HIPAA! HITECH! HELP!

—
Mobile Device Management
(MDM) in Healthcare

www.maas360.com
 MaaS360.com > White Paper

Copyright © 2014 Fiberlink Communications Corporation. All rights reserved.

This document contains proprietary and confidential information of Fiberlink, an IBM company. No
part of this document may be used, disclosed, distributed, transmitted, stored in any retrieval system,
copied or reproduced in any way or form, including but not limited to photocopy, photographic,
magnetic, electronic or other record, without the prior written permission of Fiberlink.
This document is provided for informational purposes only and the information herein is subject to
change without notice. Please report any errors to Fiberlink. Fiberlink will not provide any warranties
covering this information and specifically disclaims any liability in connection with this document.
Fiberlink, MaaS360, associated logos, and the names of the products and services of Fiberlink are
trademarks or service marks of Fiberlink and may be registered in certain jurisdictions. All other names,
marks, brands, logos, and symbols may be trademarks or registered trademarks or service marks of
their respective owners. Use of any or all of the above is subject to the specific terms and conditions
of the Agreement.
Copyright © 2014 Fiberlink, 1787 Sentry Parkway West, Building Eighteen, Suite 200, Blue Bell, PA 19422.
All rights reserved.

2
 MaaS360.com > White Paper

HIPAA! HITECH! HELP!—Mobile Device Management (MDM) in

Healthcare
Table of Contents

Mobility Puts PCs to Pasture with the COWS ....................................................................... 4

Patient Safety and Care Come First....................................................................................... 5

HITECH & HIPAA Demand Security........................................................................................ 5

Categories of Mobility Management..................................................................................... 6

The MDM Solution................................................................................................................ 6

MDM in the Cloud................................................................................................................. 7

Laying Out the MDM Strategy............................................................................................... 8

MDM in Action...................................................................................................................... 9

3
 MaaS360.com > White Paper

The number of mobile devices in healthcare facilities is increasing rapidly, as is the diversity
The FCC is of mobile platforms, operating systems (OSes) and communication methods that need to be
pursuing a health supported by these organizations. In fact, in remarks made at George Washington University
Hospital in Washington D.C., FCC Chairman Julius Genachowski said that healthcare is being
strategy fostering
“transformed” by broadband, and called out wireless and mobile in particular.
fast-paced innovation
of wireless networks, For its part in this transformation, Genachowski said, “The FCC is pursuing a health strategy with
medical devices, and three key components: promoting connectivity; fostering fast-paced innovation of wireless networks,
mobile apps medical devices and mobile apps; encouraging greater adoption of life-saving health technology; and
ensuring that spectrum is optimally allocated and managed.” So on the outside, infrastructure and
promotion is progressing, but what does mobility in healthcare look like from the inside?
A recent poll of managed Healthcare providers by the Aberdeen Group found three clear
expectations for mobile healthcare technology: stem the rising costs of healthcare processes,
improve staff productivity, and decrease the entry erroneous data.
To understand where mobility is headed though, it would first help to remember the mistakes
of the past.

Mobility Puts PCs to Pasture with the COWS

In the past, technology in healthcare settings was limited to desktops and workstations. Then there
was a move to make computers on wheels (COWS) the standard for healthcare technology mobility.
COWS were desktop-type computers affixed to carts that would be travel from nurses’ stations to
patients’ rooms. Their popularity was short lived, though, primarily due to the cumbersome nature
of the units and the increasing availability of newer, more mobile technology, such as laptops.
Now, despite their portable nature, even laptops are becoming obsolete. With anytime, anywhere
access to patient data becoming the standard, agile mobility is seen as a must. In addition to the fact
that doctors like to bring their own devices (BYOD) to work, this has made smartphones and tablets
the most popular mobility tools in the industry.
In using these devices, the providers are also using a variety of apps. They want the same ease of
use, functionality and access that an app gives at work, too. The iPad is becoming the new patient
chart. And patients, too, are using apps to manage their health, connect with their providers and
access their own records.

4
 MaaS360.com > White Paper

Patient Safety and Care

More and more Come First
sensitive information,
Improving patient safety is driving adoption of mobility
both facility and in healthcare. According to a U.S. Department of Health
patient information, and Human Services report (“Reducing and Preventing
ends up on Adverse Drug Events to Decrease Hospital Costs”),
these devices. the number and severity of patient safety incidents
can be significantly reduced with the use of automated
detection and computerized records. Electronic access
to information reduces the potential for errors, since
information is no longer transcribed by hand from
document to document.
Increased safety means improved care and outcomes as well. For example, mobile devices
provide easy, quick and accurate access for physicians and other healthcare providers to nurses’
notes, lab results, patient history and more, for a more productive and efficient patient visit, and
more timely decisions about care. This information can easily be shared across the organization
and to other providers who may be working with the same patient.
With the low cost of smartphones and tablets, compared to desktops and laptops, healthcare
facilities can realize a cost savings in both a corporate liable and BYOD environment where the
users are responsible for the costs of replacing their devices.

