Today’s healthcare workforce is increasingly mobile. The industry has seen a dramatic increase in the use of mobile devices by both staff and patients, but often as single point solutions that do not solve for the fragmentation of clinical workflow at the point of care. Health system IT and clinical leadership are responding with a more strategic approach to clinical communication and collaboration to improve the care delivery experience at scale.
PatientSafe Solutions partnered with HIMSS Analytics to survey more than 300 healthcare leaders about the current state and future plans for mobile communication in their organizations. The vast majority of hospitals (77 percent) have invested in some form of mobile app to support communication amongst the care team, the most commonplace being secured messaging. However, clinical workflow suffers from the continued use of multiple, single-point device and applications. The average care team member — from physicians to nurses to allied health professionals – must use as many as five different devices or modalities to communicate and execute a defined plan of care.
The study also found that that nearly 50 percent of respondents plan on standardizing and consolidating onto a smartphone platform to streamline care collaboration. We all know by now that smartphones present the opportunity to deliver care at the bedside in a more effective, personalized and productive manner. However, despite investment in secured messaging and the desire to move towards smartphone-based platforms, the care team’s communication, care collaboration and documentation workflow still can be disorganized, incomplete and at worse, not secure. To address the clinical mobility challenge, PatientSafe developed the Mobile Maturity Model for Healthcare as common framework to assess the current state of mobile adoption in your health system and align the various people, technologies and processes to be successful with mobility at scale. Our goal? To get industry-wide participation in using and evolving the healthcare mobile maturity model – so clinicians and patients benefit from a streamlined, secure, context-rich mobile care experience.
The Mobile Maturity Model seeks to assess and categorize an organization’s proficiency in six key capabilities: infrastructure management, mobile device management, integration planning, application selection, workflow design and outcomes management.
Infrastructure management – To support mobility at scale, it is important to avoid underestimating infrastructure investments. Elements to consider when it comes to infrastructure include an organization’s wireless network, telephone systems and data center.
Mobile device management (MDM) – The choice of mobile device is a key consideration in mobile adoption, but equally important is the consideration of how to successfully manage and support an entire fleet of mobile devices. Jamf, the standard in Apple device management, recently surveyed 600 global healthcare IT professionals and found that 78 percent of healthcare organizations have an MDM in place, but over 50 percent lack satisfaction, 70 percent had concerns around security and compliance, and 90 percent think their MDM can be doing more. It’s important to invest in an MDM that aligns with overall mobility strategy and are experts in the device platform selected for an organization. An MDM should have an integrated partner ecosystem for devices, applications and infrastructure and training, services and support. Indicators like customer retention and CSAT are also helpful. Most importantly, the MDM should be nearly invisible to end users, as if an approach to deployment and management hinders usability of the device an organization wants to use to improve its patient care and clinical communications, it’s not the right fit.
As more healthcare providers modernize their IT with cloud solutions and mobile devices, the opportunity for breaches increases dramatically. Hardly a week goes by without a major hospital or practice announcing a data breach. Breach reporting is costly, time-consuming and harmful to the reputation of otherwise legitimate practices. But is it really unsecured data, hackers or doctors sharing information that is causing breaches?
A quick analysis of the public data released by the Department of Health and Human Resources (HHS) reveals that from the first reported breaches in 2009 through early 2013, there were 572 breaches involving 500 or more patients (the threshold for reporting). Of these breaches, only about 10 percent came from hacking/IT incidents or improper disposal, while over half—51 percent—were a result of theft.
When you combine these details with the location of the breach, the picture becomes even more clear: 44 percent of the breaches are from laptops, 13.5 percent are from a computer, 13.1 percent are from portable devices and 10.5 percent are from network servers. That means a whopping 81 percent of breaches are from computing devices, and 57 percent are from mobile devices alone.
The security priority is apparent. Mobile devices cause the majority of PHI breaches and must be secured. While they aren’t foolproof and breaches can still occur, there are a variety of methods to control access to data on laptops, tablets, and smart phones on today’s market, as well as ways to wipe the device and track it.
Guest post by Garrett Taylor CEO of Uplift Comprehensive Services.
My organization, Uplift Comprehensive Services (residential services) is fully involved in “mhealth.” We use mobile high-definition video conferencing, which allows our doctors and clinicians to care for patients in geographically remote areas of North Carolina, and gives them full access to electronic health records and an easy way to collaborate each other. Along the way, we’ve improved patient service, enhanced productivity, and cut travel and office costs.
By combining video conferencing technology with a bring your own device (BYOD) mobile strategy, Uplift saves at least $500 for each scheduled physician visit. The thousands of dollars we save each year can be used instead to find grant opportunities for better patient care.
It’s not as hard as you might think to use video conferencing in a mhealth strategy. What follows is an explanation of Uplift’s mobile video conferencing approach.
Uplift Comprehensive Services has been in business for 12 years, covering 15 counties across North Carolina. We offer community-based assistance for children, adolescents and adults, with services substance abuse prevention to mental health treatment. Our treatment options include multi-systemic therapy, outpatient therapy, and medication management, among others. Continue Reading
Guest post by John Moynihan, healthcare segment manager, Global Industry Marketing, Siemens Enterprise Communications and Randy Roberts, vice president, mobility portfolio, Siemens Enterprise Communications.
