Mobile device management strategy in healthcare

An interview with Dave Alampi, Vice President of Product Management and Marketing at Jamf, conducted by April Cashin-Garbutt, MA (Cantab)

What is Jamf’s mission?

Jamf’s mission is very simple: we want to help organizations succeed with Apple devices. It's a very broad mission, Apple devices are getting used increasingly more in businesses, for example healthcare providers and in a variety of other industries, such as education. Our goal is to help them succeed with Apple devices to either empower their employees, empower their teachers or students, and help IT be more effective and efficient.

Doctor on smartphone

We've been growing very rapidly and we currently have 9,800 customers across the globe. That has increased about 49% from a year ago. Our purpose is to empower people with technology and we are a business that puts humans first.

What we mean by putting humans first is simply that we want to make sure that they have a great experience, that they can get their jobs done efficiently, and that the organization is protected and secure. We're helping manage approximately 7.3 million devices with our software, which is a growth of about 37% year over year.

Out client base consists of: 20 of the 25 top most valuable brands in the world, 8 of the top 10 technology companies, 7 of the top 10 worldwide media companies and 10 of the top worldwide marketing companies. We also have 12 of the top 20 best hospitals, 8 of the 10 top ranked universities and we have more than 3,700 K-12 schools.

We have in the range between 100 and 200 healthcare customers and we are a global business with more than half our customers located in the US. We have 8 offices around the world, including Amsterdam.

What makes Jamf unique?

Here at Jamf, we are solely focused on Apple devices. Part of the reason for this is that we want to ensure that we provide the best solution in the market for managing Apple devices. If you think about mobile device management (MDM) is, ultimately it’s about helping organizations deploy those devices and understand what devices are out there, what software is on them, what applications they can be used for and what security settings are available.

Our software also allows them to ensure that there's a lot of security around encryption, wifi, VPN, password complexity, and so on. Being able to manage all these settings on the devices, deploy applications or restrict applications, wipe data, activate Lost mode, and a variety of other things. It's about managing the full lifecycle of those devices, making sure that the users have what they need to be successful in terms of applications and content, but also doing it in a way that is safe and secure.

What makes us unique is our focus on Apple and taking advantage of all the built-in features that Apple has available as well as leveraging a lot of other things that go above and beyond that. We are very focused on providing zero-day support when Apple comes out with a new operating system. What’s very common on the day that a new operating system is released, is that people download the latest version and if their mobile device management solution is not ready (either doesn't support it, there are new features that it does not support or there are security issues) and your MDM vendor doesn't support it, then they will come across problems. This is also an issue in healthcare.

Users of Apple devices typically update their operating system very soon after an update has been released. For example, the release that just came out this last fall, over 84% of all devices out there have been upgraded to the latest version. In comparison, Android users show a considerably slower response and it can be months or even years before they actually upgrade to the most current version. Therefore, with Apple we want to make sure that we're prepared when there is a new update.

The reason for this lag is, I think, Apple users or people that like Apple products tend to love seeing the new updates because it unlocks new capabilities. Apple typically comes out with very interesting features and users want it right away, a sort of ‘culture’ has been created in the world of Apple. In addition to this, apple users have confidence that when they download it, it's going to work. That may not always be the case in other technologies.

I would say the other differentiator is that we very much focus on supporting all of the mobile device management capabilities that Apple devices have to offer. Again, that gets into everything from security to managing applications to being able to locate devices, and the list goes on.

Can you please give an introduction to mobile device management (MDM) strategy? Why is it important to implement a strategy in healthcare?

MDM is the idea of being able to manage all these devices. People who have these devices are on the go, they may have access to all sorts of information but do not know how use it properly. It can make employees unproductive because they don't have the right things when they need them.

MDM aims to empower those end users with the right applications, with the right content, and with secure access to the right wifi, networks etc., so making sure that their world is good, but also secure for the organization.
doctor and patient smartphone

Certainly within healthcare there is a tremendous amount of concern around privacy and security, therefore mobile device management software is critical in ensuring that there's patient privacy, that the data and devices are secure. That's, in a nutshell, why MDM is so important and why it's especially important to healthcare.

What did the recent global research by Vanson Bourne, commissioned by Jamf, involve and what were the main findings?

We surveyed 550 IT decision makers across healthcare organizations, from the US, Australia, France, Germany, and the UK, so we looked at some pretty big markets. It was a combination of public and private healthcare organizations. I will talk about some of the things that we found out.

