+ 1 917 7958252 Toll-free Chat Now Available 24/7
Log in
+ 1 917 7958252 Chat Now
Log in
Order Now

Posted: June 16th, 2015

The Usage of Mobile Devices in a Clinical Environment

SECTION                       TABLE OF CONTENTS                                          PAGES

Abstract ………………………………………………………………………… 3

Introduction ……………………………………………………………………. 4

Statement of Problem …………………………………………………………. 4-5

Research Questions/Objectives ………………………………………………. 5

Review of Literature …………………………………………………………… 5-16

Methodology …………………………………………………………………… 16-18

Timeline ………………………………………………………………………… 18

Bibliographic References ……………………………………………………… 19-21

Appendices ………………………………………………………………………22

 

 

 

 

 

 

 

 

 

 

 

 

 

Abstract

The study is to assess the benefits and challenges associated with bring your own device (BYOD) concept within a clinical environment. The review of literature in this paper leads to three research questions: (1) Do clinicians want to use personal mobile devices in the process of healthcare delivery services? (2) How do clinicians want to use personal mobile devices in the process of healthcare delivery services? (3) How do clinicians want Information Technology Services (ITS) to support the use of personal mobile devices? The method chosen to answer these research questions will be a survey questionnaire.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Introduction

Bring Your Own Device (BYOD), is the concept of allowing employees to bring privately owned devices such as smartphones, tablets, and laptops into their workplace for use and access to an organization’s applications and information. According to the Journal of Mobile Technology in Medicine, 91% of healthcare professionals owned a mobile phone of which 87% used it during clinical practice (Honigman, 2013). It is not millennials or other technology early adopters driving healthcare BYOD in many cases. This demand is coming from the clinicians who bring in revenue for hospitals, so naturally healthcare administrators are endorsing hospitals and healthcare providers to support BYOD practices (Kelly, 2014). The use of mobile devices in the workplace has proven to be beneficial for the healthcare industry, allowing clinicians to access patient data, billing information, and clinical trial data via mobile devices. BYOD present critical privacy and security challenges; however, it can still be quite effective in a healthcare environment given the right strategy, technology, and regulatory compliance framework.

Problem Statement

The use of mobile devices is changing the patient delivery care environment. Many healthcare organizations have reached a crossroad between emerging trends of clinicians using personal mobile devices or requesting to use their own devices to increases productivity. The primary challenge for any organization supporting BYOD or planning to implement the concept is maintaining compliance with information security regulatory requirements. To address the security and other challenges an organization should conduct an assessment, of what systems should be accessible via BYOD, what mobile data management (MDM) strategies does the organization support and employ, and what existing security policies are utilized (Kelly, 2014).

As a result of this survey, the following questions will be addressed:

  1. Do clinicians want to use their personal mobile devices in the process of healthcare delivery services?
  2. How do clinicians want to use personal mobile devices in the process of healthcare delivery services?
  3. How do clinicians want Information Technology Services (ITS) to support the use of personal mobile devices?

Objectives

The objectives of this study is to 1) gauge the interest level of clinicians members to the BYOD concept, 2) identify mobile device management solutions to assist clinicians in using their mobile devices in healthcare delivery and 3) develop a BYOD policy framework that allows clinicians to utilize personal mobile devices of choice to perform work related activities effectively without compromising data security.

Review of Literature

Electronic Health Record (EHR) Systems/Applications

Electronic Health Records (EHR) systems have been implemented by an increasing number of hospitals around the world. Electronic health records are a digital format of a patient’s health record. The objectives for transitioning from paper records to EHRs are to facilitate the exchange of information between health care providers and to allow multiple providers to concurrently access patient records (AHIMA, 2010). An EHR system can collect past medical history, such as immunizations, vital signs, acute and chronic conditions, and lab results (AHIMA, 2010). Some of the functions include generating care plans, managing patient specific instructions, and providing patient education resources. EHR implementation initiatives have been driven by the enhanced integration and availability of patient data, and the need to improve efficiency and cost-effectiveness (Boonstra, 2014).

