• BYOD’s statistics provide a snapshot of the future

    As smartphones become smarter, healthcare’s eHealth has to keep up with doctors’ and nurses’ eHealth ingenuity. They rely extensively on their own mobiles to access and share clinical data. Bring Your Own Devices (BYOD), is now an essential and more convenient part of eHealth. A study by Imperial College, London (UCL), published BMJ Innovations, found:

    99% of doctors own a smartphone, 74% own a tablet device96% of nurses own a smartphone, 65% own a tablet device93% of doctors found their smartphones ‘very useful’ or ‘useful’ for their clinical duties93% of nurses found their smartphone ‘very useful’ or ‘useful’ for their clinical duties90% of doctors use their medical apps as part of their clinical practice67% of nurses use their medical apps as part of their clinical practice46% of doctors used picture messaging to send patients' clinical information to their colleagues7% of nurses used picture messaging to send patient-related clinical information to their colleagues72% of doctors want a secure means of accessing data37% of nurses want a secure means of accessing data.

    The health professionals’ perceptions of using smartphones in clinical practice are positive. From a list of adjectives, they chose positive terms such as helpful, brilliant and essential more frequently than negative terms such as unnecessary, complicated and terrible. It reveals that many of them see BYOD as a constructive solution, not just as practical means of overcoming eHealth’s limitations.

    For Africa’s health systems, BYOD’s an invaluable contribution to eHealth costs. It seems a reasonable assumption that these BYOD practices will increase, so an eHealth challenge is ensuring effective eHealth regulation and cyber-security to embed them constructively into clinical and working practices.

  • England’s mHealth has successes and challenges for African initiatives to learn from

    Strategies and plans for mHealth and mobile working stretch across most of Africa. A service from Digital Health can help the continent’s health systems to compare their performance with some of England’s NHS mHealth initiatives. Its Advisory Series, August 2017 deals with mobile and modern working. It has two perspectives, projects for clinical staff working in communities and mHealth that improves hospital care and to help non-clinical staff to be efficient.

    For mental health services, a goal’s to extend mobile access to EHRs for staff working mainly outside hospital. It includes logistics data such as patients’ locations and travel plans between them. mHealth benefits inpatient services too, where there are many routine tasks, such as therapeutic observations, and not similar to some community services that can involve complicated conversations that need recording. An mHealth solution from an in-house development enables health workers to use a range of phones or tablets that provide process-driven interfaces about patient care. mHealth can also replace traditional paper ward diaries with eLogistic  systems.

    Clinical audit and research can benefit from mHealth. An app can capture data about interactions with patients and match these against clinical guideline milestones. Instead of writing activities, doctors can tick boxes and data can be analysed and practices reviewed. Time saving and better quality healthcare are the results.

    South Gloucestershire Clinical Commissioning Group is another organisation which has found increased efficiency through greater use of mobile – simply by introducing the sort of electronic diary management abilities most take for granted in their private lives.

    Bring Your Own Device (BYOD) isn’t seen as viable for some NHS organisations. The extra complexities it brings can disrupt and a number of cultural changes to clinical and working practices are needed to realise mHealth’s benefits. These are the most challenging components of mHealth projects. They’re more significant than affordability challenges of devices, software, licences, connectivity and cyber-security. Mind-set changes and clinical leadership are essential for success. Clinical informatics champions, currently a small cadre, are helping to increase mHealth adoption.

    Africa’s mHealth programmes will have encountered many of these themes. There’s strong case for their leaders to share their experiences too.

  • Want to develop BYOD use? BCH has a way

    As Bring Your Own Device (BYOD) solutions become more attractive in healthcare, increasing adoption needs a rigorous, constructive process. A team at Boston Children’s Hospital (BCH) has done it. In the Journal of Medical Internet Research (JMIR), the team’s described how it created a mobile app development guideline for BYOD and applied it to TaskList, an in-house app with an Apple operating system (iOS). Medical residents can use it to monitor, create, capture, and share daily collaborative tasks associated with patients. 

    It was designed in four phases: 

    Mobile app guideline development Requirements gathering and developing TaskList to fit the guideline Deploying TaskList using BYOD with end-users Refining the guideline based on the TaskList pilot.

    The result was fourteen practical recommendations in four categories:

    Authentication and authorisation Data management Safeguarding app environment Remote enforcement.

    The fourteen recommendations by nine types of risk are: 

    Unauthorised access to app and decreased productivity: Adopt enterprise-standards but usable authentication Implement Role-based access control (RBAC) Unauthorised access to data: Implement at least three layers of security on data transmission, transport layer security, access control and content security Allow apps to work on internal networks or VPNb only Data transmission to unauthorised parties: protect the mobile app’s notifications Unauthorised access to apps and data Prevent apps from working on jail-broken devices Allow apps to only work on encrypted-devices or devices with pass-codes Unauthorised access to data: require apps to use minimal cache Unauthorised access to the app: enforce automatic logoff Data transmission to unauthorised parties: Limit copy data and print screen functionalities Limit backup on Cloud services App distribution to unauthorised parties: distributing the app and implement internal over-the-air installation and app updates Unauthorised access to app Implement remote wipe out functionality Implement ability to disconnect and block a user anytime.