Technology in business today can seem like a zero-sum game. When the employees win, they are able to do whatever it takes to be productive. But doing that tends to tie the hands of IT, keeping them from locking down devices and services well enough to make sure their information is secure. This situation is becoming more common in the medical industry, with clinicians and computing staff often at odds over convenience versus security. Doctors, traditionally reluctant to adopt new technology or take any risks with tried-and-true methods for caring for their patients, have taken to mobility as a duck to water.
Because access to patient information allows them to better do their jobs, doctors in particular are quickly adopting tablets and smartphones. And while they’re not ignorant of the security risks of these devices, particularly the potential for patient information to be lost or stolen, their focus is on caring for their patients. In fact, even if their business doesn’t provide or specifically allow for mobility, they are bringing their own devices into the office.
A recent Ovum study showed that almost 60 percent of employees bring some type of mobile device into the workplace. There are a few names for this, Bring Your Own Device (BYOD), Bring Your Own PC (BYOPC), Bring Your Own Phone (BYOP), User Introduces Unsecure Device onto My Network and Then Loses My Secure Data (UIUDOMNTLMSD).
Alright, so I made that last one up, but that is how most IT managers feel when the discussion is started about BYOD. An end user bringing a device to work is both a gift and a curse for any sized company. We see an increase in productivity but also the increased threat of data being lost or stolen. Having a strong mobile device management (MDM) strategy can help companies reap the benefits of BYOD while limiting the consequences.
Mobile device management is vitally important. Mobile devices are not going away and they continue to affect the professional setting, and managing the safety of mobile devices is important to organizations.
As a business leader with an enterprise to protect, one of the most important, and possibly easiest, steps to take is managing the safety of mobile devices. There is no way to avoid, or ignore, employee’s personal use of mobile devices in your “public” setting.
75 percent of mobile users believe it’s critical to their jobs to use a mobile device. Employees feel that using mobile devices makes their jobs easier, and they feel more productive. Employers also feel that allowing their employees to use the devices means their employees are always connected and always on.
85 percent of IT managers believe that the introduction of a mobile ecosystem has made the companies they manage more productive. With the exception of having to implement policies to monitor, protect and mange employee’s personal devices, mobile devices also help save companies money and create efficiencies.
Smartphones and laptops are the obvious front runner as the device most used in the workplace, but personal tablets are increasingly becoming more common in the professional setting.
According to CDW, 25 percent of mobile device users use tablets at work; 69 percent of tablet users use their own tablet at work.
The trend is expected to rise by 117 percent in the next two years. No surprise here. If you are surprised by this point then you might be wondering why this is so important.
Why? I’ll let Leiva-Gomez sum it up, as it does so aptly: “The CDW report concludes that 67 percent of IT managers aren’t even familiar with the concept of Mobile Device Management. Are you?”
MDM is much too important to ignore. Not taking an active role in its implementation or its management could put you and your practice’s health information in jeopardy. If swiped, stolen or ripped off, there’s also a pretty good chance you’ll face violations and fines for your HIPAA breeches.
If for no other reason, let this be a motivation for you. An ounce of prevention is worth a pound of cure, or so I’m told.
Regular readers of this blog will know that I spend a good deal of time focusing on managing mobile device data security in healthcare information technology, and the impacts of how breaches ultimately affect patients.
As such, I’m developing a strong interest in BYOD and the policies that need to be set in place to protect the information that all of us as consumers, myself included, hope remains safe.
So, I came across a piece recently by SecurEdge Networks that I think resonates, offering some of the best tips for managing mobile device data in the healthcare environment.
Though it’s a top 10 list, I’ll focus on what I think are some of the most important points. Feel free to let me know if you agree, or if you have other tips worthy of the list.
According to SecurEdge Networks, at number one of the list is basic security. It’s a must. Basic security typically comes down to simple use of strong passwords. In addition, staff members must be required to change their password after a certain amount of time, and a system must automatically lock after a certain period of inactivity.
Containerization of data, specifically on mobile devices, allows for the separation of personal and professional data. Setting up containers allows a personal device to be used in the workplace while protecting all of the company’s data in a secure container that can be wiped in the case of a lost or stolen device.
Next, limit which apps can be downloaded to a mobile device used in the workplace. There are tools available that completely block installation of outside apps on corporate and personal mobile devices, helping reduce the exposure to viruses or malware. According to SecurEdge Networks, “Having a corporate app store that has only pre-screened apps for the platform included is an effective tool for securing mobile devices that are used to access confidential information.”
Next up, one of the most basic steps one can take in a BYOD environment is to ensure that basic security software is installed. “Anti-virus and anti-malware programs should be installed and software firewalls should be put in place for each device,” cites SecurEdge Networks.
Finally, in what may be the most important tool available practices and hospitals engaging in a BYOD program is remote wiping. If a device is lost or stolen, having the capability to remotely wipe the device is essential. Some companies even go so far as remotely wiping any data on the corporate side of the device when it leaves a set geographical area. Since the data isn’t stored on the mobile device, this is an easier process. Personal data can also be wiped, which is attractive to employees who may have some initial resistance to having their devices accessed by their employer.
As noted by SecurEdge, employees who are allowed to use their personal devices in the workplace are often happier, more productive and always on. “Allowing employees to bring in their own devices can be an effective policy, boosting productivity and reducing operating costs.”
On this subject, there’s more to come; stay tuned.