The healthcare providers have seen a rise in EHR mobile applications. Studies are showing upward trends in the use of EHR applications on personal mobile devices and unpredicted data security risks. It has been reported that 48 percent of patient data breaches are the result of theft of portable devices; therefore, it is imperative to have policies and procedures in place to address security concerns and recognize that the security of EHRs is a process and not an endpoint (Jannetti, 2014). Additionally, an organization must conduct a comprehensive assessment of mobile platforms and security vulnerabilities prior to deploying mobile device capabilities in a clinical environment.

What is BYOD?

Bring Your Own Device (BYOD) is the concept of an organization permitting staff to use their own mobile devices for work-related purposes. Clinicians increasingly rely on mobile-based communications. For some organizations, BYOD presents an option to enhance productivity and save money on device distribution and maintenance. The challenges associated with BYOD includes: allowing privately-owned devices to access and store hospital and patient information, encrypting data where necessary, drafting and updating policies to properly protect against HIPAA violations (Andrews, 2014).

 

Why BYOD?

Mobile healthcare is defined as “the use of mobile and wireless devices to improve health outcomes, healthcare services and health research” (HIMSS, 2012). This concept is one of the most transforming elements in healthcare in recent times. The rapid growth of mobile technology has forced healthcare organizations to support mobile platforms and provide health information electronically. Furthermore, it has been reported that clinicians will begin to utilize their own smartphones and tablets at work and have access to EHRs from any location to provide care.

As mobile technology continues to rise, organizations are embracing a “bring your own device” (BYOD) strategy. BYOD strategy is becoming a widely adopted practice in healthcare that allows staff members to bring their own mobile devices to work (ClickCare, 2014). This practice can be viewed as an advantage for clinicians because of the familiarity of their own device, which can increase productivity and lower costs for the organization. However, BYODs will present additional security concerns such as theft or being compromised.

When clinicians use personal devices for work related activities the risk of exposing sensitive information such as healthcare databases, patients’ personal information, lab tests, and digital images elevates. Organizations must implement a security strategy to meet the regulation requirements set by Health Insurance Portability Accountability Act (HIPPA) and Health Information Technology for Economic and Clinical Health (HITECH) Act (Federal Register, 2013). The challenge for Information Technology Services (ITS) is implementing security software that will support multiple platforms.

BYOD Challenges

Security Threats

According to Avancha (2012), the most common mobile device security threats include:

 

  • Loss, theft and replacement: Mobile devices are often stolen or lost, which can put health information in jeopardy if not secured.
  • Off-site data storage: Implementing a backup system for long-term archiving.
  • Network access control: Mobile devices can connect to any Wi-Fi network, which can be vulnerable for hacking.

Security

As EHRs continue to replace paper charts in many health care organizations, protocol must be implemented to ensure data stored in such systems are secure. The Health Information and Management Systems Society conducted a survey of health care organizations and found “approximately half of the organizations surveyed reported information technology budget allocations of three percent or less for security of EHRs” (Jannetti, 2014). Electronic health records often contains much more than health information, such as social security numbers, health insurance identifiers, financial information, and other entities that make identity theft possible. According to (Jannetti 2014), consumers can cancel a credit card in the event of a security breach; it is not as simple when it comes to a security breach involving EHRs because a breach discovery may take weeks or months.

There are three valuable practices to increase awareness of mobile security: physical security, internal security, and user knowledge and accountability. Physical security involves the risk to any mobile device (Rose, 2013). Mobile device users should be held accountable for device storage, allowable access to devices, and device security. Ultimately, the security risks of mobile devices depend on the behavior of users.

Internal security consists of determining the devices capability and functionality based on the platform of the mobile device (Rose, 2013). Some mobile device platforms support some applications, while other devices do not. ITS must assess how to support multiple platforms before allowing clinicians and/or staff members to use personal devices at work. It is critical that organizations ensure each mobile device that has network access is installed with required software and safeguards to reduce security risks (Walsh, 2010). Furthermore healthcare organizations must implement mobile device policies, such as remote data wiping, to erase all current data on the device in an event that a mobile device is lost or stolen.

