Digital Workspace

4 Tips for a Balanced Healthcare Mobile Device Management Rollout

Provider deployments should prioritize patient security and clinician usability.

Joel Snyder, Ph.D., is a senior IT consultant with 30 years of practice. An internationally recognized expert in the areas of security, messaging and networks, Dr. Snyder is a popular speaker and author and is known for his unbiased and comprehensive tests of security and networking products. His clients include major organizations on six continents.

For healthcare organizations, deploying mobile devices is a balancing act. On one hand, such tools must seamlessly integrate into the workflow of busy staff and clinicians, making it easier to deliver care where and when patients need it most. On the other, security must be a top priority, especially as hackers continue to target the healthcare industry and sensitive patient data.

Management and protection of these devices should include implementation of a mobile device management toolkit. Here’s four ways healthcare organizations can get the most out of such deployments.

1. Narrow Your Mobile Device Choices

The goal should be to have a device go from first boot to fully enrolled in your MDM without any IT intervention; end users should be able to drive the process with their username and password, and it should all be done over the air. By working with the device vendor or distributor directly, out-of-the-box devices can phone home, download configurations, update themselves and enroll in your MDM automatically.

2. Be Mindful of Usability for Healthcare Staff

Select devices that work for healthcare. Gloved hands and masked faces make fingerprint readers and facial recognition difficult. Finding tools that have iris scans, for instance, can speed the unlock process. If you can flow biometric authentication through from device unlock to application authentication using standards such as Fast IDentity Online, that’s even better for end users — and eliminates the need for passwords, which can be easily stolen.

3. Ensure MDM Configuration Features

Basic device configuration enforced by MDM should include these five features:

Application store choice (only from authorized stores)
Block lists of applications that cannot be installed for security or policy reasons
Regular software check-ins and updates for both operating systems and installed applications
Enabled remote device wipe capabilities
And device unlock authentication controls (which require authentication to unlock, and lock automatically when idle).

4. Shore Up Mobile Endpoint Security

The jury is still out on whether built-in endpoint security is required for mobile devices, especially because MDM offers many of the same controls. If you can’t mandate a device platform that has built-in containerization (which keeps personal and work worlds from colliding on a device), add on an endpoint security solution that has containerization and ensure that it’s required by MDM policy.