iPad management, security crucial in hospital tablet roll out
Tablets, especially iPads, have become a way of life at the University of California, Irvine Medical Center, which now issues the tablets to incoming medical students. And just last month, the hospital’s Department of Emergency Medicine said it’s giving iPads to all 18 of its resident physicians as part of a patient-care initiative.
The incoming class of 100 medical students now routinely receives an iPad, thanks to private funding, says Adam Gold, director of emerging technologies at UC Irvine Medical Center, which has a hospital in Orange County and also functions as a teaching center for UC Irvine School of Medicine. The IT department there has set up document-sharing via SharePoint as part of this effort. “The entire curriculum is on the iPad,” Gold says.
The iPad invasion however has prompted the network and security teams there to establish security and management guidelines. These are backed up by practical enforcement through AirWatch mobile-device management (MDM) software and Bradford Networks network-access control.
One big issue is related to how everyone from medical students and professors, to physicians and other staff caring for patients in the hospital, all were clamoring during the last year or so to be able to connect their own mobile devices of all kinds to the wireless network. The IT department, led by the CIO, Jim Murry, went into a huddle with the clinical leadership overseeing medical applications, to figure out a few basic ground rules for a “Bring Your Own Device” (BYOD) policy.
First off, it was decided all personal mobile devices must use the AirWatch mobile-device management software to be allowed on the campus and hospital network. This is so the IT department can enforce policies among user groups, such as for encryption, which is mandatory for storing personal health information.
Another policy is not allowing sensitive data to be stored in cloud-based environment or file-sharing services like Dropbox. But this may eventually change as the university is working with AirWatch on new capabilities to be available soon that will allow data to be encrypted at rest outside of the iPad, Gold says.
The UC Irvine Medical Center had already been using network-access control (NAC) based on Bradford Networks, to restrict and control computers. This has now extended to mobile devices, too, but in this case, the NAC works directly with the AirWatch agent for specific purposes, Gold says.
The Bradford NAC can see the media access control address on devices used by all students and faculty, and if the mobile device is approved as correctly configured with AirWatch, it’s allowed on the network. But if it’s not, the mobile device is temporarily isolated sent to a virtual LAN segment and in the process, middleware the IT department came up with tells these mobile-device users that they need to install the AirWatch software if they haven’t. “We’re telling students they have to agree to install the AirWatch agent, which applies the profile for either students or faculty,” Gol saysd.
In addition the management issues, application development for iOS has also taken hold.
“We quickly learned how to write an iOS application,” he notes, and today UC Irvine Medical Center has three it makes available through its own internal apps store: a paging app for clinicians to look up anyone and page them; a so-called “way-finding” app that’s a flexible directional map; and a survey application related to patient care.
One reason for all the iOS enthusiasm is because UC Irvine Medical Center’s vendor Allscripts, which supplies the electronic medical record software, started developing apps for Apple iOS. This influenced the hospital and teaching institution to stick to iOS as a base for internal apps development, Gold says.
Most of the campus focus these days is on Apple iOS smartphones and tablets, since that appears to be the most popular there, but the same process is also been applied to Android devices, too.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. email: email@example.com.