5 Lessons from healthcare BYOD


Healthcare institutions and Bring Your Own Device (BYOD) policies might seem at odds due to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and concerns over Personally Identifiable Information (PII).

However, after speaking to some healthcare IT experts, the same concerns about endpoint security, data governance, and mobile device management (MDM) exist but with the added concerns of stringent compliance programs that protect patient information.

Here are five lessons from healthcare BYOD for other industries:

1. BYOD can interconnect organizations and cross hierarchies
Healthcare has had to adapt to what doctors do,” says Chris Davis, senior solutions architect, Verizon Enterprise Solutions. “The healthcare industry is a collection of providers agreeing to participate together much different from some of the other corporate driven practices and hierarchies.”

“It’s from necessity, not out of design,” adds Davis about healthcare BYOD. Early adopters, even Millennials, aren’t part of the healthcare BYOD discussion.

2. Outsourcing enterprise mobile and BYOD security is an option
Changes in mobile devices and mobile security technologies can be hard for some companies to manage. This is leading to a growing outsourcing market for BYOD and mobile security including managed service providers and professional services firms.

Julee Thompson, Chief Healthcare Executive for Sprint, recommends that healthcare institutions seeking out technology partners to handle mobile/BYOD security. This advice is applicable across industries as organizations of all size move to secure their enterprise end-points and corporate data.

3. Separate data from the device for BYOD security
HIPAA focuses on protecting the data, not the device. This makes healthcare IT focus on protecting data using Virtual Desktop Infrastructure and SaaS-based applications, thus taking patient data and PII off employee devices.

“It depends on what you are using the device for. As an example, device security really is the is the thing most providers and administrators are going to be concerned about with BYOD,” says Daniel Cane, CEO of Modernizing Medicine, a provider of cloud-based Electronic Medical Records software. “If the data isn’t residing on the device, I think it’s a lot easier to have a BYOD environment.”

4. Compliance programs raise the stakes for BYOD
The ramifications for a security breach in a traditional corporation are a heck of a lot less draconian than a breach with HIPAA,” says Cane. “A HIPAA breach is a lot more punitive than a software breach so BYOD if you aren’t using cloud applications can get very scary, very quickly.”

He also adds that information is the asset that has to be protected whether that is on corporate or personal computing devices.

5. Keep lost devices a focus of BYOD security
Healthcare is a highly mobile profession with a user community that’s literally on their feet all day running from crisis to crisis. It’s easy for a healthcare practitioner to set their device down and lose it (more so than traditional office workers). Verizon’s Davis and nearly every healthcare IT expert I’ve spoken with on the subject of BYOD points to lost devices as a major security concern for healthcare institutions. Lost device security concerns drive the need for MDM solutions and early interest in emerging mobile security technologies like geo-fencing.

There’s a lot to learn about BYOD security management from the healthcare industry because of the unique challenges they face from maintaining HIPAA compliance and dealing with sensitive information.

Would it bother you if your doctor’s office went BYOD?

Image by freeimages.com user: LeoSynapse

This post was originally posted on The Mobility Hub on April 9, 2014

Will Kelly is a technical writer and analyst based in the Washington, DC area. His writing experience also includes writing technology articles for CNET TechRepublic and other sites. Will’s technology interests include collaboration platforms, enterprise mobility, Bring Your Own Device (BYOD), project management applications, and big data.

Making mobile first in healthcare


Mobility poses risks in healthcare, especially when it comes to compliance. However, companies are embarking on “mobile-first” health IT strategies by focusing on web framework, management support, and mobile security training tailored to the healthcare user community. Kaiser Permanente and the Department of Defense Military Health Services are two examples pioneering mobile health.

Previous Mobility Hub blogs, such as Healthcare Needs Pervasive Mobile Policy and Healthcare BYOD Is Risky Business, point to many of the risks that mobility poses in healthcare, especially in the age of HIPAA. However, there are signs that a mobile-first health IT strategy is possible.

Large commercial and military healthcare providers are making strides in mobility. Kaiser Permanente has also been making headlines with its mobile-first approach to customer apps. The company extended its original and very robust web presence to mobile apps:
Both of these apps secure patient information using existing Kaiser Permanente membership information and enable appointment making, refilling prescriptions, and emailing Kaiser Permanente doctors.

Kaiser Permanente launched its latest mobile initiative earlier this year, and made a point to wrap its web and mobile security together. That could be reassuring for some skeptical customers. Details were covered in a press release:

Users’ personal health information is safe and secure while using the new app and the mobile-friendly kp.org, which employ the same security safeguards that protect patient information on the traditional kp.org website, including secure sign-on and automatic sign-out after a period of inactivity.

Part of Kaiser’s extension of web to mobile is an in-depth privacy statement that covers customer information and privacy both on the web and through its mobile apps.
Kaiser’s approach is a step above my own homegrown efforts to use my personal iPad and email to manage doctor appointments and communications. Recent write-ups show the number of Kaiser customers interacting with the company to be on the rise.

