Mobilizing Patient Care
THE BIOS CORPORATION, BASED IN OKLAHOMA AND TENNESSEE, is an assistance network for developmentally disabled adults. The company provides a number of services, including a senior companion program, employment assistance, and residential care. With around 300 residents under its daily attention, Bios Corporation deals heavily in sensitive healthcare and other personal information. Direct support professionals (DSPs) work with the residents on a weekly basis and are required to document specific issues in their shift notes, including the administration of medication, food intake, doctors’ visits, and glucose levels.
Lori Mouse, chief financial officer of Bios Corporation, tells Security Management that as recently as last fall, DSPs were still completing their shift notes, medical records, and other paperwork manually, which was time-consuming and inefficient.
In the fall of 2013, Bios Corporation began looking to move from manual paperwork to an electronic system that would not only provide more convenience, but would also allow them to better secure residents’ information. They purchased almost 200 Samsung Galaxy Android tablets and placed one in all of the residences, which each house up to three adults. “Instead of doing all this manual paperwork, we’re trying to automate that process so that the staff time is spent developing relationships with people,” says Mouse.
Bios Corporation chose Therap Services, a Web-based application that is specially designed for providers who support people with developmental disabilities, to replace the manual paperwork process. DSPs now use the application when working with residents to manage medications, doctors’ visits, food intake, and more, all through a secure Web portal.
Protecting the information being entered into those tablets is vital, especially to remain compliant with the Health Insurance Portability and Accountability Act (HIPAA), which sets strict federally mandated security rules for healthcare information. Therap was able to provide the Web-based security needed to protect patient information once it was uploaded to the cloud. However, managing security on the devices would be a separate task.
The company wanted a way to centrally manage patient information, but it is also needed to ensure the integrity of the data. They also needed to make sure that electronic devices were used for business purposes only, preventing access to inappropriate mobile applications or Web sites. In addition, if any device were lost or stolen, Bios Corporation wanted to be able to remotely wipe the information.
Bios Corporation had been working with a consultant at Verizon Wireless for its mobile device supply needs. For a comprehensive mobile device management and security solution, the consultant recommended Mojave Networks (formerly Clutch Mobile).
Mojave offered a solution that would manage the devices and also provide network security, ensuring the protection of the sensitive healthcare information Bios Corporation deals with on a daily basis.
“What’s we’re really helping Bios Corporation with is ensuring network security for the device,” says Garrett Larsson, cofounder and chief executive officer of Mojave Networks. He says that includes making sure that when the device is communicating with the network, it’s taking place over a secure connection. “We can help with looking for any type of noncompliant data going over the network, so that sensitive data isn't going to places it shouldn’t be going to,” he explains.
Mojave provides cloud-based security, which means there’s virtually no hardware to install when deploying the product. “A good analogy is, it’s like your own firewall, but it’s in the cloud, so it’s like a mobile firewall for these devices,” Larsson notes.
The solution from Mojave can even stop employees from accessing certain Web sites, no matter which Wi-Fi network they are connected to. “We can really restrict what’s going on at the network level, so if you don’t want people going to nonapproved Web sites, we can do all that across any [Wi-Fi] network, if you’re on Starbucks, if you’re on hotel Wi-Fi, if you’re on the carrier network,” according to Larsson. “Wherever you go, we can help make sure that the network is being used in the proper format.”
Mojave’s network security also allows Bios Corporation to limit what applications the employees are accessing. Bios Corporation examined its internal policies and determined that DSPs would be limited to using Therap software on the tablets.
Data isn’t normally stored on the tablets at Bios Corporation. But if a document, like a prescription hasn’t been uploaded to the cloud yet, and is sitting on the tablet, the ability to remotely wipe the device can be crucial in protecting sensitive information. “If a device gets lost or stolen, we know that we can immediately wipe it and prevent any exposure of the data,” according to Mouse.
Larsson adds that an important feature of the Mojave’s mobile security is protection against the types of network attacks you see on enterprises, such as Web-based malware or spear-fishing. He says many businesses remain susceptible to spear-phishing because it is a socially-engineered threat. “On average we block about 10 threats per device, per month in this area,” he notes.
The product also provides visibility for Bios Corporation into what employees are doing on the tablets, a feature which Mouse says allows them to ensure the integrity of their staff. “We can monitor, we get weekly reports from Mojave of who’s doing what,” she notes. “So we have some accountability that we are able to build in.”
Mouse adds that using electronic devices is becoming more prevalent in the residential healthcare provider industry, but is not yet the norm. “We hope that we can actually market those services eventually, and help other [companies],” she says.