Hospital CIOs: App developers may be doing an end-run around you

Be on the lookout for mobile app developers trying to find a way into your enterprise without your knowledge or consent.

A recent article at sounded the alarm on this practice, saying entrepreneurial app developers are learning at conferences, and from each other, to go around the IT department and sell their wares directly to the end user.

It's a chilling idea for a hospital CIO trying to manage thousands of mobile devices, and the even greater number of apps, services and software that users download onto them. paints a picture of app developers meeting with users, business execs and others inside an organization, pooh-poohing the concerns of "stodgy," and obstructive CIOs, and encouraging user to purchase their product and tell IT about it later.

"We encounter this frequently," Kevin Larsen, CMIO for Hennepin County Medical Center in Minneapolis, told FierceMobileHealthcare. Todd Richardson, CIO for Deaconess Health System in Evansville, Ind., said it usually ends badly, with users buying into a product they know little about, on the technical side. He's had users purchase web-based subscriptions without authorization, only to have to bring IT in later because they didn't work. "[We had to] do a wholesale update to our currently supported version of Internet Explorer," Richardson told FierceMobileHealthcare.

Larsen said a strict protocol for IT purchases can help, as can linking IT request back up the chain of command. His hospital requires a security review, then a technical review, and finally a review by the executive IT steering committee to "determine if something we already own can do" what the user wants.

How you handle your discussions with users after the fact can help prevent rogue purchases in the future. Richardson said he tries to keep the "I-told-you-so's" to a minimum, and uses any buyers' remorse to educate users on the existing process. He also encourages them to involve him up front in any purchase negotiations.

With vendors, though, Richardson is less gentle. "There's no better way to get on my black list as a vendor than to go around me. I will do everything [I can] to get rid of vendors who practice like this," he said.

Paul Lanzi, mobile application team manager at biotech giant Genentech, pointed out that IT execs need to be open to users' requests if they don't want them working their own deals, however.

"You want the first call to be to you," Lanzi told "If you keep saying, 'no way,' they'll stop calling you. Instead of saying no, ask them, 'What capability are you looking for?'" - Sara