Developing a mobile management plan
Marion McCall, BBA, RN, CNOR, CPHIMS, 2013-2014 Chair of the Perioperative Nursing Informatics Specialty Assembly, presented “Bring Your Own Device in Health Care Mobile Device Proliferation,” a session that examined the need for every hospital to set its own policies and standards related to mobile device usage. McCall discussed elements that should be considered as part of an organization’s mobile device policy, including mobility goals, “bring your own device” policies (ie, allowing employee-owned devices), users allowed, device security, approved apps, and financial decisions regarding who pays for mobile access in the workplace.
The session also highlighted rapidly growing trends related to mobility in the workplace, including Gartner’s prediction that by 2016, 40% of the global workforce will be mobile and 67% of workers will be using smartphones. With an estimated 5.9 billion mobile subscribers worldwide, McCall emphasized that mobility will change health care, pointing out shifts already underway, including that 81% of patients want online access to schedule appointments and fill out forms and 78% go online to access medical histories and share data with physicians. Although 81% of health care providers use mobile devices to store or transmit data, 50% do nothing to protect it. McCall pointed out the growing security risk related to mobile usage and the potential economic burden associated with data breaches in US hospitals. She also highlighted some of the benefits of mobile technology, such as reduced manual errors, increased employee productivity and efficiency, and increased compliance accuracy for quality reporting.
The session largely centered on key steps for developing a mobile management plan:
1. Organize a mobility steering committee – Form a team of stakeholders with internal experts. McCall emphasized that three groups in each organization play a pivotal role: information technology, human resources, and line-of-business units.
2. Outline your organization’s goals – Define the challenges and opportunities that your organization is trying to address with a mobile policy.
3. Define policy details – No one-size-fits-all policy will work for mobile device usage. Organizations should identify what devices and operating system platforms will be supported and establish rules for applications and data that are off limits.
4. Spell out financial terms – Clarify financial responsibilities associated with mobile device usage. McCall outlined three basic financial models: direct billing, a fixed monthly reimbursement, and reimbursement based on employee expense reports.
5. Address liability issues – Employees who are mobile device users should understand the penalties for failing to adhere to mobile policies. Organizations should hone in on data that may be subject to government security and privacy regulations.
6. Lock down security – Organizations should typically devote the most time and resources to this aspect of a mobile management plan. Sensitive information housed on devices that may be lost or stolen poses significant security vulnerabilities and organization should address items like user and device authorizations, device and data encryption, use of virtual private networks (VPNs), and sandboxing techniques (ie, isolating code to allow applications to run separately).
7. Manage the rollout – Organizations should create a plan that should be approached similar to a public relations effort to explain to individuals why the policy needs to be in place. A pilot group should be formed to test the policy, and organizations should collect data to measure benefits and results.
8. Address ongoing changes – Organizations should keep the mobile policy viable through regular reviews and updates and the policy should evolve to address each organizations’ changing needs.