    These provide a viable model for Africa’s health systems to adopt. They’ll encourage BYOD use.

  • A BYOD policy template Africa's healthcare can use

    Mobiles aren’t truly ubiquitous, but they’re closing in. Many health workers use theirs for their health duties, Bring Your Own Devices (BYOD). Health organisations need policies to deal with them. Tiger Text’s provided policy guidelines for healthcare. They apply to general use of personal devices in the workplace, and include:

    The healthcare organisation will use its discretion to decide which employees may use BYOD All personal devices must be approved by the Information Security Department before they’re used Exercise discretion as personal devices may interfere with productivity and distract others Personal devices may only be used during breaks and meal periods Ensure that friends and family members are aware of this policy The healthcare organisation will not be liable for the loss, theft or damage of any personal devices To ensure confidentiality of Protected Health Information (PHI), never use traditional text messaging or multimedia messaging services when sending work related data with your personal device Download and use the TigerText application when sending messages containing PHI, social security numbers, or financial account information Using TigerText’s subject to the healthcare organisation’s Secure Messaging Policy and employees must read and understand this policy in detail before using TigerText Work related pictures, video, voice files, and other data must be sent within the TigerText application Local storage of work data in personal devices is never allowed Applications that interfere with the functionality of TigerText must never be downloaded on personal devices The healthcare organisations policy prohibits screen capture or sharing PHI with users who are not bound by the healthcare organisation’s Privacy Policy All data transmitted for work related purposes using personal devices is the healthcare organisation’s sole property The healthcare organisation has an absolute right of access to all of the data sent with a personal device and may exercise its right whenever management deems it appropriate Personal device users have no privacy rights when using their personal devices in the workplace and healthcare facility Personal devices and messages sent by it can be reviewed whenever management deems it appropriate The healthcare organisation’s general policy for using mobile and personal devices determines when and where they may be used Using them near some types of equipment, or in some parts of the healthcare facility, may be prohibited If personal devices are lost or stolen, owners must notify the healthcare organisation immediately so that the data stored in a TigerText account can be remotely wiped from the devices Users should implement a password on all personal devices used in the workplace to ensure that third party access to content is limited Personal devices in healthcare facilities and property are subject to general policies for safeguarding against cross-contamination and other patient health concerns Disposal or sale of personal devices should be done only after all the healthcare organisation’s data and content is removed, including the TigerText application If employment’s terminated, all the healthcare organisations’ content, including the TigerText application, must be removed from leavers’ personal devices All costs associated with personal devices shall be borne by owners, except for the costs of access to TigerText Employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

    TigerText is a secure, real-time message app. Africa’s healthcare organisations may have other, equivalent apps, replacing Tiger Text in the policy template. Tiger Text point out that their policy template isn’t legal advice. It does provide a helpful start point for Africa’s health systems to begin the process of this part of eHealth regulation.

  • Spok's BYOD guide can help to set policies

    An increasing trend is for health workers to Bring Your Own Devices (BYOD) to work and use them to access their organisations’ information. It poses considerable security risks, but rather than ban it, BYOD can offer benefits if it’s effectively managed and regulated. Spok has published a guide, The 2015 Hospital Guide to Bring Your Own Device Policies, to help healthcare organisations protect sensitive patient information and to succeed with BYOD.

    It’s based on two main research findings. One is that BYOD policies can save healthcare organisations money. The other is that it takes time to create a successful BYOD, needing good planning and implementation to maintain the integrity and security of patient information being accessed and shared by BYOD.

    The guide deals with critical points to consider in the design of an effective BYOD policy for a hospital. These are:

    Who pays for what? If they use it, will you support it? What is effective and acceptable use when it comes to BYOD? Is it safe? The multi-site dilemma.

    It provides a sound basis for African countries to develop their BYOD regulations. It’s a short cut to moving ahead.

  • Ten tips for evaluating BYOD cost-benefit

    With the prospect of a progressively increasing role for Bring Your Own Devices (BYOD) in Africa and elsewhere, it’s good to know that there’s advice on how do to it. Gartner’s described challenges, Cisco’s an eye on it TechRepublic has a report on ten considerations for BYOD cost benefit analysis, to help make organisations quantify their position after considering competing risks and opportunities.