Most EHR systems are web-based; therefore, organizations are required to invest in mobile application security testing to identify vulnerable patches in the software. “Mobile application security testing is a critical component of security for in-house and commercial applications, and overall enterprise mobility” (Feiman, 2013). The challenges of application testing for the ITS is meeting the healthcare industry standards and regulations. “The majority of internal IT departments are simply not equipped to carry out the rigorous testing that is required to enhance the protection of the mobile application” (Drolet, 2013). ITS must stay up-to-date with latest security threats keep health information secured.

Lastly, concerning user knowledge and accountability, devices are only as safe as the awareness and understanding of the user who has possession of the device at the time. Protecting a mobile device owner’s privacy while trying to enforce device and patient data safeguards is a balancing act. An employer can face liability challenges if “pirated software is found on a BYOD during a discovery motion or if the device is stolen and the contents later made public by the thief” (Smith, 2014). Every organization should have a mobile device management department to focus on how to address BYOD risk, compliance and costs. Furthermore, organizations should implement BYOD training sessions and policies to hold employees accountable for unfavorable actions while operating a mobile device on site and off site.

Healthcare Compliance Considerations

A challenge for ITS involves securing communication between devices that submit and receive personal health information (PHI) through a mobile application while following the Health Insurance Portability and Accountability Act (HIPAA) compliance policies. The best protection against data breaches is to encrypt the health information and require passcode protection. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights “implemented number a of provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, to strengthen the privacy and security protections for health information established under HIPAA” (HHS, 2013). The Security Rule requires physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information (HHS, 2013). A compliance governance structure is required to outline a policy, detail procedures and guidelines for non-compliance activities related to mobile device use.

 

 

BYOD Framework

Enterprise Mobile Management

Enterprise Mobile Management (EMM) is currently evolving from mobile device management (MDM). The terms EMM and MDM are interchangeable depending on the vendor or organization. EMM is comprised of configuration management tools, application configuration and policy management, and mobile content management based on smartphone operating systems (Cosgrove, 2014). The primary EMM functions include hardware inventory, application inventory, and remote data wiping. The goal of EMM is to develop safeguards for mobile device within an organization while concurrently protecting the network.

MDM have transformed to adapt to advanced mobile application management and mobile content management (Cosgrove, 2014). Mobile application management applies management and policy control functionality to individual applications, which are managed by the EMM console. This capability is necessary when the operating system (OS) (e.g., iOS, Android, Windows Phone) does not provide the required management capability or when organizations elect not to install an MDM profile on the mobile device. Application extensions are utilized when the OS does not allow the required management capability or when organizations do not install an MDM agent on the device (Cosgrove, 2014).

Mobile content management allows users to access content from personal mobile devices within EMM. Content management has three roles: securing content on mobile devices, push-based delivery documents, and content accessibility (Cosgrove, 2014). Securing content allows EMM to apply authentication policies and document sharing to control data being transferred through the network (Cosgrove, 2014). Push-based delivery restricts content being pushed and flags content based on the requirements (Cosgrove, 2014). Content accessibility can restrict mobile activity such as downloads (Cosgrove, 2014). Additionally, organizations will need to establish training sessions for learning how to operate mobile devices using the security software within the network.

Mobile Device Security Software

 

Enterprise mobile device management (MDM) software is a policy and configuration management tool for mobile handheld devices and an enterprise mobile solution for securing and enabling enterprise users and content. It assists enterprises in managing the transition to a more complex mobile computing and communications environment by supporting security and software and hardware management across multiple OS platforms (Girard, 2014).

Mobile Data Protection includes encryption and implements access controls for organizational data stored on mobile devices. The primary concern is organization owned workstations, typically mobile notebooks running a full OS, such as Windows 7 or Mac OS X, and removable media (Girard, 2014).

AirWatch

AirWatch is a mobile device management software that provides the ability to manage all the devices under one network. The vendor supports containerization of mobile content such as corporate email, browsing, content and applications (Redman, 2013). Containerization isolates an application to prevent malware from interacting with sensitive information secures by the container (Redman, 2013). AirWatch also supports multiuser management for the same device. Lastly, a secure content locker offers secure file synchronization and sharing capabilities for mobile devices with policy enforcement on document manipulation in the cloud and on site. Containerization is not supported across iOS, Android, and Windows Phone platforms (Airwatch, 2015). This inconvenience may result in increased complications where device diversity is a priority.