Mobile devices are proliferating in healthcare organizations. That is both for the healthcare providers that are within those organizations and caregivers - this applies for both medical members as well as non-medical members. It also includes other members of staff and patients are starting to get access too.

Healthcare organizations are adopting mobile devices because there are a lot of different benefits. One of the main points of what we found out is that there's a very acute concern for patient privacy and security, as well as inappropriate employees of those devices.

Given all the regulations that exist around healthcare, these concerns are extremely valid. Another important point is that there's a lot of healthcare organizations out there that are not confident in the mobile device solution and even though they are using mobile devices, they're not necessarily confident in the solutions available today. So to summarize, there are a lot of concerns around patient privacy, security and employee abuse.

How did the findings vary by country?

The level of confidence in the solutions varies between countries, we found that France had the least confidence in their current MDM solution, about 36% of them did not have confidence in their current MDM solution. Australia had 32% confidence and the UK had 31%. Interestingly enough, Germany had the most confidence with 85% saying they were confident in their current MDM solution.

Another variation we found was about MDM adoption between countries. The adoption of MDM is lower in France and Australia. For Australia it's 77%, for France it's 78%, and then 86% across the entire survey are adopting MDM It indicates that there's some doubt that exists there. The concern is that if you have no solution in place you're putting your healthcare organization at risk.

Why did healthcare IT decision makers feel their organization’s MDM solution wasn’t up to scratch?

Part of their concerns, and it was not just their MDM solution, but it was more about just in general do they feel like they're safe and secure. From the survey we found that 14% don't even have a solution. While we didn't ask specifically why they felt their solution was inadequate, it's likely to be a general concern of risk of patients' privacy and security. There are a lot of compliance requirements and regulations that I think make people hypersensitive to that and more cautious.

Mobile devices generally are relatively new in the healthcare sector and this is likely to affect people’s confidence in it, because it is relatively new. New devices are constantly coming out, new updates to applications and software and operating systems. I think there's just a general fear that there's a lot of opportunity for risk and I think people have seen a lot of data breaches in the world, which helps to compound that feeling.

It is less about specific issues and more about confidence levels, although there are probably more data breaches going on out there than we have visibility to. Some of them may be more minor than others, but since they've most likely experienced some of those internally as healthcare organizations they've got that concern.

How can challenges such as security, data privacy and inappropriate employee use be tackled in healthcare?

First of all, I think that MDM is a critical component of tackling these issues, because you've got all these devices available, MDM enable you to be able to make sure you know what's on them, who has them, and makes sure you've got the right controls and compliance in place, which is critical. However, you have to have an MDM solution. Those 14%, and in Australia the number being higher, that don't have a soliton, need to get a MDM solution.

The next step is to invest in an MDM solution that leverages all the security features that are native to the specific devices that you're deploying. The types of security feature that I'm talking about are things like:

  • Making sure encryption is enforced
  • Making sure that it is automatically set up for the employees
  • Having the correct Wi-Fi setups
  • Having the correct VPN setup.
  • Making sure that password security is enforced
  • Making sure that the tool has the ability for you to lock or wipe a device for example using Lost mode

Lost mode essentially locks the device, sends a message. It puts a message on the device so that if somebody finds it they can't unlock it but they can bring it back to the rightful owner and things like that. Leveraging all the security features, like this, is important.

Making sure that the MDM makes it easy and automated to ensure that the operating system and the apps are up to date. The reason that this is important in both operating systems and applications, is because they are in many instanced identified to have security holes. The makers of those operating systems and those applications want to get a new version out as quickly as possible and so sometime things are missed.

As a healthcare organization, they want to be able to get the updates made available out to the devices as quickly as possible and in an automated fashion ideally so that the gap between the identification of the issue and solving the issue is minimized. The reason for that is to eliminate security risks and also remain compliant.

It is also important to make sure that the MDM providers offer zero-day support when new operating systems come out, because people will download them and can expose the organization to unexpected security risks.

The top two concerns were actually security and patient privacy, but the third one was around employee abuse of the devices. In some of the operating systems, and this is true for Apple and so we leverage this, have the ability to restrict what software gets loaded on to those devices. You can control what can or cannot be loaded on to those devices, and so this can stop people from downloading applications that they shouldn't be using at work or that will allow them to share sensitive data, either purposefully or by accident. A lot of this has to do with security and managing these devices around security.

What additional challenges do changing healthcare regulations pose?