DOD requires innovation and balance
When I look for prime examples of mobile-first health IT strategies, I look to the United States Department of Defense, rather than a major urban hospital. A recent FederalNewsRadio.com guest editorial by Mark Goodge, the CTO of the Military Health Service, paints a picture of the challenges its mobile strategy faces trying to serve beneficiaries both on active duty and retired from service.

The DOD is regularly rolling out apps to help treat a variety of physical and mental ailments with the apps becoming a valuable extension of traditional medical care.

Healthcare organizations are in the business of healthcare — not IT, much less mobile devices. While the end-user community can be awfully smart, they aren’t tech people. This means that mobile security education needs to be ongoing and focused on the audience, which may have specific needs.

In the end, a mobile-first health IT strategy needs to have a customized mobile security education program as its foundation. Healthcare workers need to learn mobile security as it applies to their world, not from a stock mobile security class.

Mobile-first healthcare strategies face cultural, compliance, and industry challenges. It is a necessity to accommodate patients and a diverse healthcare workforce, however, so IT must take a holistic approach to mitigate the risks while improving doctor/patient communications and overall patient care.

Image by freeimages.com user: kikashi

This post was originally published on The Mobility Hub on January 25, 2013

Will Kelly is a technical writer and analyst based in the Washington, DC area. His writing experience also includes writing technology articles for CNET TechRepublic and other sites. Will’s technology interests include collaboration platforms, enterprise mobility, Bring Your Own Device (BYOD), project management applications, and big data.

Charting your enterprise data for BYOD security


Huddle, the collaboration platform vendor, has released its survey report, “State of the Enterprise Information Landscape,” which includes some interesting findings around information security and bring-your-own-device (BYOD). The report finds that 73 percent of office workers in the US and 61 percent in the UK are downloading personal software and apps on enterprise-owned tablets. Additionally, 52 percent of US workers (59 percent in the UK) use personal laptops, tablets, and smartphones to store and work on enterprise content.

The numbers in the report testify that enterprises need to focus on their “enterprise information landscapes” as part of their overall BYOD security strategies. Charting that landscape is another tool for locating your corporate data vulnerabilities through consumer file sharing and other cloud apps that open security gaps, thus exposing organizations to data loss.

Enterprise information includes proprietary and competitive information, such as internal business and financial documents, product development documentation, and policies and procedures. The information may reside on the enterprise network, in cloud storage, or in a collaboration platform workspace or document library, in both approved and unapproved locations, and any security issues that you might find need to be remediated. It is no longer enough to centralize corporate documents on an enterprise or cloud collaboration platform.
Enterprise mobility and BYOD in particular raise the security stakes for what was once a largely document-versioning exercise now that access to corporate information has become an anytime/anywhere option for employees.

Enterprise information charting tools

Tools for charting your enterprise information landscape include:

  • User education about corporate document security policies that gives users a chance to share their experiences and best-practices
  • Official feedback channel for mobile users to use when they encounter issues with corporate approved/mandated cloud storage and/or collaboration platforms
  • User logs from corporate approved/mandated cloud storage and/or collaboration platforms
  • Corporate document publishing processes
  • End-point security tools
  • Mobile device management (MDM) monitoring dashboards

Charting an enterprise information landscape is a cross-functional exercise that should include technical writers and other document authors, sales management and the sales team, remote workers who access your network via mobile devices, and internal staff who work with contractors and use mobile devices.

Once you chart your enterprise information landscape, the final deliverable doesn’t have to be a “chart” or even a divisive internal document. Your findings can feed the following:

  • Improved cloud storage and collaboration tools and processes if it’s found that users are working around clunky but corporate mandated tools
  • Revisions to BYOD policies and training
  • Changes to end-point and device security
  • Changes to document management processes and workflow

Charting your enterprise information landscape can be a one-time exercise when your organization goes BYOD, or an annual audit using your in-place security solutions and BYOD user outreach. It’s all about keeping your BYOD and corporate mobile users honest while IT gains better insights into how BYOD users interact with corporate information.

Does your organization chart its enterprise information landscape?

This post was originally posted on The Mobility Hub on February 7, 2014.

Image by freeimages.com user: gerard79

Will Kelly is a technical writer and analyst based in the Washington, DC area. His writing experience also includes writing technology articles for CNET TechRepublic and other sites. Will’s technology interests include collaboration platforms, enterprise mobility, Bring Your Own Device (BYOD), project management applications, and big data.

Tablet kiosks require dual-security


I was out of town one recent weekend and despite my best efforts wasn’t able to escape mobile technology — the growth of tablet computing in particular. Two stores in the beach town I visited were using tablets in retail kiosks to engage customers seeking more information on their wares and to sign up for store mailing lists.

When I got back home, the mobile blogger side of me did some investigating, and I found a whole hardware and software sector devoted specifically to tablet kiosks, especially those using the iPad.

Touchscreen kiosks used to be a very high-ticket item, but, thanks to current technology, can now be set up for a fraction of the price. Kiosks have many uses in hotels, restaurants, museums, and retailers, according to an article in Smashing Magazine. They can streamline information-gathering processes like mailing list sign-up, making reservations, ordering products, and check-in and check-out. This frees employees to spend their time on more valuable tasks and keeps customers from waiting in line or on hold.