Strengths (Cosgrove, 2014)

  • AirWatch has proven large-scale deployments across every vertical market.
  • Good administrative console with embedded training videos, links and a wizard like approach to help new administrators become productive quickly.
  • One of two leading vendors to support the latest release of iOS on the same day, and was one of the first to support key technologies such as the Apple Volume Purchase Program and Samsung Knox.

Cautions (Cosgrove, 2014)

  • Numerous reports of problems in the Secure Content Locker and Inbox email applications, causing customers to use AirWatch only for MDM and mobile application management.
  • 7.1, AirWatch released the software only to cloud customers. Therefore, if immediate software updates is a selection criterion, consider only the cloud offering.
  • AirWatch customers have reported app wrapping issues with support and stability.

Mobile Iron

Mobile Iron consists of traditional mobile device management (MDM) capabilities with comprehensive security, mobile application management, and mobile content management capabilities (Redman, 2013). The vendor offers a reliable product for policy management and configuration in a competitive market. Mobile Iron provides software on site appliance, and “although it launched its SaaS version in 2011” (Redman, 2013). The vendor has continued to improve their cloud solution services to remain competitive within the software market.

Strengths (Cosgrove, 2014)

  • Customer support receives high marks in nearly all reference interviews.
  • MobileIron’s Federal Information Processing Standard (FIPS) 140-2 compliant mobile application management.
  • The only vendor in the EMM market that demonstrates real-time remote-view capabilities on iOS.

Cautions (Cosgrove, 2014)

  • Infrastructure is appliance-based and more difficult to monitor for availability and performance than many other competitive products.
  • Limited Android manufacturer API support than many other leading EMM vendors.
  • Administrative console is supported in English only, while reporting and end-user communications have broader language support.

BYOD Policy Considerations

The purpose of a BYOD policy is to establish a structure to support employee owned mobile devices. Although employees may own the mobile devices, the patient data still belongs to the organization. Therefore, a policy must address all safeguards to protect patient health information (PHI) in an event that the device is lost, stolen or compromised.

A BYOD Policy should include the following sections (Brown, 2015):

  1. Maintaining Privacy – will explain the expectations, acceptable and unacceptable activities of the devices in the organization.
  2. Device Support – outlines the types of BYODs that will be supported, ITS support and provides device configurations to access the network.
  3. Liability – outline ethical use, reporting lost or stolen devices, employee liability, and organization liability.
  4. Security – will explain the device security requirements such as password protection, prohibited actions (jail breaking), and conditions to wipe device.
  5. Device Exit Strategy – will outline the actions to be taken if an employee resigns or is terminated from the organization.
  6. Agreement/Signature – will require signature of acknowledgment that the employee has read agreed to follow the guidelines stated in the policy.

Model for BYOD

In a recent article, by Marshall (2014) revealed, “despite the potential benefits to both the organization and employees, the use of employee-owned devices raises issues relating to security, governance, processes, and even organizational culture”. The article focused on challenges associated with implementing BYOD in a healthcare environment and a case study of The Ottawa Hospital (TOH) deployment of BYOD. The case study outlined the practical benefits of allowing employees to use mobile devices, the security challenges, and recommendations offered to help healthcare organizations develop and implement a successful BYOD strategy (Marshall, 2014). Furthermore, the case study of BYOD illustrated that an organization must implement an additional layer of policy and technical support to manage the risks to privacy and security (Marshall, 2014).

Conclusion

 

 

The use of mobile technology is on the rise in the healthcare industry and healthcare professionals are embracing the convenience of mobile technology to handle work related tasks such as utilizing an electronic health record (EHR) application. However, the use of mobile devices leads to several security threats leaving patient information at risk for data breaches. Healthcare organizations must determine how they will support multiple mobile platforms under one network based on the user needs. The research revealed that a comprehensive framework that includes MDM, security policy, and compliance structure is essential for an implementation of BYOD.

