Advances in mobile technology coupled with widely accessible mobile internet access has changed how emergency services stay connected. As we move forward towards a fully operational Internet of things (IoT), mobile devices will continue to open up new ways to assist with emergency medical services (EMS).
Currently, mobile devices are used by emergency responders in a number of clever ways. For example, it allows emergency medical staff to access patient health records from anywhere. Mobile devices can be used to monitor vital signs, and transmit them straight to a hospital. And in some cases, streaming video can be used so that off-site medical staff can assist paramedics.
These are excellent examples of how mobile tech is really helping the emergency medical services to improve their game. And this ultimately, helps save lives. But there is a downside. Transmitting private medical data across a public facing internet connection has some potential security risks. Great care has to be taken to ensure that patient data is never exposed to any form of security vulnerability.
This means that a robust framework for dealing with mobile device security needs to be established. A combination of utilizing mobile security best practices, alongside a comprehensive Mobile Device Management (MDM) and Mobile Application Management platform.
Implementing a security policy alone is not enough. This will help to protect mobile devices from intrusion. But what happens if they are lost or stolen? This is where MDM comes in. Offering the capability to track, locate or even remote wipe a mobile device. Finally, lock-out unnecessary apps from to device to maximize employee productivity. This is where the Mobile Application Management (MAM) and Kiosk mode functionality step in. With the Kiosk Mode turned on, IT administrators can remotely enable individual medical apps and block all other features and apps in the device.
Let’s take a look at some if the features and capabilities that such a platform would need to implement:
- Log all device usage, to be stored centrally within the MDM platform. This will enable highly granular auditing of the actions taken by emergency medical staff.
- Restrict the installation of third party applications that could expose the device to potential security vulnerabilities.
- Implement data encryption at device level for insecure applications. Additionally, all communications using messaging apps or email, needs to be similarly encrypted.
- Installation and monitoring of an auto-wipe function installed directly upon the mobile device. So that if the device is lost or stolen, it will automatically wipe itself once it discovers it is no longer connected to the MDM platform.
- Monitoring and managing all software versions and patches for both the operating system and the apps being used by emergency medical staff.
- Implementation and active enforcement of device level password protection.
- Allow for the real-time tracking of mobile devices by location using both GPS and network triangulation. This will help to find lost or stolen devices.
- Providing full remote lock and wipe functionality. To remove the security issues faced when a device is lost or stolen.
- Allow for the bulk update of security policies across all devices, or a subset of devices.
This is just a very basic list of the features set that an MDM platform for use by emergency medical services would need to provide. However, there are further considerations that relate to security best practices. These are less tangible, soft issues that need to be addressed, such as:
- Mobile devices should be blocked from allowing the user to install unapproved applications or change the configuration of the device in any way.
- Users of mobile devices should receive full training in how to operate the device, and what to do if it is lost or stolen.
- General mobile device security policies should be developed, and reiterated regularly to ensure ongoing security.
- A specific team or department needs to take responsibility for the ongoing security of mobile devices used by emergency medical staff. Logically, this should be a technical department. But it may be advisable to make the oversight of this department the responsibility of a senior level manager.
- It needs to be understood that simple compliance is not enough. Operating within the minimum requirements set down by government legislation is not going to result in completely secure mobile device use.
Mobile technology has been, and will continue to be a great resource for emergency medical services. This kind of tech empowers medical staff to work in a more efficient and effective way. The bottom line is that mobile tech in the EMS sector can and does save lives.
Unfortunately, unless mobile device security is handled diligently, and in a proactive manner, there are also potential risks. These risks in some cases, could outweigh the benefits in some cases.