HITECH & HIPAA Demand Security

So far the case for mobility in healthcare is solid with uses across the organization, for the many
disciplines and for the patient as well, but in this highly regulated industry, mobility faces some
tough challenges.
“Security is the largest concern from an IT standpoint—making sure the healthcare workers who
are using the devices are in compliance; that the medical records they access are logged. It’s
important that the movement and use of any data is constantly tracked and logged, especially
when it comes to a lost or stolen device, or if an employee is no longer eligible to view the
information,” says Chris Hazelton, Research Director, Mobile & Wireless, 451 Research.
Yet, as devices proliferate, IT departments struggle to manage security policy and technology. More
and more sensitive information, both facility and patient information, ends up on these devices.
Of particular concern for healthcare facilities are the requirements of the Health Insurance
Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic
and Clinical Health Act (HITECH). The potential for risk of patient and healthcare data privacy is
tremendous and non-adherence to these strict government regulatory requirements can result
in severe financial penalties and damage to a provider’s image.

5
 MaaS360.com > White Paper

HITECH, enacted as part of the American Recovery and Reinvestment Act of 2009, focuses on patient
care and safety and clinical efficacy. According to the U.S. Department of Health & Human Services
MDM is software that
(HHS) most breaches reported to HHS so far under the HITECH Act have been theft or loss of mobile
secures, monitors,
computing devices, resulting in the exposure of millions of patients’ protected health information.
manages and supports
mobile devices that
are deployed across Categories of Mobility Management
mobile operators, Security across platforms adds another level of complexity as does the mix of user-owned with
service providers and facility/corporate owned devices. BYOD leads to the expectation of support, but many businesses
enterprises. have only one standard corporate platform.
This is not uncommon, but is just one of four models that the Healthcare Information and
Management Systems Society (HIMSS) sees in its observation of the industry. (HIMSS, a not-for-
profit organization, is focused on providing global leadership for the optimal use of information
technology (IT) and management systems for the betterment of healthcare.)
1. Ad-hoc: Workers bring their own devices unbeknownst to the healthcare organization which
has no official policy.
2. Uncontrolled: A mix of formal and undocumented policies and a combination of ownership.
Support is also fairly undefined and provided by the user/owner, the providers’ IT department,
the carriers and the manufacturers.
3. Controlled: Policies are defined and enforced. Ownership is also defined but is both BYOD
and corporate liable. Apps are usually managed by the enterprise.
4. Owned by the enterprise: The business issues, manages and supports the devices and apps.

The MDM Solution

So how does a healthcare facility/provider easily get from the first category to the fourth? Mobile
Device Management (MDM).
MDM is software that secures, monitors, manages and supports mobile devices that are deployed
across mobile operators, service providers and enterprises.
The purpose of MDM is to provide security on a mobile communications network, doing so while
supporting multiple devices, which may be facility-owned, user-owned or a combination. MDM
functions include over-the-air distribution of apps, as well as data and configuration settings for all
types of mobile devices, including smartphones and tablets.
“MDM can manage all of the exponentially growing devices and data in healthcare today,” explains Neil
Florio, vice president of marketing at Fiberlink, an IBM company. “For example, a doctor is at a patient’s
bedside and then decides to go to lunch. Then by pure accident the doctor leaves behind her iPad.
She has not only left behind a $500 device, but all of her patients’ records along with it. Without
MDM, someone could walk away with the device and gain access to all of the highly confidential
data that it holds. With MDM, the doctor can report the loss to IT, and all patient data can be wiped
clean saving the organization hefty compliance fines and reputation loss.”

