With the proliferation of mobile devices--from smartphones to tablets to remote patient monitoring systems--hospitals have to find a way to manage all of that free-flowing technology. One solution is mobile device management (MDM) software that can track the hardware, identify security threats to the software, and even monitor the comings and goings of different devices on your network.
It's such a crucial need the VA has just put out a request for information to help it find a product to manage the 100,000 tablets it plans to buy in the next few years. A number of systems are available now with some healthcare connection, such as MobileIron, and Voalte Connect.
But choosing among them is the tricky bit. Some solid tips compiled from various sources to help vet MDM vendors include:
- Check for integration: The system must be able to plug into not only your central hospital network, but also any separate physician, clinic, and other IT hubs. "Look for solutions with simple installation requirements, distributed control, and scalability suitable for your organization's size and structure," says CIO.com blogger Mark Gibbs.
- Ensure residency requirements: The system shouldn't require your users to install hefty apps or software in order to operate. Remember that mobile devices, while fast, often have severely limited storage capability.
- Test for regulatory compliance: The system must be healthcare-savvy, and provide notification of breaches, and other HIPAA requirements. Encryption levels, remote wiping and other security features will be key here, as well. The VA clearly is concerned on this front, asking for both corporate wipe capabilities, as well as automated remote locking.
And don't forget that even with wiping capability, you still can have difficulty truly erasing data from mobile storage devices, warns the HIMSS Mobile Security Work Group in a recent white paper. - Protect your gaps: Especially in hospitals, you're guaranteed to have areas that lose signal or where devices disconnect from the network. You need to check how your MDM will handle these situations--especially whether any data will be cached on the device and what will happen to that data if the device is disconnected for a lengthy period. Also, what will the system do to attempt to reconnect to the device, or alert management if a device goes offline?
- Centralize controls: The system should have administrator-level ability to remove applications that aren't authorized, force required updates and otherwise manage the devices' compliance with hospital protocol.
To learn more:
- read Gibbs' blog at CIO.com
- check out the post at HealthITExchange
- dig into the HIMSS Mobile Security Group's white paper (.pdf)
- look over Healthcare Technology Online's analysis