Healthcare warming to mobile devices, but barriers remain

While mobile devices have the potential to allow providers access to valuable tools wherever they go, organizations are still determining best practices for securing mobile devices, according to a Dec. 13 presentation at the Privacy & Security Forum hosted by the Health Information and Management Systems Society and Healthcare IT News.

Tasked with delivering a presentation on securing mobile devices, representatives from three healthcare organizations shared what they have been able to do, but they seemed to still be experimenting with the best way to deliver providers secure mobile applications. While many attendees were probably excited to learn what they could do with mobile devices, speakers provided a longer list of what they couldn’t do.

Kaiser Permanente, a nationwide integrated health network headquartered in Oakland, Calif., does not allow its providers to bring their own devices, but it does have its own inventory of mobile devices. “As we broke down the mobile device management space, we realized there aren’t controls in place at the time,” said Jason W. Zellmer, executive director of technology risk management.

Franklin Community Health Network, a collection of rural providers and a small hospital, in Farmington, Maine, allows providers to bring their own mobile devices, partly because “I can’t afford to buy providers devices,” according to CIO Ralph Johnson. Providers with their own mobile devices can access the internet through the hospital’s guest network, but the only functionalities available to them are email and calendar.  They also have to allow their employer to encrypt their phones.

Kaiser has refrained from offering even email and calendar on their company-owned devices. “Allowing email and calendar is dipping a toe in the water, but even that can be quite dangerous,” according to Zellmer. Other popular mobile applications with value, such as Dropbox for file-sharing and Evernote for note-taking, are also blocked.

Children’s Hospital California seemed to be further along than Kaiser or Franklin in the realm of mobile functionality. The organization allows providers to access desktops via a virtual client, but only providers and not support staff. The remote access model is secure because data can’t be physically downloaded onto devices, according to vice president and CIO Kirk Larson.  Even in this environment, however, applications like Dropbox and Evernote are unavailable. “There are things that could be done, but there needs to be a policy in place to support it.”

Healthcare organizations are beginning to warm to mobile devices and are allowing them into clinical environments, but there’s still a ways to go before security technologies and policies can catch up with their functionalities. It could just be a matter of time before mobile devices are more fully integrated into the fabric of clinical care. “I don’t think our bring-your-own-device ban will be in place much longer,” Zellmer said.