Methodology

The primary research methods for this study are a literature review, quantitative, and published statistics. The study will identify the vision of mobile device management for clinicians, such as, using personal mobile devices within a network infrastructure, operating the devices without removing the user’s autonomy, mobile device application capabilities and security compliance for MDM deployment. Based on the outcome of study methods, comparable MDM solutions will be identified and a policy framework developed to align with survey respondent’s answers and regulatory requirements. Identification of MDM solutions will be accomplished by reviewing and assessing the literature and survey results to ascertain the top three solutions based on the following criteria: 1) mobile device support, 2) security management, and 3) scalability. Finally, a BYOD Policy framework will be constructed from industry best practices and regulatory compliance requirements for healthcare and research data.

Population and Sample

In June 2015, a BYOD assessment survey will be distributed to a convenience sampling representative population of Saint Louis University (SLU) clinical academic departments. The survey respondent’s will be identified by academic department name and job category (e.g. clinician).

Study Design

Respondents will be given the opportunity to answer a combination of nine yes/no and multiple selection questions to assess preferences of mobile devices and the concept of BYOD practices within specified clinical departments. Furthermore, the survey responses will provide the foundation for identification of MDM policy solutions and mobile device data security concerns.

Data Collection

The survey will be distributed online through SLU email, a direct link will be provided to the participants to gain access to the survey. The estimated time required to complete the survey is five minutes, the researcher is mindful of the busy schedules of clinician’s, therefore, respondents will be provided seven business days to submit the completed survey.

Data Analysis Plan

The researcher will analyze the data from surveys by totaling, averaging responses, and comparing relationships between the information provided. The data will be summarized in a report that will outline percentages, departments, negatives and positives discovered through the survey.

Ethical Consideration

Participation in the study will be voluntary and all respondents will have the option to withdrawal from completing the survey. The survey will have a cover letter that will outline the purpose of the study, description of the survey content, and the expected timeframe for submission of survey responses. Additionally, the cover letter will provide confidentiality information and the process of requesting final survey results. The survey cover letter is located in Appendix A.

Timeline

Month Task
Week of May 10th Submit Proposal
Weeks of June 8th Send Surveys
Week of June 15th Meet w/ Project Manager
Week of June 22nd Submit Final Paper

 

 

 

 

 

 

 

 

 

References

AHIMA. (2010). Managing the Transition from Paper to EHRs. Retrieved from http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_048418.hcsp?dDocName=bok1_048418

Airwatch. (2015). AirWatch Mobile Device Management. Retrieved from

http://www.air-watch.com/solutions/mobile-device-management

Andrews, J., Enrado, P., Wicklund, E., & Miliard, M. (2014). BYOD. Retrieved from http://www.healthcareitnews.com/directory/byod

Avancha, S., Baxi, A., & Kotz, D. (2012). Privacy in mobile technology for personal healthcare. ACM Computing Surveys, 45(1)

Boonstra, A., Versluis, A., & Vos, J. F. J. (2014). Implementing electronic health records in hospitals: a systematic literature review. BMC Health Services Research, 14(1), 370. doi:10.1186/1472-6963-14-370

Brown, N. (2015, March 17). BYOD in Healthcare: Creating a BYOD Policy. Retrieved from http://www.nextech.com/blog/byod-in-healthcare-creating-a-byod-policy

Clickcare LLC. (2014, June). Healthcare BYOD and HIPAA Security. Retrieved from http://www.clickcare.com/pdf/iClickCare_BYOD_HIPAA_Secure.pdf

Comstock, J. (2014, July 16). mobilehealthnews. Retrieved from http://mobihealthnews.com/34909/survey-healthcare-industry-has-the-most-trouble-with-mobile-device-security/

Cosgrove, T., Smith, R., Silva, C., Taylor, B., Girard, J., & Basso, M. (2014, June 4). Magic Quadrant for Enterprise Mobility Management Suites. Retrieved from http://www.wit.co.th/wp-content/uploads/2014/06/Magic-Quadrant-for-Enterprise-Mobility-Management-Suites.pdf

Drolet, M. (2013, June 20). Tips for testing your mobile app security. Retrieved from http://www.networkworld.com/article/2167493/tech-primers/tips-for-testing-your-mobile-app-security.html

