Mobile Enterprise Management Case Study
Ochsner Health System Helps Keep Mobile Health Data Secure (Cont'd)
There is nothing about mobile devices that meets HIPAA requirements without a management solution.”
Mark Smith, Email Administrator, Ochsner Health System
About Ochsner Health
Ochsner Health Facts
Protect personal and confidential patient information that is stored on employees’ mobile devices
MobileIron VSP® from AT&T installed on physician, administrator and employee smartphones and tablets
Helps employee-owned devices meet security standards while providing timely access to patient information.
Provided care for more than 336,000 unique patients in 2010
Based in New Orleans, Ochsner is a full-service healthcare system serving southeast Louisiana with a comprehensive range of medical services. From routine check-ups to major surgery and emergency care, Ochsner provides services in more than 90 specialty fields. Throughout the past decade, Ochsner has expanded to include eight hospitals and more than 38 regional health centers. As a fully-accredited teaching center, Ochsner also conducts nationally recognized research and provides physician training.
Industry regulations require Ochsner to protect patient information. As healthcare professionals increasingly use personal communication devices in patient care, compliance with data security requirements required increased vigilance and new strategies. Ochsner needed an easy-to-manage way to secure health-system-related emails on these devices.
The MobileIron Virtual Smartphone Platform (VSP) from AT&T allows Ochsner to connect email systems, manage hospital applications and protect electronic data. Installed on mobile devices as an application, the multi-OS, multi-carrier platform helps Ochsner maintain regulatory compliance through app-enabled security measures. The solution’s easy administration, multi-device flexibility and privacy protection benefits administrators, healthcare providers and, most importantly, patients.
Making Connections for Better Health
Ochsner was founded in 1942 by five physicians, including Dr. Alton Ochsner, a heart surgeon and Department Chair at Tulane University, who was instrumental in discovering the link between lung cancer and tobacco use. The development of Ochsner represented a long-time commitment to both the study and practice of medicine. Established as a teaching institution and a medical center, Ochsner integrates scientific research into real-life care. As the largest non-university physician training center in the nation, the health system has partnered with the University of Queensland in Australia to provide international education opportunities globally.
It takes less than a minute to set up. I looked at quite a few other options and none of them were this easy."
Mark Smith, Email Administrator, Ochsner Health System
Ochsner brings world-class healthcare to the Gulf Coast region. “Our doctors here are consulting with doctors at the Mayo Clinic,” said Mark Smith, Email Administrator. Ochsner maintains its high standard of care across multiple medical fields. Several departments have been nationally recognized for excellence. It was named one of the 100 Best Hospitals in the Nation for Stroke, Gastrointestinal, Critical Care and Pulmonary Care by HealthGrades and was listed as a “Best Hospital” by U.S. News and World Report.
Ochsner is dedicated to keeping its community healthy. “After Hurricane Katrina there were a lot of hospitals that were going to be closed because of damage,” said Smith, “Ochsner bought several medical facilities in the area so they could re-open.” The expansion has increased its medical services and grown its staff to more than 12,500 employees and 850 physicians. In addition to its own doctors, Ochsner contracts with independent physicians to provide greater flexibility and responsiveness to community medical needs.
New Efficiency at the Bedside
Doctors, nurses, hospital staff and administrators are integrating mobile devices, such as smartphones and tablets, into patient care and benefiting from the increased efficiency. “They manage their time with their phones,” said Smith. Doctors can easily track both personal and work schedules on one device. Ochsner has many facilities, and doctors often travel between clinics and hospitals, using mobile devices to stay connected. “For those users who are constantly going from one meeting or surgery to the next, it gives them the perfect mobile connection they need to talk to their assistants or check their appointments,” Smith explained.
When mobile devices were employer-provided, Ochsner secured electronic patient information by creating a policy prohibiting emailed patient data. But industry practice has evolved, and Ochsner has moved from company-provided to employee-owned devices. This reduced operational costs and improved convenience. Along with these gains, however, the shift to employee-owned mobile devices required new security solutions.
While information can be made available instantly, this device-stored data needs to be protected. “There is nothing about mobile devices that meets HIPAA requirements without a management solution,” Smith explained. Under the federal Health Insurance Portability and Accountability Act (HIPAA), Ochsner must comply with regulations governing patient confidentiality, and Smith takes a strict stance on HIPAA regulations. “Anything written between a patient and a doctor is confidential and has to be secured,” he said. “They can be saying ‘I’m sorry I didn’t make the appointment yesterday,’ but it still has to be secured.”
The exchange of electronic information via employee-owned devices presented new security challenges. “We still have a policy in effect that no patient data is transmitted over email,” Smith said, “but this is changing.” While Ochsner’s hospital-wide email system is encrypted, that protection does not extend to email once it is stored on a mobile device.
Ochsner searched for a comprehensive management solution that would both help protect patient data and optimize mobile device use. It found that the MobileIron VSP from AT&T solution fit the bill. The platform works across multiple operating systems, carriers and the variety of employee-owned devices to provide efficient mobile device management. Ochsner is able to host the solution on its own servers, and adds new users as needed. The process is simple. “It takes less than a minute to set up,” said Smith. “I looked at quite a few other options and none of them were this easy.”
The platform helps secure devices while keeping them user-friendly. Downloaded as an application, MobileIron VSP from AT&T installs pre-defined security procedures directly onto the device. “It looks at our system and says ‘okay, what policies do I need to enforce?’” said Smith. Once installed, the application automatically locks the device after 15 minutes of non-use. It also requires a passcode to activate the phone or tablet, and encrypts email “at rest” on the device, not just as it travels to and from the Ochsner email system. Other than these small changes, users see no difference in device use.
If a device is lost or stolen, the MobileIron VSP from AT&T solution can locate it within the coverage area, and be prompted to remotely wipe all Ochsner-related data from the device. Such was the case when a smartphone was recently left in a taxicab. “It sets up a corporate account which is kept separate from personal accounts on the phone,” explained Smith. “I can send a signal to just remove Ochsner data.” Email attachments are also erased. If requested, Ochsner can wipe the device completely, returning it to its out-of-the-box condition. None of these functions is performed without proper administrative permission.
The MobileIron VSP from AT&T solution gives Ochsner many reasons not to worry: security is up and cost is down. The platform reliably protects patient information, bringing Ochsner into HIPAA compliance. And, by making personal mobile devices usable at work, the health system saves on IT expenses. “Information Services had a monthly bill around $50,000 for cell phone usage,” Smith said. That cost has been greatly reduced with the implementation of the new platform and the use of employee-owned devices.
Among users, the solution has been well-received. “Doctors are very outspoken about what they want and need,” said Smith. “This is something they really value.”
Integrating and Improving Care
For patients, mobile devices promote improved care. “Some doctors actually take their patients’ appointments and put them into this system,” Smith said. Accurate tracking and storage of patient information can be critical for understanding a patient’s medical history and identifying potential health issues. MobileIron VSP from AT&T now helps to protect that information. Future plans call for the deployment of systems applications that can further enhance productivity.
As Ochsner develops more healthcare applications, MobileIron VSP from AT&T will manage these by providing security protocols for efficient, compliant use. “We want to make sure we have a mobile device management solution in place that allows us to manage those applications and push them down to the mobile devices,” said Smith. “If I get word that a doctor needs an application, I can tell the MobileIron platform to install it.”
Ochsner currently has 400 users on MobileIron VSP from AT&T and the number is growing. “We get more requests to install it every week,” said Smith. “It’s worked out well.”