    New costs of an enterprise Model Device Management solution New costs of BYOD policy development and program management New costs to update enterprise security and help desk to deal with new responsibilities and risks created by BYOD New risk management expenses New internal app development costs, to allow BYODs to interact with business systems New, potentially hidden back-end costs, such as software licensing and increased network traffic Uncertain costs of BYOD data plans, which could be a cost or a saving, depending on how it’s financed Potential to reduce the cost of company-owned devices Potential benefits to employee morale and productivity Potential benefits of employees being more responsive to your customers – perhaps

    Capgemini analysts are upbeat about BYOD, with a recent paper titled “it’s all about employee satisfaction and productivity, not costs.” Technology company Cisco believes BYOD can deliver productivity and cost savings, which is explained in their blog. African healthcare organisations want happy, productive employees and cost savings, so BYOD looks promising and worth a closer look.

  • Gartner says BYOD is disruptive

    Analysis firm Gartner has views on Bring Your Own Devices (BYOD), describing it as “a disruptive phenomenon where employees bring non-company IT into the organization and demand to be connected to everything.” They add that it’s often without proper accountability or oversight.

    Gartner reports staggering numbers. For example, that “by 2016 over 30% of BYOD strategies will leverage personal applications, data and social connections, for enterprise purposes.” That could be less than two years away.

    Gartner describes three challenges:

    Governance and compliance to protect organisational regulations, trust, intellectual property and other obligations Mobile device management to manage growing workforce expectations around mobility and ability to connect multiple devices Security to protect data and network availability and avoid data loss.

    As African organisations prepare to make the most of eHealth opportunities, BYOD will almost certainly be a feature. Keeping an eye on Gartner’s three challenges is essential.

  • BYOD: embrace it!

    Health workers will bring their own devices to work. Embrace it. Fighting it seems like a losing strategy.

    Beaufort Memorial Hospital in South Carolina in the USA, adopted a simple regulation regime, as reported in Healthcare IT News. The Hospital’s vice president for information services has introduced three simple arrangements to make Bring Your Own Device (BYOD) easy:

    Make the system invisible so that security and legislation compliance does not create cumbersome workflow disruptions. Go further than personal devices by providing health workers authorized access to applications from all computers from desktops throughout the hospital Make it simple: workers ID badges have a radio frequency identification (RFID) chip that they use to log on to any computer in the hospital, avoiding the need to remember several passwords.

    This offers a good benchmark for African countries developing their hospital information systems. Embracing change rather than fighting offers good potential with BYOD, which is unlikely to go away.

  • BYOD is an opportunity and a big security threat

    More and more people bring their own devices to work for the convenience of having personal and business related data on one device. The snag is that bring your own devices (BYOD) is a growing security risk to corporate ICT infrastructures. B2B International’s study Global Corporate IT Security Risks 2013  has shown that the number of IT security incidents involving cell phones and tablets is on the rise. It also suggests that most companies have no plans to limit the use of personal mobile devises for work-related purposes.

    According to the study, only 17% of South African companies have developed mobile device security policies for their corporate environments. ICT security incidents involving mobile devices take on many different and changing forms, and are challenging to keep up with, and they will become more diverse and widespread.

    B2B International’s survey found that 11% of respondents identified mobile devices as the source of at least one confidential data leak over the past year. This means that mobile devices caused more critical data leaks than the 9% from employee fraud, 5% from staff sharing data, and 2% corporate espionage.

    Effective, tough ICT security policies for mobile devices are essential to reduce the business risks of mobile phones and tablets. That well-developed security policies for BYOD are the exception rather than the rule leaves corporate entities, including healthcare organizations, exposed to risk

    Irish Novelist Samuel Lover (1797-1868) is attributed with the aphorism that “It is better to be safe than sorry.” It still resonates after two centuries.

  • Do you BYOD?

    It’s an expanding practice, and healthcare CIOs and regulators need to respond to it. New technologies bring new practices, leading to anxieties then guidance to help to calm the nerves of custodians.

    For Bring Your Own Devices (BYOD) guidance is plentiful. Two examples are from Kony, a platform provider that empowers developers to build apps, and mas360 by Fiberink, a firm providing enterprise mobility management solutions. They both have White Papers proving guidance for BYOD.

    Kony’s Mobile Application Management Meeting the BYOD challenge with next-generation application and device management sets out five principles:

    Management primarily at the application, not hardware or firmware layer Management based on policies, rules and roles Management as collaboration Configure once, run everywhere Visibility everywhere.

    Maas360’s White Paper The Ten Commandments of BYOD has, predictably ten measures

    Create Thy Policy Before Procuring Technology Seek The Flocks’ Devices Enrollment Shall Be Simple Thou Shalt Configure Devices Over the Air Thy Users Demand Self-Service Hold Sacred Personal Information Part the Seas of Corporate and Personal Data Monitor Thy Flock—Herd Automatically Manage Thy Data Usage Drink from the Fountain of ROI

    This type of guidance gives healthcare CIOs and regulators in Africa a quick start to the issues and practices they need to deal with BYOD and its continuing growth constructively. Downloading the White Papers needs registration.