Implementing smartphone technology across the healthcare continuum requires a significant investment, both financially and in employee education, with new protocols and software to maintain and protect the devices. The natural solution to managing these smartphones is a remote management framework called Mobile Device Management (MDM). MDM allows you to wirelessly secure and configure mobile devices, whether they are owned by the hospital or the employee.
Once a device is enrolled in MDM software, your hospital’s technology team can deploy, inventory and update systems and applications at scale. For instance, Mobile Heartbeat partners with Jamf to allow our customers’ IT teams to remotely push new releases to their devices.
Unfortunately, the remote-monitoring capabilities of modern MDMs sometimes raise some red flags for hospital employees and clinicians who are looking to use their personal devices for work. However, typically these concerns stem from a misunderstanding of exactly what information is being pulled from the device by the MDM. We’ve compiled here some of the most common misconceptions so that healthcare employees can have a better understanding of how their devices are being managed, both personally and professionally.
1. They Can Remotely Control My Phone
It’s true that the whole point of MDM software is to be able to manage the devices. That being said, your IT department won’t be able to move files around or send messages on your behalf. There’s no element of control beyond updating operating systems and applications and occasionally locking or wiping devices remotely if they get lost or stolen.
2. They Can Read My Messages
Your technology team will not have access to your texts, emails or any other personal messages. Some MDMs will collect general inventory information, such as number of contacts, number of messages, etc., but this will depend on the solution and on your organization. Generally, MDM protocol does not provide IT the ability to access data within apps on a device, including text messaging apps. Some industries require IT to monitor employee messages for compliance purposes, but a third-party vendor would typically be enlisted in such cases. For more clarity, discuss with your IT department.
3. They Can View My Photos
Enrolling in your hospital’s MDM will not provide your IT team with access to your photos. Similar to the inventory information above, your specific hospital may require access to information like the number of photos you have, but not contents. This general logging would be deployed using a third-party app rather than an MDM. If you have concerns about your photos being viewable, bring this up to your technology team to be addressed specifically.
4. They Can Track My Location
It’s true that many MDMs have location-tracking capabilities—this can actually be an incredibly useful feature. Tracking location can be crucial to recovering sensitive hospital information in the event of a device getting stolen or lost. There’s a big difference, though, between Realtime Location Tracking and Managed Lost Mode. Realtime Location Tracking, which is not part of MDM protocol, would pull GPS coordinates to the MDM for reporting. Managed Lost Mode allows an IT admin to temporarily pull the devices coordinates, and notify the end user that the device has been pinged. Many users are already familiar with this sort of function, in the form of find-my-device apps that allow for smartphones to be remotely located.
If you’re enrolling your personal device in an MDM and you’re worried about this feature, rest easy. Continuous-tracking is not enabled, and you will receive a notification if your IT department pings your device for its location.
If you use iPhone for MH-CURE, our Apple-exclusive MDM partner Jamf takes this one step further.
“Over five years ago we introduced Personal Device Profiles in Jamf Pro, offering a subset of MDM functionality that would be appropriate for a personally-owned device,” said Adam Mahmud, Marketing Manager for Healthcare at Jamf. “Apple introduced a new concept at their developer conference this summer called User Enrollments, which will enhance these BYOD experiences for both users and IT. We look forward to supporting this with Apple’s launch with their fall OS releases.”
5. It Makes My Phone Less Secure
The logic here is that, by handing your device over to your hospital’s IT team, you’re breaching your own privacy. That simply isn’t the case. The whole point of MDM is to maintain a high caliber of security in order to protect patients, employees and the hospital itself, while allowing staff to preserve their personal freedoms.
For instance, depending on your specific organization’s protocols and the MDM they select, there may be some restrictions around the apps you can download onto hospital-owned devices. The idea is that, for safekeeping, only reputable and secure apps should live on the smartphone. This restriction usually does not apply to BYOD management, though IT will still be able to push updates or uninstall apps.
“We want to equip a user with the apps and resources they need, and have the ability to pull back apps, but to otherwise limit what IT can do, since it’s not a hospital-owned device,” Mahmud said.
Additionally, the ability to remotely lock or wipe a device means any sensitive personal information you carry on your device will be protected should the phone be misplaced.
At the end of the day, your hospital’s technology team is setting up safeguards to protect the security of the hospital. This means making sure devices—potentially including your own smartphone—don’t end up in the wrong hands, where they could seriously jeopardize hospital and patient information.
For a deeper dive into MDM do’s and don’ts, consult your hospital’s IT department.