Skip to late 2010, just a little more than two years ago, when mature smartphones and early iPads and other small tablet devices really started to explode in popularity and functionality. As the mobile market grew, the devices quickly became status symbols, particularly in the physician community, says Ojas Rege, vice president of strategy at mobile security vendor MobileIron, Mountain View, Calif. Health care organizations had a variety of devices coming into their facilities. Security risks ensued. It wasn't clear how they could control data access and security on the devices.
The health care industry is far more open than other industries, with far more "free agents," since physicians often have privileges at multiple hospitals. Consequently, a physician may have a smartphone accessing apps and data from more than one hospital and also have personal data on the device.
Further, physicians may want certain functionality. They may buy an app that offers the functionality or contract with a local developer to build it-and not tell the hospital. Having security built into apps is critical to health care organizations, but not to developers. For instance, it wasn't until quite recently that native encryption came with Android devices. Another consideration: When developers are writing an app for an iPhone or iPad, there is an API, or application programming interface, for a second level of encryption. But if developers aren't told to use the second level, they won't, Rege contends. They are focused on the platform, not application security. Consequently, whether an app is bought from a local or national shop, a developer is a contractor. After the purchase, the developer has disappeared, leaving the unknown, potentially unsecure app in place at the hospital. As a result, policy and design rules on how apps are built and what organizational data should be in a device have become necessary.
These factors set the stage for mobile device management software. It gives organizations centralized control over what I.T. devices are coming onto their premises and what those devices can and cannot do. MDM started with basic tools-enforcing passwords and encryption, and wiping data from lost devices. It has evolved to a centralized management platform across an enterprise, Rege says. "The device, user and app will change, but it's all about the data."
A feature story in the February issue of Health Data Management explores how mobile device management is becoming one of the answers to controlling the BYOD rage.