Some widespread deployments are happening in large venues like airports. OTG Management, a company that operates airport restaurants, has a big iPad kiosk deployment in progress, described in a CIO.com article. OTG has spent $10 million in the past two years on iPads located in passenger waiting areas and on dining tables, and it expects to deploy 7,000 more devices by the middle of 2014. Patrons are able to order restaurant food but can also check flight times, access the web and social media, and play games.
Regardless of whether a tablet kiosk is in a small retail store or on a scope such as OTG Management’s deployment, successful implementation depends on a combination of physical and traditional mobile security.

The physical element of tablet kiosk security is well on the way to becoming an industry unto itself with a full range of accessory vendors including the usual suspects like Griffin Technology. More specialized companies are developing enclosures that encase or display tablets in varying ways and physically lock them into position. These can also include features that restrict access; for example, covering the home button on a device is common practice. This prevents shoppers from disturbing the kiosk software and device setup.
Some other options to seek in a kiosk enclosure include:

  • Impact resistance
  • Security screws to lock the kiosk in place on a stand
  • Secure power cable enclosure and protection
  • Secure base that locks onto a tabletop

Software configuration and security apps are available to control the home screen and lock down access and network settings. There are also iPad kiosk apps like Kiosk Pro and Mobile Kiosk that link the device to a website and allow the integration of features like data collections via forms, displaying digital signage, and providing access to product catalogues.

The consumer-oriented user experience of tablets makes them fairly easy to maintain inside a retail store. Backing up devices in case of catastrophic failure or device theft can be accomplished using iCloud for the iPad or another online backup service.

Will the interactive kiosk trend continue to grow? What are some other advantages or challenges? Share your thoughts in the comments.

Image by freeimages.com user: Linder6580

This post was originally published on The Mobility Hub on May 11, 2013

Will Kelly is a technical writer and analyst based in the Washington, DC area. His writing experience also includes writing technology articles for CNET TechRepublic and other sites. Will’s technology interests include collaboration platforms, enterprise mobility, Bring Your Own Device (BYOD), project management applications, and big data.

The future of Android in BYOD


A recent IDC analyst report states that Android smartphone market share passed 80 percent worldwide. Despite this impressive market share, the fractured nature of the Android operating system still creates concerns for IT departments with a requirement to support Android as part of a Bring Your Own Device (BYOD) program. In some circles, supporting Android for BYOD has given rise to the term “Bring Your Own Android.”

However, during this past year signs have begun appearing that Android’s BYOD karma is about to change.

Security through virtualization

Let’s get the bad news out of the way first: the status of Samsung Knox as a security solution for Android devices continues to disappoint. A recent post by Galen Gruman on the Infoworld Mobilize blog entitled “The truth about Samsung Knox for Android security” says it best: “The higher-level security technology for select Android devices isn’t really available yet, despite the hype.”

While this post was written prior to Google’s enterprise announcements, I still think that Google has lots of work to do around security including where Samsung Knox fits into the mix.

My prediction is that the hype around Samsung Knox will dissipate as enterprises with growing Android BYOD requirements look to their current virtualization providers for real enterprise-grade solutions. Case in point, VMware Inc. (NYSE: VMW) now offers a mobile hypervisor for Android devices as part of their VMware Horizon product line. Opportunities for startup security providers like Nubo Software multiply as the hype of Samsung Knox gives way to the realities of IT departments facing a growing number of users who wants to access corporate email from their Android devices.

More MDM options

Mobile Device Management (MDM) vendors are seizing on the growth of Android within the enterprise. Android support is gaining among the major MDM players and a definite requirement for Android’s future for BYOD.

Android goes consumer

Mark my words; the Kindle HDX is going to play a part in helping Android gain acceptance for BYOD. It’s a true convergence of e-reader and tablet that will open Android (and Android apps) to a new more novice user base. These users are going to want to get their corporate email on their Kindle HDX when they get back to the office after Christmas.

Android and the cloud

The predictions I made in How BYOD Will Change IT also apply to the future of Android and BYOD. When BYOD Android devices aren’t touching the enterprise directly that can remove some of the doubts around security.

Another interesting cloud development is that now organizations using Google Apps for Business got limited Android device management features as of an upgrade last June. However, I’m not an advocate of mixing my device management and office productivity apps. Using these features seems to be more ideal for small to midsized businesses or to support a pilot program inside a larger organization at least making Google for Work a useful entry point for Android BYOD devices into a business.

Final thoughts

While Android may never shake its reputation for operating system fragmentation, its BYOD karma is changing as more established, and startup technology vendors step up with solutions to fill in the real and perceived security gaps that Android poses for BYOD.

Image by freeimages.com user: Cieleke

This post was originally published on The Mobility Hub on November 14, 2013.

Will Kelly is a technical writer and analyst based in the Washington, DC area. His writing experience also includes writing technology articles for CNET TechRepublic and other sites. Will’s technology interests include collaboration platforms, enterprise mobility, Bring Your Own Device (BYOD), project management applications, and big data.