An emerging trend across all industries is to allow employees to bring their own devices (BYOD). Many people already have smart phones or tablets that are capable of performing the tasks required. However, in the health care industry, special security precautions have to be taken to ensure that the patient’s data is protected as mandated by HIPAA. The employees have access to handheld devices, cellular provider networks and wireless internet access all at a very low cost to the facility. It is important however to make sure that policies are in place to ensure compliance with regulations. Here are some tips for implementing a mobile device management healthcare program.
Basic security is necessary. At least once a month a website or network is in the news for being breached. Often times, weak passwords are the root cause. Strong passwords are essential for security. Devices should automatically lock after being inactive for a short amount of time. Users should be required to re-authenticate on a periodic basis.
Limiting data transfers between the device and removable media is a feature that some corporations find desirable, however it isn’t always easy to implement. An easier solution that is just as effective is to use separate containers for personal and corporate data. This can be accomplished easily with virtualization. Having a virtual machine running on the personal device provides a more secure environment for mobile device management healthcare systems.
App Stores and Apps
Maintaining a corporate app store and limiting or completely blocking installation of outside apps on corporate and personal mobile devices, helps reduce the exposure to viruses or malware. Some platforms make blocking the side loading of apps easier than others do. Having a corporate app store that has only pre-screened apps for the platform included is an effective tool for securing mobile devices that are used to access confidential information.
Also in the realm of security procedures for mobile device management healthcare systems is avoiding storing data on the mobile device entirely. All data should be stored on a server, and served to the mobile device. Encrypting the device itself is also has a good chance of helping to ensure HIPAA compliance.
Limiting exposure to vulnerabilities
Simply turning off unnecessary features with known vulnerabilities can go a long way towards operating a secure wireless network filled with personal and corporate devices. Bluetooth, if not needed for functionality should be turned off. If turning off Bluetooth services is not feasible, the visibility should be set to hidden once a device is connected.
Use Security Programs
Among the features installed by an IT department when a device is brought onto the network is basic security software. Anti-virus and anti-malware programs should be installed and software firewalls should be put in place for each device.
Cross Platform Compatibility
To reduce the complexity of the task of bringing mobile devices onto a corporate network, especially in a health care setting, whatever programs are used should be able to run on any of the major devices at least.
Have a Single Tool to Manage Mobile Devices
Using a single tool to provision mobile devices for the network, to track what devices are on the network, and provides remote access for troubleshooting problems can be beneficial. Allowing HR read-only access can also prove beneficial.
If a device is lost or stolen, having the capability to remotely wipe the device is essential. Some companies even go so far as remotely wiping any data on the corporate side of the device when it leaves a set geographical area. Since the data isn’t stored on the mobile device, this is an easier process.
Requiring users to re-authenticate periodically, and tracking that authentication is simply good security. Allowing employees to bring in their own devices can be an effective policy, boosting productivity and reducing operating costs. This depends on smart, secure policies being implemented before users are allowed to start bringing their own devices into the mobile device management healthcare system.
With today’s BYOD explosion, it really is vital to have a mobile device management solution for your healthcare facility or hospital wireless network. Use mobile device management to ensure you get the level of security necessary for BYOD at your healthcare facility.