Because every country has their own healthcare regulations and compliance can change there's concern about being able to quickly respond to new compliance requirements. This was illustrated from the results of the. The key is to have an environment and a technology that allows you to move swiftly. Mobile device management definitely allows you to do this. It's critical that all the capabilities that I have described, exist and are available.

Another issue is that sometimes organizations invest in technology but they don't necessarily have the right staff in place to make sure that they are well educated on the technology and ensure that they know how to use it in a proper way. It's important to make sure that they've got the right trained IT resources that can leverage MDM to its fullest so that when new compliance requirements or regulations change they can respond quickly.

What are the most important things to consider when putting a MDM solution in place?

It’s vital to pick the right mobile device management solution for the right devices. What I mean by that is the two most popular devices that you see being deployed in healthcare, as seen in the survey results, is both Android and iOS from Apple. Pretty much everything else after doesn't matter. Those are the two most important.

There are mobile device solutions out there that are what I call cross-platform. That means that they support both iOS and Android. The issue is that generic solutions that don't necessarily go deep on supporting all of the feature sets across both iOS and Android.

It does okay across both areas but when security and privacy is such an important issue and concern you want to pick those mobile device solutions that are focused. If you're deploying a mixed environment of both iOS and Android, you probably want two different mobile device solutions, one for iOS and one for Android.

Otherwise you won’t be able to compete with the security of solutions from specialised companies or be able to take advantage of all the native features. Generic solutions that cover both of them are not able to leverage all of those native capabilities.

What myths would you like to dispel about MDM in healthcare?

There is a myth that if you have a solution that you're safe, but this isn’t necessarily true. You have to be very proactive and make sure you have the right solution for the right types of devices, whether it's iOS or Android.

The key is to take advantage of all of the security capabilities that are available so that you can protect yourselves as much as possible. Also by having the right enabled and trained staff that can leverage that mobile device solution for an excellent benefit to the healthcare organization.

What do you think the future holds for MDM strategy in healthcare?

Evidence from the survey tells us the adoption of mobile devices within healthcare organizations is going to continue to rise. Not only are the caregivers and the healthcare staff going to get mobile devices but they're going to increasing the mobile devices for patients, not only when they're in a facility, but also when they're at home.

MDM has got to make sure it understands all these different uses and be able to support them. The other thing which I think is important, because we've been talking a lot about just the security and privacy component of this, but MDM also provides an opportunity to reimagine and transform some of the work flows and some of the processes that organizations have in their healthcare organization.

For example, recently in the US there is a new medical center that was opened by University of California San Diego. It's a new facility with 241 beds. They've completely redefined the patient experience by equipping every room with an iPad and an Apple TV, giving their patients control of their environment. They have an iPad in hand and they can access their medical information and they can control the lighting and temperature, they can access popular entertainment and social apps, and control their Apple TV all using the iPad.

Now, where does MDM come in? Well, you're trying to transform that patient experience so that they have a better stay. MDM is critical here because you've got to make sure that that's a very secure environment because what we're doing is helping manage the life cycle of that iPad.

Let me just describe this very briefly. I'm a patient. I check in, I'm in my bed now, and I'm handed a clean iPad with nothing on and I turn it on and there's nothing on it but the factory settings. I turn it on. It asks me a couple questions, including scanning my tag on my wrist which configures the whole device, it knows who I am and it gives me access to my patient records.

MDM empowers this entire work flow until the patient checks out, we are responsible for the device connecting with the Electronic Medical Records (EMR) system we are behind the scenes and will reset that device to its factory settings so that when the next patient comes in, it's clean and secure.

In the past, organizations had to do this by physically going to every single room, turning on the iPad, going through a series of manual steps and then making the device available. MDM automates this process and ensures with 100% certainty that everything's secure. My point is, the meta message on this is that I believe MDM is also going to enable the transformation of patient care and the experience that they have in a hospital, for example.

Where can readers find more information?

Jamf in healthcare:

Jamf healthcare survey eBook:

About Dave Alampi

Dave AlampiDave Alampi serves as Vice President of Product Management and Marketing at Jamf. He is responsible for Jamf’s worldwide product and marketing strategies and activities.

Prior to Jamf, Dave served in various senior executive product management and marketing leadership roles for software companies, including Kroll Ontrack, Infor and Digital River.

Dave holds a master’s degree in business administration from the University of Minnesota and a bachelor’s degree in computer engineering from Iowa State University.


The opinions expressed here are the views of the writer and do not necessarily reflect the views and opinions of News-Medical.Net.
Post a new comment
You might also like... ×
New water safety program streamlines processes to help healthcare providers reduce Legionella risk