6
 MaaS360.com > White Paper

According to a recent Gartner report (“Magic Quadrant for Mobile Device Management Software”),
In healthcare facilities, a fully-managed mobility solution cuts across standard MDM and telecom expense management
you often have a lot and includes:
of employees who • Software distribution: The ability to manage and support mobile application, including
are transitional. deploy, install, update, delete or block
• Policy management: The development, control and operations of enterprise mobile policy
• Inventory management: Beyond basic inventory management, including provisioning
and support
• Service management: Rating telecom services

MDM in the Cloud

Fiberlink’s MaaS360 product, using a cloud-based delivery model, manages and secures all types
of mobile device platforms used in healthcare facilities and enables compliance with HIPAA and
other regulations, satisfies auditors and reduces the cost of managing mobile devices. It provides
users with the flexibility to work anywhere, any time and IT with the tools to secure, monitor and
maintain the mobile assets on the network, including facility- and user-owned devices.
With MaaS360, you can configure devices over the air, track assets across your organization, secure
access to sensitive patient data, distribute apps and documents, and ensure devices are compliant
with healthcare institution policies and industry standards. Ultimately, MaaS360 helps healthcare
organizations meet the strict regulatory requirements surrounding these mobility initiatives.
Selective wipe is one of the most important features. If a doctor is using her own device, she may
have a lot of his own personal data on it as well. With other MDM solutions and approaches, if a
device needs to be wiped, the user loses everything. MaaS360 compartmentalizes personal data
from professional and patient data to prevent this.
Hazelton recommends the cloud for MDM in this industry. “In healthcare facilities, you often
have a lot of employees who are transitional. They may come in for short periods of time, or
they may work for multiple organizations. It can be a challenge to support this transitional staff
structure. Having the cloud capability, so you can scale up or down to support the users as you
need, can be a real benefit. If you are able to find a cloud service that has an initial lower cost and
initial set-up for additional devices, this can be a significant advantage, versus premises-based.”

7
 MaaS360.com > White Paper

Laying Out the MDM Strategy

As a healthcare facility or provider, ask the following
questions when considering MDM:
• What kinds of devices (and how many) are going
to be on the system as it is rolled out, and what
kinds of devices (and how many) are anticipated
in the future?
• Who in the organization will be able to use a
mobile device and what type of support will
they get from IT?
• What level of security policy management are you
going to need to require of the MDM system?
• What device features do you need to restrict for certain employees?
• What apps and data are currently needed on the devices, and what may be required
in the future?
• What type of mobility operations and compliance reporting do you need?
Initially, the most important concern, according to Hazelton, is to make sure that the MDM offering
meets the requirements of regulations, including a controlled BYOD program.
After that, it is important to consider applications, especially electronic health record applications.
“A lot of facilities are rolling out apps to help the healthcare workers, and there are usually one or
two that are large, system-wide applications. However, over time, as healthcare organizations begin
to get their hands around mobility, you may begin to see additional smaller apps, possibly many
dozens, being used by different departments. As a result, they will need greater capability within
their MDM offering. It will involve more than just being able to lock down devices, but controlling
the apps and making sure that they are being used correctly, especially in terms of following the
required regulations.”

8

Once it became
known that
these apps were
available for handheld
devices, we saw an
avalanche of
them being brought
in, particularly
iPhones and iPads
All brands and their products, featured or referred to within
this document, are trademarks or registered trademarks of
their respective holders and should be noted as such.
MaaS360.com > White Paper
MDM in Action
As part of Australia’s largest not-for-profit healthcare
provider, St. Vincent’s Hospital in Australia offers best-
in-class services, facilities and expertise, along with
educational opportunities, to residents of Sydney and
New South Wales.
The hospital wanted to automate many of its clinical
systems and begin porting them to the smartphones
and tablet devices on which many of their staff had
begun to rely. This development included apps that
presented test results and correlated them to patient
histories, and one that provided instant access to
radiological and other scans.
“Once it became known that these apps were now available for handheld devices, we saw an
avalanche of them being brought in, particularly iPhones and iPads,” said Peter Param, manager
of IT security. “We had quite a mix of devices in use at the hospital, from those distributed by us
to personal ones brought in by the clinical and administrative staff. We needed to act quickly to
be able to manage their use securely.”
Param and his team selected Fiberlink’s MaaS360 for its cloud deployment model and resulting
efficiency in deployment management. With MaaS360, there were no servers to install, no
configurations or infrastructure changes, and no investment in expensive business software.
The hospital also found the security features of MaaS360 to be particularly appealing—its ability
to know and control information security safeguards on employees’ mobile devices and react
rapidly to lost or stolen devices through remote wiping features.
The hospital’s IT security staff can discover, enroll, manage and report on all mobile device
status quickly and easily, and with the click of a mouse.
“Apps and updates are pushed very easily to users, who are already quite familiar with that
native experience on their smartphones,” said Param. “The transition has been seamless.”
For More Information
To learn more about our technology and services visit www.maaS360.com.
1787 Sentry Parkway West, Building 18, Suite 200 | Blue Bell, PA 19422
Phone 215.664.1600 | Fax 215.664.1601 | sales@fiberlink.com
WP_201210_0042
9