Case Study: How Intermountain Healthcare Ensures Mobile Security of Patient Data

Contributor: Zarina de Ruiter
Posted: 11/30/2015
Case Study: How Intermountain Healthcare Ensures Mobile Security of Patient Data
Rate this Article: 
Be the first!

With an increasing reliance on mobile connectivity, the non-profit organisation was faced with the challenge of securing patient data. How did they find the solution to their problem?


Intermountain Healthcare is a non-profit healthcare organisation, comprised of hospitals, clinics, and health plans, in the United States serving the state of Utah and Southern Idaho.

Gordon Smith is the Supervisor, Client Hardware Engineering & Mobile Team, having been with the organisation for 27 years, nearly five of which in his current role. He is responsible for setting IT standards throughout the organisation, including mobile, and his team are the AirWatch Administrators, responsible for maintaining the environment at Intermountain Healthcare.

In this case study, Smith discusses the challenge of securing data in an increasingly mobile-enabled enterprise and what key steps they’ve taken to evolve the mobility strategy throughout the years to ensure data security.

SEE ALSO: Data Security in the Mobile Ecosystem – Understanding the Complexity of Securing Your Mobile Enterprise

Smith explains: "Our main objective was to protect patient data. We needed to be able to manage devices that could potentially have Intermountain data and have a solution that could manage different platforms."


Intermountain Healthcare Mobility Strategy


As a background to the current mobility strategy at Intermountain Healthcare, Smith explains their history from early versions of smartphone devices entering the workplace through to the implementation of Cerner for electronic medical records (EMR).

"The long story could take a long time, but the shorter version is that company executives wanted the option to get email, contacts and calendars on their mobile devices about 15 years ago," Smith says. "We started out with Palm Treos, then Blackberry had a huge imprint until the iPhone was introduced. We are now primarily iOS with some BYOD Android devices.

"The mobility strategy is and goes along with Intermountain’s motto: ‘help people live the healthiest lives possible’. If mobility is a way to do that, Intermountain will find a way to achieve this and we have been serving patients in various ways using mobile devices.

"For years our EMR was home-grown. A couple of years ago Intermountain decided to purchase instead of continuing to build the product, and chose Cerner for this. We are in the middle of the implementation throughout the organisation; phase 2 just completed with several more phases to go. Cerner is very heavy on mobility, which has allowed Intermountain to fit right in."


The Challenge of Data Security


One of the biggest challenges in an industry that handles a lot of private patient information, was the risk to data security the increasing reliance on mobile devices could bring to the business.

Smith explains: "With everything going mobile we knew we had to go along with the flow. People wanted information instantly, wherever they were and at any time, and they don’t want to have a laptop with them everywhere.

"The number one challenge is security and protecting patient information; we had to find a way to do that. The introduction of iOS 5 by Apple to store data in the cloud opened up our eyes and we needed a better way to manage mobile devices. AirWatch was chosen after vetting several MDM solutions.

"Another challenge was getting management buy-in. Because they knew of the need to protect patient data management this wasn’t an issue, which followed along down through the organisation.

"That doesn’t mean we didn’t have some objections of people having their devices managed by MDM, but with management supporting us 100 per cent we knew others would follow along."


Intermountain’s Journey to Greater Mobile Data Security


Once they were aware of the need for better security of patient data, and Smith had management buy-in, they spent time informing people on various levels within the business of the upcoming change.

"We met with users that had questions about AirWatch, letting them know that no personal information would be stored for us to look at," Smith continues. "Articles in company newsletters and FAQ documents helped as well."

The actual roll-out of the new system happened within about a year of initially reaching out to potential solution providers.

Smith says: "We started the vetting of vendors in the middle of 2012, the decision was made the fall 2012 and we purchased AirWatch at the end of 2012. The infrastructure was set up early 2013, the rollout of AirWatch started in April 2013 and ended August 2013."

And even though the roll-out finished in 2013, that doesn’t mean the implementation has stagnated.

"We continue to get use cases from various departments throughout Intermountain Healthcare wanting to have their devices managed by AirWatch," Smith explains.

"AirWatch has different ways to manage devices depending on the use case, such as the Secure Content Locker for content, push apps using the Apple VPP (Apple Volume Purchase Program), AirWatch Browser and AirWatch Container."


How AirWatch Helps Secure Patient Data


Ultimately, what were the results for Intermountain Healthcare? And how has the solution helped meet the objective of securing patient data across mobile devices?

Smith explains: "At the end of the day, AirWatch has been able to manage our mobile devices from a central location allowing us to use different mobile platforms. The main objective was – and continues to be – to protect patient data, and with AirWatch we have done that.

"If a device is lost or stolen we are able to wipe the device, which will clear it of Intermountain data thus protecting patient data. Devices are protected with a device passcode along with it a device is encrypted."

So is Intermountain Healthcare satisfied with the change the new solution has been able to bring to their mobility strategy?

"We started out with about 3500 devices we needed to get enrolled in AirWatch to manage and that number is now up to around 8000. The overall objective has been achieved, which is helping people live the healthiest lives possible," Smith concludes.


Thank you, for your interest in Case Study: How Intermountain Healthcare Ensures Mobile Security of Patient Data.
Zarina de Ruiter
Contributor: Zarina de Ruiter