Healthcare BYOD: Tips for point-of-care mobile device implementations

Mobile connectivity can benefit patient care, though it presents security risks. Read how the right BYOD strategy can support mHealth.

There's no doubt that mobile computing in healthcare has emerged as one of the leading drivers for improving the quality, accessibility and safety of care, as well as increasing its cost-effectiveness. For many years, technology adoption in healthcare has lagged behind adoption in other industries, such as banking, manufacturing and retail. However, with the recent rise of mHealth, a term used for the study and practice of medicine and public health that is supported by mobile devices, we are seeing tremendous opportunities to improve how healthcare professionals deliver care.

In short, healthcare can benefit significantly from the real-time delivery of care -- something that mobile technology provides. In addition, the rapid adoption of smartphones and tablets among clinicians, consumers and employees, and the increasing bring your own device (BYOD) phenomenon are setting the stage for providers -- who traditionally have been slow to respond to technology innovation -- to take steps to revolutionize how they deliver healthcare.

Because healthcare can be a highly complex business, strategies for effective mobile computing, particularly at the point of care, need to be well thought through. Anyone developing a mobile computing or healthcare BYOD strategy should consider these five tips.

Know your key stakeholders

End users, clinicians, management and IT staff are four key stakeholders that have distinct mobile computing requirements. It is critical that each group be involved in determining how to best meet its mobile computing needs. End-user concerns generally center on whether and how they can use their device, how to obtain assistance or training, what their password requirements will be, what they should do if they lose their device, what the rules are for personal versus company data on the device, and what, if any, reimbursement policy exists.

Physicians and nurses require secure point-of-care mobile technology that will allow them to communicate with each other rapidly and in real time in order to do their jobs efficiently. Two important areas gaining traction in healthcare settings are secure text messaging and Wi-Fi integration to provide coverage in areas where cellular signals are weak. Recent research indicates that clinicians' involvement in technology decision making and the use of a single mobile device improve the quality of care they can provide, and increase physicians' and nurses' efficiency.

Management will be concerned about the liabilities, costs, insurance, and changing legal and vendor landscape associated with mobile computing. In addition, the ownership and protection of corporate data and assets, along with the ability to measure user patterns, will be areas of interest to management. Finally, the focus of the IT staff will be the deployment and support of mobile devices and applications, application and data configuration and standardization, and how to address mobile computing incidents and problems with lost or stolen devices.

Develop policies, procedures and an end-user acceptance agreement

It's vital that healthcare organizations develop a comprehensive mobile computing policy and procedure, including language clearly defining their BYOD strategy. An end-user acceptable use agreement outlining the terms and conditions of mobile computing expectations should be crafted by the organization and signed by end users before they're given access to organizational resources via their mobile device. Incorporating mobile computing in security awareness training is an important step towards ensuring ongoing compliance.

Familiarize yourself with regulatory, legal and compliance requirements

A successful healthcare mobile-computing strategy needs to consider all pertinent local, state and federal regulatory, privacy and security, legal, and compliance requirements. Legislation such as HIPAA and the HITECH Act at the national level, as well as state-level mandates, such as California SB 1386, which includes notification rules that compel disclosure of breaches, are important regulations that need to be considered before and after mobile computing is implemented in a healthcare setting.

Determine your mobile management strategies

A number of mobile management strategies have emerged, with mobile device management (MDM) being the most mature in its development. It focuses on management at the device level, with secure email, calendaring, contacts, Web browsing and application store management being standard features. Other key functions to look for in MDM solutions are enrollment and auto profile and application capabilities; remote administration; screen passcode settings, remote wipe for lost or stolen devices and encryption at rest and in transit; a secure Web browser capability; persistent push email delivery; and compliance/auditing, asset, device, location and network tracking.

Another important area for healthcare environments is mobile content management (MCM), which should provide encryption for files and attachments, allow for content expiration, control screen captures, and enable online and offline access to secured content. Recent MCM architectures allow for all sensitive content to be accessible without any data being stored on the device. In addition, mobile application management, or MAM, which provides mobile application delivery and app store management, blacklist and whitelist management, and application tracking and security, is gaining an increased footprint in the healthcare space as organizations invest in developing customized mobile healthcare applications.

Define the technical architecture

Four important technical areas to consider are what your platform will be, whether you will need enterprise directory integration, which devices and native applications you will support, and your telecommunications management capabilities and restrictions. Recent advancements in security, cost reductions and the high availability of cloud computing have made hosted or Software as a Service solutions attractive alternatives to on-premises virtual or appliance mobile computing platforms. Other platform features of interest are perpetual versus monthly licensing, single versus multi-tenancy architecture, role-based access control support, Web-based administrative features and self-service capabilities.

Midsize to large healthcare providers typically require enterprise directory, certificate authority, and Secure Sockets Layer virtual private network and Wi-Fi integration. Being able to support a wide range of mobile devices using their native applications -- particularly apps for email, calendaring and contact management -- is a necessity, especially for users participating in a healthcare BYOD program. It is not uncommon for employers to limit company-issued mobile devices to one or two vendor device lines, with Apple's iPads and iPhones having a notably large market share among physicians.

As healthcare BYOD gains in popularity, telecom management is becoming increasingly important. This includes controlling and tracking voice and data roaming, cellular and Wi-Fi network data usage and signal strength, and phone call history. To ensure that end users' BYOD experience is optimal, avoid scenarios such as requiring them to change their existing data plan to a more costly plan.

Let us know what you think about the story; email [email protected] or contact @SearchHealthIT on Twitter.

Dig Deeper on Mobile health systems and devices