Mobile Device Management: Key IssuesWhat to Ask Vendors When Choosing a System
A mobile device management system is critical to ensure security when using smart phones, tablets and other mobile devices to access patient information. But to select the right system requires asking vendors the right questions, says Ed Elliot, technical services manager at Sutter Health, a California integrated delivery system.
Mobile device management systems track and monitor devices to ensure, for example, that all security controls are functioning. And healthcare organizations have many good systems from which to choose, says Elliot, who gave a presentation Feb. 21 at the Healthcare Information and Management Systems Society Conference in Las Vegas.
Elliot suggests organizations pose challenging questions to vendors to make sure they select the mobile device management system that best meets their needs. Those questions should include:
- Does the vendor offer provisioning? Ask vendors whether they can update devices. Also, make sure that the MDM system allows for scripting, or additional coding.
- Can the MDM system monitor devices using the latest operating systems? Ask vendors about their commitment to keeping up to date with the latest mobile-device platforms, including new versions of Apple iOS and Android.
- Does the vendor offer a way to manage different platforms efficiently? Elliot advises those shopping for an MDM system to make sure the system works in virtually the same way regardless of the type of operating system the devices monitored use. "MDM becomes a key partner in looking at how you manage different platforms," Elliot says.
- Does the system offer remote monitoring/wipe? For tablets and smart phones, organizations want to be able to use an MDM system to confirm that a device was wiped of patient information, such as when it is lost. For regulatory compliance purposes, organizations should look for a system that creates a record that the device was encrypted and that the organization followed up promptly and wiped it when an incident occurred.
- How does the vendor manage encryption? Organizations need to talk with MDM vendors about how they'll manage encryption on devices, including encryption of data at rest and in motion, and how the system will report that information back.
If a healthcare provider plans to allow the use of personally owned devices to access patient information, it needs to adjust its mobile device policies, Elliot adds, such as to require the owners of the devices to permit remote wiping if the device is lost.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.