Barb Duffey-Rosenstein, Director, Nursing Informatics Oana Virvoreanu, Director, Operations Services e-Health 2013 Tuesday May 28th CFPC CoI Templates: Slide 1 Faculty/Presenter Disclosure • Speaker: Barb Duffey-Rosenstein • Relationships with commercial interests: – – Grants/Research Support: None Speakers Bureau/Honoraria: None Consulting Fees: None Other: None MSH BYOD Steering Committee • • • • Barb Duffey-Rosenstein, Director, Nursing Informatics Oana Virvoreanu, Director, Operations Services George Georgiadis, Chief Information Officer Amanda Brennan, Corporate Privacy Officer & Freedom of Information Coordinator • Andrew Nicholson, IT Manager • Mirek Otremba, IT Physician Lead • Justin Fiege, HP Services – Technical/Focal Mount Sinai Hospital Located in Toronto, Ontario Academic, tertiary care centre affiliated with the University of Toronto 472-Bed Facility Specialty areas: Women’s and Infants Health Surgical Subspecialties Oncology and Internal Medicine Samuel Lunenfeld Research Institute BYOD Backgrounder Leveraging personally-owned mobile devices (laptops, tablets, and smart phones) in the workplace to access privileged corporate information and applications Timely, growing trend Drivers: End User Requests and Consumerization of IT Potential Cost Savings Virtualization and Cloud Technology MSH BYOD Context Increase in requests for access to MSH resources from a greater selection of mobile devices BYOD pilot implementation (90-day with a cohort of 20 selfselected clinicians) July to October 2012 using iOS devices (iPhone and iPad 3G) Goal: 1. 2. 3. Implement a robust BYOD solution that will enable extended connectivity to user-owned compute and communication devices and evaluate compliance with the BYOD policy framework Evaluation of the BYOD deployment model Determine the feasibility of a broader organization-wide implementation The new “Bring Your Own Device (BYOD) – Smart Phones” service was approved and launched in December 2012. BYOD = Partnership Between IT and Employees “I can do anything I want with my personal data and applications on my iPhone or iPad”. “We reserve the right to stop access to corporate applications or information if your device is out of compliance” Please sign this end-user agreement! Decisions, Decisions, Decisions Which devices meet security standards? Which applications will we allow? Which users will be offered the service? What mobile device managements solution/ do have the infrastructure? What will the support model look like? Will the service be offered free of charge? Who approves the decision to adopt BYOD? MSH BYOD Service Overview Eligible Users: MSH-affiliated Physicians, Executives Eligible Devices: iPhones and iPads 3G (iOS 5+)(TRA/PIA) Available Functionality: Email/ Calendar/ Contacts only Self-serve device activation and registration Air Watch™ MDM solution BYOD Enabling Strategy: Combine Technology and Policy Technology Select devices and minimum operating system requirements Mobile Device Management (MDM) solution and best-practices Self serve on-boarding and device registration Password enforcement Detection of troublesome activities or applications Ability to wipe and lock rogue devices Blocking certain features Off-boarding and termination Policy Acknowledgement of the associated MSH BYOD Policy Acceptance of the End User Agreement Complete BYOD training MSH End User Agreement (EUA) Established data security and privacy policies will govern BYOD Service Plans and device upgrades or replacements are the responsibility of the users MSH has the right to inspect the contents of any personal device used for work purposes and can audit them for compliance MSH help desk will support issues related to accessing corporate resources only Users agrees to MSH wiping the device under special circumstances (hacked, jail broke, lost) Devices will have restrictions for using select features & apps (i.e. iCloud, Siri) Users will need to set up an 8-character password for the device. In the event that a BYOD device is lost or stolen, users will notify their manager/supervisor and the Corporate Privacy Officer immediately. BYOD users who fail to comply with this policy may be subject to disciplinary actions/immediate loss or restriction of privileges User may have to surrender device to employer under special circumstances (i.e. for a legal hold) Outcomes, Challenges and Next Steps • • • • • • • • Overall, pilot participants were very satisfied with BYOD initiative Indicated BYOD improved responsiveness and productivity Support model and self-serve framework Cost savings not a driver and were not realized; considering stipends for management staff (taxable benefit) MSH devices not scaled back; majority of participants nonemployees Limitations: restricted functionality and password length Constant change a reality of BYOD; new devices, new updates = risk, update Air Watch, NAC Next Steps: expand employees, device selection, MSH resources (i.e. Citrix, wireless, VoIP) Questions ?