UC Medical Center Creates Unique BYOD Program
University of California Irvine Medical Center develops its own mobile security system to safely give Wi-Fi access to students and staff who bring their own smartphones and tablets.
"Users bring their own device and permission themselves to get on a wireless network so we don't have to," Gold said. Users gain access to an Internet connection, but before doing anything else, he said, they need to receive service activation in the AirWatch and Bradford systems.
The medical center uses Bradford Networks as network access control, but what was key at UC Irvine, said Gold, was connecting this to the center's mobile-device management software, AirWatch. "We wanted to tie these two systems together, even though they're separate vendors," he said.
"The vision was to provision the devices, and based on the provisioning, we give them network access," he continued. Internally, Gold and his team wrote a middleware piece, which sits between the AirWatch and Bradford systems. "So when a user goes through the provisioning process, once that process is done in AirWatch, we send a message over to the Bradford system," he said.
[ What are the stumbling blocks to BYOD in healthcare settings? Read Why BYOD Doesn't Always Work In Healthcare. ]
The message communicates to Bradford that the device is provisioned and allowed on the network. Once this occurs, the device rejoins the network on the proper VLAN, or "the proper network that Bradford is going to put it on," said Gold. This VLAN, he said opens access to additional resources on the network, such as the EMR.
"As far as I know, we're the only people who have taken it this far," said Gold. "A lot of people are doing BYOD, and a lot are using AirWatch, but from the UC perspective, we're the only ones to write our own middleware piece and tie Bradford and AirWatch together, not independently."
The medical center took additional steps to notify physicians, for example, of when they are allowed access to the network. Once a physician joins the basic Internet connection, he is taken to a Safari page with a drop-down menu, asking for the user to identify himself as a student or physician. After selecting the "physician" profile, the user is prompted to input access directory credentials. "Then, the system decides, 'We're going to go ahead and provision you,'" said Gold. "That applies an AirWatch MDM [mobile device management] policy to the device."
A few main features are part of the policy, said Gold. For starters, the system forces encrypted backups of the device. "We know it's an iOS device and it already has hardware-level encryption built in, so we tell users don't worry about that," he said. The Center also enforces a policy of alerting users that they are provisioned, as well as locking the device with a pin password 15 minutes after inactivity.
Today, the Center has more than 1,000 devices provisioned on its network, and, according to Gold, very few complaints about the system. "We had to be careful developing policies," he said. "We couldn't be too strict, but we had to protect ourselves."
InformationWeek Healthcare brought together eight top IT execs to discuss BYOD, Meaningful Use, accountable care, and other contentious issues. Also in the new, all-digital CIO Roundtable issue: Why use IT systems to help cut medical costs if physicians ignore the cost of the care they provide? (Free with registration.)