One of my favourite topics is how organizations are overcoming the security challenges of supporting user devices on a closed network. Hospitals in particular are a great example because patient information is highly sensitive data.
Here is what is happening at Hamilton Health Sciences . At this hospital, physicians had become so enamoured with tablets that they were practically demanding the organization support the use of their devices so they could quickly and easily access patient records as they moved back and forth between wards, offices and service areas such as the ER.
I talked to Gary Rankin, the systems architect in the Information & Communications Technology group at Hamilton Health. In his opinion, tablets provided a ton of benefits: easy to carry for physicians, large screen, powerful enough to provide the data they need. The hospital decided to try a small-scale study and recruited roughly 40 physician volunteers to conduct a pilot based on user-owned devices, he said.
How did they do it? The hospital already had a Citrix-based thin-client computing model to move applications and data off laptop and desktop PCs and onto central servers. Gary added iPads as thin client devices that were only allowed to access applications and data centrally through Citrix.
What about security?
The configuration is inherently secure since applications and data are not stored on the endpoint device and can only access the data and apps through Citrix. If a physician does capture data onto the device, such as by capturing images of an application screen, the mandatory use of encryption and passwords to access data ensures that nothing is at risk if a tablet is lost or stolen.
The hospital also built a guest network for user-owned devices to isolate them from the corporate network for additional security. User-owned tablets will remain isolated until they become fully managed devices, such as through the use of special management software such as MobileIron, which they are currently testing, or until the hospital starts providing corporate-owned tablets to its physicians.
Rankin says that the hospital is only allowing access to certain applications now, including Citrix and the Internet, but will add more as they develop apps specifically for iPads.