Mobile Policy Enforcement Issues Could Expose Hospitals To Security Problems

Posted on June 15, 2018 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Over the last several years, mobile device management has become a critical issue for hospital IT departments. As mobile use by both clinicians and patients has soared, hospitals have been scrambling to keep up. Now, a new study suggests that the policies hospitals develop to manage mobile devices are enforced inconsistently, a finding which should concern hospital leaders.

To perform the study, which was backed by mobile communications firm Spok, researchers collected responses from roughly 300 healthcare professionals from across the U.S. The survey reached not only IT leaders but also clinicians, who made up 44% of respondents. Another 40% included a wide range of professions, including pharmacists, medical technicians, business analysts, social workers and lab managers. IT respondents made up just 10% of those surveyed.

One of the results of the survey was that hospitals vary widely in the maturity of their mobile management strategies and their ability to execute them.

Certainly, the mobile management concerns have become a bigger deal over the last several years. Back in 2012, when Spok first asked survey participants about their mobile approach, only a third said that they had a formal strategy in place. By 2017, though, the number of respondents reporting that they had a mobile strategy had climbed to 65%. (That number actually fell to 57% in 2018, for reasons that are unclear.)

That being said, these strategies are relatively new. Forty-six percent of respondents said their organization had a mobile strategy in place for one to three years, and another 12% reported having a formal mobile management strategy for just one year.

The most common mobile strategy was focused on mobile management and security (56%), followed by mobile device selection, integration with the EMR (48%), infrastructure assessment (45%), clinical workflow evaluation (43%), device ownership strategy e.g. BYOD (34%), mobile app strategy (29%), mobile app catalog (16%), mobile strategy governance (14%) and business intelligence and reporting (12%).

Hospital leaders are continuing to rebuild their strategies as needed. Many hospitals have upgraded their mobile strategy over time, for reasons that included better meeting the needs of end users (39%), changes in clinical workflows (28%)  and addressing security and compliance requirements (25%).

Despite all of this effort, however, there seems to be a gap between mobile strategy development and the extent to which mobile strategies are enforced and understood by hospital staff. While 43% of hospitals have security teams, telecommunications teams or clinical informatics teams enforce mobile policies, many hospitals are struggling to give these rules some teeth.

True, 39% of respondents said that their hospital enforced mobile policies extremely well, and on a consistent basis, and another 33% said they were enforced well most of the time, and another 24% said they were not sure. This suggests that those institutions aren’t educating employees and clinicians about these issues, nor are they getting tough about enforcement. And of course, if hospital clinicians and staff don’t even know whether a strategy is in place, they’re probably not following it.