Federal Register. (2013, January 25). Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules. Retrieved from https://www.federalregister.gov/articles/2013/01/25/2013-01073/modifications-to-the-hipaa-privacy-security-enforcement-and-breach-notification-rules-under-the

Feiman, J. (2013, August 13). Technology Overview: Mobile Application Security Testing for BYOD Strategies. Retrieved from http://www.gartner.com/document/2583017?ref=QuickSearchend

Gartner. (2014, December 8). Gartner Says By 2018, More Than 50 Percent of Users Will Use a Tablet or Smartphone First for All Online Activities. Retrieved from http://www.gartner.com/newsroom/id/2939217

Hamblen, M. (2014, December 8). Users will soon opt first for smartphones and tablets, not laptops and PCs. Retrieved from http://www.computerworld.com/article/2856188/growing-reliance-seen-on-smartphones-and-tablets-over-laptops-and-pcs.html

HIMSS. (2012, January 5). Definitions of mHealth. Retrieved from http://www.himss.org/ResourceLibrary/GenResourceDetail.aspx?ItemNumber=20221

Honigman, D. (2014). BYOD Issues Facing the Healthcare Industry. Retrieved from https://getreferralmd.com/2013/12/byod-issues-healthcare/

Jannetti, M. (2014). Safeguarding patient information in electronic health records. AORN Journal, 100, No. 3.

Kelly, W. (2014). The Right Medicine: Prescribing BYOD in Healthcare Information Technology. Retrieved from http://www.techrepublic.com/article/the-right-medicine-prescribing-byod-for-healthcare-it/

Marshall, S. (2014, March). IT Consumerization: A Case Study of BYOD in a Healthcare Setting. Technology Innovation Management Review.

Redman, P., Girard, J., Cosgrove, T., & Basso, M. (2013, May 23). Magic Quadrant for Mobile Device Management Software. Retrieved from http://ukblog.im-mobility.com/sites/default/files/Magic%20Quadrant%20for%20Mobile%20Device%20Management%20Software.pdf

Smith, R., Fiering, L., & Willis, D. (2014, December 30). Making Sense of Bring Your Own Device (BYOD) and Choose Your Own Device (CYOD). Retrieved from http://www.gartner.com/document/2953219?

U.S. Department of Health & Human Services. (2013, August 5). News. Retrieved from http://www.hhs.gov/news/press/2013pres/01/20130117b.html

 

 

 

 

 

 

 

Appendix A

Survey Cover Letter

 

My name is Courtney Butler and I am a Master of Science in Health Informatics (MSHI) student and information technology services (ITS) employee at Saint Louis University. For my final project, I am examining individual preferences related to the bring your own device (BYOD) concept for work related activities. Because you are an employee, clinician or student who may utilize a mobile device(s) in a clinical environment, I am inviting you to participate in this research study by completing the attached survey.

 

The following questionnaire will require approximately 5 minutes to complete. There is no compensation for responding. In order to ensure that all information will remain confidential, please do not include your name. Copies of the results will be provided to my Saint Louis University instructor and the project sponsor and manager Sharon Biddle-Ferrell for analysis. If you choose to participate in this project, please answer all questions as honestly as possible. Participation is strictly voluntary and you may refuse to participate at any time.

 

Thank you for taking the time to assist me in my educational endeavors. The data collected will provide useful information regarding the assessment of mobile device management solutions that can support a range of mobile device platforms without compromising data security and the development of a BYOD policy framework. If you would like a summary copy of the study results please let me know by replying to this email your request will not reveal individual survey responses. Completion of the questionnaire will indicate your willingness to participate in this study. If you require additional information or have questions, please contact me at the email listed below. If you are not satisfied with the manner in which this study is being conducted, you may report (anonymously if you so choose) any complaints to the Health Informatics program.

 

Sincerely,

Expert paper writers are just a few clicks away

Place an order in 3 easy steps. Takes less than 5 mins.

Calculate the price of your order

You will get a personal manager and a discount.
We'll send you the first draft for approval by at
Total price:
$0.00
Live Chat+1-631-333-0101EmailWhatsApp