This article covers essential points of achieving secure, clinical mobility with MEDITECH Expanse. Each article in this four-part series will offer solutions and strategies to effectively merge convenience with security in an increasingly fast-paced, mobile world. Don't forget to read part 1, part 2, and part 4 of this series!
This week, we’re covering tips on how Imprivata's Mobile Device Access (MDA) enhances both security and convenience for customers. You’ll learn valuable information, including workflow and security considerations for an effective mobile device strategy.
Q: Which solutions have you seen implemented by MEDITECH Expanse hospitals to ensure an optimal workflow and secure access?
The theme here is security versus convenience. Many of our customers have preestablished workflows on Windows-based PCs using Imprivata's Enterprise Access Management for single sign-on. With the new paradigm shift that we discussed in our last article, mobile devices are now part of the MEDITECH Expanse workflow and will need to accommodate similar streamlined sign-on workflows. That can be a tricky, because single sign-on is relatively straightforward in a Windows environment with shared kiosks. However, Android and iOS devices are largely set up for a single user only. Imprivata's Enterprise Access Management allows users to quickly tap in and out to change control of a device and gives users access to the applications they use most, MEDITECH Expanse being the prime example. Imprivata's Mobile Device Access (MDA) allows us to replicate that workflow on a mobile device.
With MDA, we install an agent on mobile devices that accomplishes essentially the same thing as Enterprise Access Management. The convenience side of it is that we allow true single sign-on and fast user switching into the applications you use most. MEDITECH Expanse is going to be the biggest one, but the list of applications grows by the day. The added convenience and user switching means we have to ensure that it’s secure. We can set up the same workflow on mobile devices that you’re accustomed to, whether that’s “tap-in/tap-out,” a PIN, or even just a username and password that you would see on your Windows-based devices.
Essentially, MDA enables fast, secure access so we address security before users even access the device, plus there is the added benefit of convenience for the user. When users open an application, they don’t have to enter any credentials or log out the previous user. Essentially, those actions are handled for them.
Q: How does authentication differ on mobile devices and how can hospitals prepare?
When it comes to these new devices, you have to accommodate the differences in workflow and how the operating system is set up at its core level. With Windows-based PCs, you’re logging in with your own username and password. You can log out and then another user can come and log in with their own username and password. It’s not so simple on a mobile device. A lot of the time, that PIN or password we set up is for a device (not necessarily a user). MDA allows us to take that part out and is responsible for all authentication into that device. If you want to accommodate what you’re already using with Enterprise Access Management (such as a badge tap to authenticate into your devices), we’re able to accommodate that for your mobile device as well.
If you want to do a more secure authentication, such as a true, multifactor authentication event, users can log into these devices with their Active Directory username and password as well as that badge tap. Or maybe you’d like to use another modality such as a PIN. Essentially, you can create polices and profiles depending on how you’d like to secure those devices, and accommodate what you may already have in place today to address your traditional endpoint strategy.
Key takeaways
Where there’s added convenience, there must be added security. Mobile devices are highly beneficial in a clinical setting – they improve workflow, provide greater efficiency, and more time for direct patient care. The same convenience of Enterprise Access Management can be applied to clinical mobile devices using MDA. This is an entirely new mobile strategy, and Forward Advantage can integrate it with what you already have in place. We take the existing policies, profiles, and workflows that you already have for your Windows devices and can accommodate those on the new mobile devices. Don't forget to read the next part in this series!
Interested in learning more?
