What Is Mobile Device Management (MDM)?
Implementing mobile device technology across the healthcare continuum requires a significant investment, both in time and money. This is because new protocols and software are required to maintain and protect devices. The natural solution is a remote management framework called Mobile Device Management or MDM. MDM allows you to configure and secure mobile devices from a central location and standardize software across your organization. In addition, you can implement security patches and software releases— including the operating systems and any apps—regardless of whether the devices are owned by the hospital or the employee.
Mobile Heartbeat partners with Jamf, an Apple focused management and security vendor that helps organizations automate and scale IT and security workflows. Jamf Pro – their flagship MDM – empowers IT professionals and end users to remotely deploy devices to any employee or location. Moreover, it automates ongoing management and security tasks, deploys and updates apps, and provides visibility into devices and apps used. At the same time, it preserves the native Apple experience. Jamf’s focus on Apple means they build off of native Apple frameworks. This lets admins confidently update to the newest operating system the day it is released.
How MDM Supports Secure Communication
The remote-monitoring capabilities of modern MDMs sometimes raise red flags for hospital employees and clinicians who are looking to use their personal device for work. Typically, these concerns stem from a misunderstanding of exactly what information is being pulled from the device by the MDM. There are often two deployment types: organizationally owned (also known as a supervised device) and personally owned (also known as BYOD) devices.
A device owned by the hospital allows the organization more control, like applying certain settings to a device. In contrast, personally owned devices have built in limitations and restrictions on what MDM and your organization can do. An organization utilizing Jamf Pro for a personally owned device will never be able to view, access, or alter personal information. In fact, Apple has very clear instructions that MDM cannot collect, store or view any personal information on a BYOD used for work. Compiled here are some of the most common misconceptions so that as healthcare employees, you have a better understanding of how personally owned devices are managed.
1. They Can Remotely Control My Phone
A common misconception is that MDM gives IT full control over your personal phone. In reality, MDM management is limited to work-related apps, data, and security settings. For personally owned devices, IT cannot access personal files, send messages, or operate the device remotely. Additional controls only apply to supervised, hospital-owned devices that are configured for specific clinical workflows or shared use.
2. They Can Read My Messages
Your technology team will not have access to your usage data, logs, texts, emails or any other personal messages. Some MDMs will collect general inventory information, such as number of contacts, number of messages, etc., but this will depend on the operating system and device type. MDM protocol does not provide IT the ability to access data within apps on a device, including text messages. Some industries require IT to monitor employee messages for compliance purposes. In such cases, a third-party vendor would typically be enlisted. For more clarity on this topic, we recommend you discuss it with your IT department.
3. They Can View My Photos
Enrolling your personal phone via account-driven user enrollment into your hospital’s MDM will not provide your IT team with access to your photos. Like the inventory information above, your specific hospital may require access to information like the number of photos you have, but not contents. This general logging would be deployed using a third-party app rather than an MDM. If you have concerns about your photos being accessible, address this specifically with your technology team.
4. They Can Track My Location
It’s true, many MDMs have location-tracking capabilities—this can be an incredibly useful feature. Tracking location can be crucial to recovering sensitive hospital information if a device is stolen or lost. There’s a big difference, though, between Realtime Location Tracking and Managed Lost Mode. Realtime Location Tracking, which is not part of MDM protocol, pulls GPS coordinates to the MDM for reporting. In contrast, Managed Lost Mode – a feature specific to supervised devices only – allows an IT admin to temporarily pull the device’s coordinates and notify the end user that the device has been pinged. Many users are already familiar with this sort of function, in the form of find-my-device apps that allow smartphones to be remotely located.
If you enroll your personal device that supports Apple’s account-driven user enrollment workflow, the MDM nor your organization can track the location of your device.
5. It Makes My Phone Less Secure
The logic here is that, by handing your device over to your hospital’s IT team, you’re breaching your own privacy. This simply isn’t the case. The whole point of MDM is to maintain high security in order to protect patients, employees and the hospital itself, while allowing staff to preserve their personal freedoms. For instance, depending on your specific organization’s protocols and the MDM they select, there may be some restrictions around the apps you can download onto hospital-owned devices. The idea is that, for safekeeping, only reputable and secure apps should live on the smartphone. This restriction usually does not apply to BYOD management, though IT can still push updates and/or uninstall apps.
Furthermore, the ability to remotely lock or wipe a device means any sensitive personal information will be protected should the phone be misplaced. At the end of the day, your hospital’s technology team is setting up safeguards to protect the security of the hospital. This means making sure devices—including your own smartphone—don’t end up in the wrong hands.
For a deeper dive into MDM do’s and don’ts, reach out to Jamf directly by clicking here. Or, contact your Mobile Heartbeat representative.
