As Bring Your Own Device (BYOD) solutions become more attractive in healthcare, increasing adoption needs a rigorous, constructive process. A team at Boston Children’s Hospital (BCH) has done it. In the Journal of Medical Internet Research (JMIR), the team’s described how it created a mobile app development guideline for BYOD and applied it to TaskList, an in-house app with an Apple operating system (iOS). Medical residents can use it to monitor, create, capture, and share daily collaborative tasks associated with patients.
It was designed in four phases:
- Mobile app guideline development
- Requirements gathering and developing TaskList to fit the guideline
- Deploying TaskList using BYOD with end-users
- Refining the guideline based on the TaskList pilot.
The result was fourteen practical recommendations in four categories:
- Authentication and authorisation
- Data management
- Safeguarding app environment
- Remote enforcement.
The fourteen recommendations by nine types of risk are:
- Unauthorised access to app and decreased productivity:
- Adopt enterprise-standards but usable authentication
- Implement Role-based access control (RBAC)
- Unauthorised access to data:
- Implement at least three layers of security on data transmission, transport layer security, access control and content security
- Allow apps to work on internal networks or VPNb only
- Data transmission to unauthorised parties: protect the mobile app’s notifications
- Unauthorised access to apps and data
- Prevent apps from working on jail-broken devices
- Allow apps to only work on encrypted-devices or devices with pass-codes
- Unauthorised access to data: require apps to use minimal cache
- Unauthorised access to the app: enforce automatic logoff
- Data transmission to unauthorised parties:
- Limit copy data and print screen functionalities
- Limit backup on Cloud services
- App distribution to unauthorised parties: distributing the app and implement internal over-the-air installation and app updates
- Unauthorised access to app
- Implement remote wipe out functionality
- Implement ability to disconnect and block a user anytime.
These provide a viable model for Africa’s health systems to adopt. They’ll encourage BYOD use.