In my last post regarding IT and healthcare policy, we talked about the somewhat unique expectation of "extreme availability" within the environments we support. I shared some of my past experiences and learned a lot from the community interaction in the comments. Thanks for participating! That kind of interaction is what I strive for, and it's really what makes these forums what they are. I’ve got one more topic I’d like to discuss in this series of blog posts, and I’m curious what you all have to say about it.
Just like in traditional SMB and enterprise IT, healthcare IT is concerned about managing mobile devices. In a traditional SMB or enterprise environment, most of the time we’re talking about company-issued laptops, cell phones, tablets, and the like. Sure, they’re carrying potentially sensitive data, and we need to be able to manage and protect those assets, but that’s pretty much where it stops. I’ll talk more about those considerations later in this post. In healthcare IT, our mobile devices are an entirely different beast. Not only do we have to worry about the types of devices mentioned above (and even more so, because even if they don’t carry protected healthcare information about patients, they are able to access systems that contain it), we also have mobile devices such as laptops and computers on rolling carts that move about the facility. We also have network-connected patient-care equipment (think MRI machines, etc.), all of which are potential risks that must be managed.
It all starts with strategy
Every implementation varies, so your specific goals may differ here, but traditional targets for mobile device management include the ability to control what software or applications are installed on mobile devices, control security policies on those devices (think screensavers, automatic-locking policies, etc.), control and require data encryption, location monitoring to help ensure that devices are where they’re supposed to be, or track when devices that aren’t supposed to leave the premises are no longer able to be reached, remote device wipes, etc. These days, there are a lot of commercial, off-the-shelf products that can help with mobile device management, but it all starts with strategy. Before you can start solving all of the problems I’ve listed above, you’ve got to first identify your individual goals for your overall mobile device management strategy. Are you only concerned with enterprise-owned assets, or do you care about BYOD equipment as well? What type of encryption rules are you going to mandate for your assets, and do they even support it? What about systems provided by and supported by third-party vendors? Are you going to require their compliance with your mobile device management strategy? Will you refuse to connect their solutions to your network if they aren’t willing or able to comply? As an IT resource, do you even have the authority to make that determination? The list goes on. Defining the mobile device management strategy may be the most difficult part of the entire operation.
Once you’ve defined your strategy and the goals that are important to you, you’re going to review the types of equipment you need to support. Are you going to be Apple-only, PC-only, or are you going to support capabilities in a cross-platform environment? Is your mobile device management strategy able to deliver feature parity of everything it provides in this cross-platform world, or are you going to discover that some of your goals are only achievable on two of the three platforms you want to support? In traditional IT, mobile device management is much less challenging than in healthcare IT, mainly because IT usually has the final say in what equipment will and will not be connected to the environment. That's not always the case in healthcare IT.
This post hasn't been about answering questions, it's been about asking them. What I was really aiming for was to get you thinking about everything that goes into mobile device management from a healthcare IT standpoint. How does policy influence it? How do the IT organization's controls impact equipment decisions? What other MDM challenges do you experience now in healthcare IT, and what new challenges do you see coming in the future? What solutions have you found that address these challenges, and what have their shortcomings been? Do you feel like you've been able to achieve your goals? I’d love to hear your thoughts in the comments! Until next time!