MSH BYOD Policy - e

Barb Duffey-Rosenstein, Director, Nursing Informatics
Oana Virvoreanu, Director, Operations Services
e-Health 2013
Tuesday May 28th
CFPC CoI Templates: Slide 1
Faculty/Presenter Disclosure
• Speaker: Barb Duffey-Rosenstein
• Relationships with commercial interests:
Grants/Research Support: None
Speakers Bureau/Honoraria: None
Consulting Fees: None
Other: None
MSH BYOD Steering Committee
Barb Duffey-Rosenstein, Director, Nursing Informatics
Oana Virvoreanu, Director, Operations Services
George Georgiadis, Chief Information Officer
Amanda Brennan, Corporate Privacy Officer & Freedom of
Information Coordinator
• Andrew Nicholson, IT Manager
• Mirek Otremba, IT Physician Lead
• Justin Fiege, HP Services – Technical/Focal
Mount Sinai Hospital
 Located in Toronto, Ontario
 Academic, tertiary care
centre affiliated with the
University of Toronto
 472-Bed Facility
 Specialty areas:
 Women’s and Infants
 Surgical Subspecialties
 Oncology and Internal
 Samuel Lunenfeld
Research Institute
BYOD Backgrounder
 Leveraging personally-owned mobile devices (laptops,
tablets, and smart phones) in the workplace to access
privileged corporate information and applications
 Timely, growing trend
 Drivers:
 End User Requests and Consumerization of IT
 Potential Cost Savings
 Virtualization and Cloud Technology
MSH BYOD Context
Increase in requests for access to MSH resources from a greater
selection of mobile devices
BYOD pilot implementation (90-day with a cohort of 20 selfselected clinicians)
July to October 2012 using iOS devices (iPhone and iPad 3G)
Implement a robust BYOD solution that will enable extended connectivity to
user-owned compute and communication devices and evaluate compliance
with the BYOD policy framework
Evaluation of the BYOD deployment model
Determine the feasibility of a broader organization-wide implementation
The new “Bring Your Own Device (BYOD) – Smart Phones” service
was approved and launched in December 2012.
BYOD = Partnership Between IT and
“I can do anything I want with my
personal data and applications on
my iPhone or iPad”.
“We reserve the right to stop access
to corporate applications or
information if your device is out
of compliance”
Please sign this end-user agreement!
Decisions, Decisions, Decisions
Which devices meet security standards?
Which applications will we allow?
Which users will be offered the service?
What mobile device managements solution/ do have the
 What will the support model look like?
 Will the service be offered free of charge?
 Who approves the decision to adopt BYOD?
MSH BYOD Service Overview
 Eligible Users: MSH-affiliated Physicians, Executives
 Eligible Devices: iPhones and iPads 3G (iOS 5+)(TRA/PIA)
 Available Functionality: Email/ Calendar/ Contacts only
 Self-serve device activation and registration
 Air Watch™ MDM solution
BYOD Enabling Strategy: Combine
Technology and Policy
 Select devices and minimum
operating system requirements
 Mobile Device Management (MDM)
solution and best-practices
 Self serve on-boarding and device
 Password enforcement
 Detection of troublesome activities or
 Ability to wipe and lock rogue devices
 Blocking certain features
 Off-boarding and termination
 Acknowledgement of the
associated MSH BYOD Policy
 Acceptance of the End User
 Complete BYOD training
MSH End User Agreement (EUA)
 Established data security and privacy policies will govern BYOD
 Service Plans and device upgrades or replacements are the responsibility of the
 MSH has the right to inspect the contents of any personal device used for work
purposes and can audit them for compliance
 MSH help desk will support issues related to accessing corporate resources only
 Users agrees to MSH wiping the device under special circumstances (hacked,
jail broke, lost)
 Devices will have restrictions for using select features & apps (i.e. iCloud, Siri)
 Users will need to set up an 8-character password for the device.
 In the event that a BYOD device is lost or stolen, users will notify their
manager/supervisor and the Corporate Privacy Officer immediately.
 BYOD users who fail to comply with this policy may be subject to disciplinary
actions/immediate loss or restriction of privileges
 User may have to surrender device to employer under special circumstances
(i.e. for a legal hold)
Outcomes, Challenges and Next Steps
Overall, pilot participants were very satisfied with BYOD initiative
Indicated BYOD improved responsiveness and productivity
Support model and self-serve framework
Cost savings not a driver and were not realized; considering
stipends for management staff (taxable benefit)
MSH devices not scaled back; majority of participants nonemployees
Limitations: restricted functionality and password length
Constant change a reality of BYOD; new devices, new updates =
risk, update Air Watch, NAC
Next Steps: expand employees, device selection, MSH resources
(i.e. Citrix, wireless, VoIP)

similar documents