Part 3 of 4: New series covers essential points for achieving secure, clinical mobility with MEDITECH Expanse. Each week’s post will feature a short video and written Q&A with solutions and strategies to effectively merge convenience with security in an increasingly fast-paced, mobile world.
This week, we’re covering tips on how Imprivata Mobile Device Access (MDA) enhances both security and convenience for customers. You’ll learn valuable information, including workflow and security considerations for an effective mobile device strategy.
Scroll-down for a written transcript of a Q&A with a product expert.
Q: Which solutions have you seen implemented by MEDITECH Expanse hospitals to ensure an optimal workflow and secure access?
A: The theme here is security versus convenience. Many of our customers have preestablished workflows on Windows-based PCs using Imprivata OneSign for single sign-on. With the new paradigm shift that I discussed in my last post, mobile devices are now part of the MEDITECH Expanse workflow and will need to accommodate similar streamlined sign-on workflows. That can be a tricky, because single sign-on is relatively straightforward in a Windows environment with shared kiosks. However, Android and iOS devices are largely set up for a single user only. Imprivata OneSign allows users to quickly tap in and out to change control of a device and gives users access to the applications they use most, MEDITECH Expanse being the prime example. Imprivata Mobile Device Access (MDA) allows us to replicate that workflow on a mobile device.
With Imprivata MDA, we install an agent on mobile devices that accomplishes essentially the same thing as Imprivata OneSign. The convenience side of it is that we allow true single sign-on and fast user switching into the applications you use most. MEDITECH Expanse is going to be the biggest one, but the list of applications grows by the day. The added convenience and user switching means we have to ensure that it's secure. We can set up the same workflow on mobile devices that you’re accustomed to, whether that’s “tap-in/tap-out,” a PIN, or even just a username and password that you would see on your Windows-based devices.
Essentially, Imprivata MDA enables fast, secure access so we address security before users even access the device, plus there is the added benefit of convenience for the user. When users open an application, they don’t have to enter any credentials or log out the previous user. Essentially, those actions are handled for them.
Q: How does authentication differ on mobile devices and how can hospitals prepare?
A: When it comes to these new devices, you have to accommodate the differences in workflow and how the operating system is set up at its core level. With Windows-based PCs, you’re logging in with your own username and password. You can log out and then another user can come and log in with their own username and password. It’s not so simple on a mobile device. A lot of the time, that PIN or password we set up is for a device (not necessarily a user). Imprivata MDA allows us to take that part out and is responsible for all authentication into that device. If you want to accommodate what you’re already using with Imprivata OneSign (such as a badge tap to authenticate into your devices), we’re able to accommodate that for your mobile device as well.
If you want to do a more secure authentication, such as a true, multifactor authentication event, users can log into these devices with their Active Directory username and password as well as that badge tap. Or maybe you'd like to use another modality such as a PIN. Essentially, you can create polices and profiles depending on how you'd like to secure those devices, and accommodate what you may already have in place today to address your traditional endpoint strategy.
Where there’s added convenience, there must be added security. Mobile devices are highly beneficial in a clinical setting – they improve workflow, provide greater efficiency, and more time for direct patient care. The same convenience of Imprivata OneSign can be applied to clinical mobile devices using Imprivata MDA. This is an entirely new mobile strategy, and Forward Advantage can integrate it with what you already have in place. We take the existing policies, profiles, and workflows that you already have for your Windows devices and can accommodate those on the new mobile devices.