- VA awards Firstview mobile device manager task
- Commentary: Why healthcare must operationalize data breach response
- HIMSS network study shows IT challenges, priorities
- mHealth tools need to be financially self-sustainable, report finds
- Kathleen Sebelius turns to Twitter
- 3 tips for safeguarding against data breaches
- New bill aims to remove coverage restrictions of telemedicine
- Palomar Health Choses EXTENSION's Alert Management Software Solution
- New World Order: Effectively Securing Healthcare Data Through Secure Information Exchanges
- The Need for Data Loss Prevention Now
- Top Ten Government Healthcare IT Security Commandments
- The Power of User Virtualization: Meeting Meaningful Use, Optimizing IT and Clinical Productivity
The Veterans Affairs Department expects to formally award by Sept. 30 a contract for mobile device manager software, which will enable VA to ultimately support up to 100,000 devices and allow employees and clinicians to use their own devices.
The “bring your own device” (BYOD) policy, however, will set limitations on personal devices for data security to protect veterans information, according to Roger Baker, VA CIO.
For example, thousands of medical students practice annually at VA hospitals, and with the MDM, they will be able to use their own mobile devices if they agree to certain restrictions.
[mHIMSS Editor Eric Wicklund explains the industry's lax attitude toward BYOD security.]
Baker anticipates that the mobile device management (MDM) vendor will be publicly announced next week. VA is slated to select the vendor by the end of federal fiscal 2012, which is Sept. 30.
VA has already awarded $500 million in IT contracts in September in order to get in under the fiscal year-end deadline, he said during a Sept. 26 briefing with reporters. VA external spending for IT in 2012 is between $2.3 billion to $2.5 billion.
The MDM software will be more robust than the mobile manager now in place and will be used across the VA enterprise. Over time, VA expects the MDM to support up to 100,000 bought or brought devices, which could be Apple iPhones and iPads and other smart phones as they are introduced to the department, in addition to the currently managed Blackberries.
Once the MDM is awarded, VA will consider an internal apps store, Baker said.
It’s not clear how many mobile devices that VA will buy, and when it does, the mobile devices will not be just one particular brand.
“We will look at the business case for productivity and savings from having mobile devices,” he said, adding that “buying the devices has to be driven by the business requirement.” The services behind the device, including the MDM, the systems, and the network are specified and supported by the IT organization.
VA businesses will decide how to use such devices and whether that is best done from a BYOD or government purchased machine.
“Our major role where the device is concerned is specifying and enforcing information security for the device and the apps. From there, the type of device is so varied that we view it as a business device, not an IT device,” Baker said.
VA employees can already use their own mobile machines to view data through the department’s access gateways. But to get inside the network to download and store the information with a BYOD device will require policies set by VA IT.
With the MDM in place, VA will verify that the BYOD is not running software that could compromise security. Baker described some of the limitations on BYOD, including that employees will need to:
• Acknowledge if their device has been “jail broken”, and if so they will be denied access to the network
• Acknowledge that because the device may at some point have VA information on it, VA may wipe the device clean if it is determined the information is at risk
• Sign up for rules of behavior when using such devices if they plan to store VA data
• Agree that the device, if it will be used to store data, can be brought under VA controls to verify that there is no VA information on it or look at what was done with that data
The ability to wipe the device clean if there is VA information stored on it that is at risk will be a key issue.
“They may have their iTunes store and the apps they’ve bought on it, so they would be able to reload it, but it will be inconvenient if we have to wipe it to protect VA information,” Baker said.
“There are a variety of things that 95 percent of population will say 'that doesn’t bother me at all,' and 5 percent will say, 'no, you’re not going to do that with my device,'” Baker said, adding that it will be critical that “there is clear communication of expectations between VA and the individual relative to what’s going to happen.”
Related Military Health IT coverage: