security features of MaaS360 to be particularly appealing its ability to know and control information security safeguards on employees mobile devices and react rapidly to lost or stolen devices through remote wiping features. The hospital s IT security staff can discover, enroll, manage and report on all mobile device status quickly and easily, and with the click of a mouse. Apps and updates are pushed very easily to users, who are already quite familiar with that native experience on their smartphones, said Param. The transition has been seamless. All brands and their products, featured or referred to within this document, are trademarks or registered trademarks of their respective holders and should be noted as such. For More Information To learn more about our technology and services visit www.maas360.com. 1787 Sentry Parkway West, Building 18, Suite 200 Blue Bell, PA 19422 Phone 215.664.1600 Fax 215.664.1601 sales@fiberlink.com WP_201210_0042 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information