Fierce Q&A: UC Irvine Medical Center's interesting twist on BYOD

The University of California, Irvine, Medical Center's bring-your-own-device program is unique in that it merges the facility's mobile-device management software with a network-access control app to enable an integrated mobile security system.

"We've kind of tied the two pieces together with a middleware piece that we've developed," Adam Gold (pictured), director of emerging technologies for the hospital, told FierceMobileHealthcare. Most other facilities use just MDM, he said.

"Access control at the network level is being handle by our NAC system," Gold added.

In an exclusive interview, Gold discussed what prompted the hospital to turn to a BYOD policy, what made the transition a success and the challenges that emerged.

FMHC: Why did UCI decide to go with a BYOD policy?

Gold: The policy's been in place probably close to a year. What prompted the decision was that our electronic medical record vendor came out with a native application for iOS that allows direct access to their electronic medical record. Jim Murry, our CIO, said that we needed to head down that path.

FMHC: How has the policy worked out, so far?

Gold: Pretty well. To date, we've got about 1,200 devices registered with our MDM and our network-access control app. Of that, about 400 or 500 are accessing the EMR.

FMHC: What are the challenges UCI has faced?

Gold:  The expectations or demands for more apps have been a challenge. Once the devices get provisioned in the MDM, users have an enterprise app store available to them. That stores apps that we've developed in-house.

Once the users became keen to understanding that the apps were created by UCI, we saw an influx of questions from providers about how they could get their own app for their own departments. Now all of a sudden, the surgery department wants certain apps and the radiology department wants certain apps.

In terms of device management and usability, we haven't run into any hurdles.


Check out FierceMobileHealthcare's special report on 7 mobile apps for chronic condition management >>

FMHC: How do you ensure the security of devices on your network?

Gold: From a wireless perspective, we're using pre-shared key encryption. Once the devices are provisioned, a few of the mandatory requirements are under a protected password, so the users are forced to configure a pin on the devices. They're also forced to enable encrypted backups on their devices so even if they're backing up a device via iTunes, that backup is being encrypted.

On top of that, we're already leveraging hardware-based encryption. We're also having the users agree to an end-user license agreement that tells them if the device is lost or stolen, we the ability to remote wipe or kill the device.

FMHC: What advice would you give to organizations on the fence about BYOD?

Gold: The most important part is involving their users and their clinical leadership in the entire process. That's one thing that we did here. From the beginning of the project, it wasn't just the technology team working. It was clinical leadership, clinical analysts and network technicians. We even had students and interns working with us to vet out the process. We told everyone that if we were going to do this, we needed the support and the champions and the leadership involved.

If you look at a project like this as just a technology strategy and a technology solution, it will fail. You have to include your users, your clinicians and your leadership.

Editor's note: This interview was edited and condensed for clarity.