Mobile meets compliance: Keeping workers happy and information secure

Professionals working in hospitals today are more mobile than ever, with an app for this and a mobile-optimized site for that.

Mobile devices and applications that became popular in the consumer world are now ubiquitous in many healthcare organizations, which have in turn responded with policies aimed at managing bring your own device (BYOD) and personal app usage at work. These guidelines represent an effort to balance the need to provide workers with "anytime, anywhere" access to the information they need while still protecting sensitive content assets.

The crucial question is this: how does an employee's mobile access to data impact your organization's security and compliance practices?

Strategic opportunity or security risk?
With as many as 50% of all employees predicted to be using their own mobile devices in the workplace by 2017, a BYOD workforce obviously impacts an organization's compliance strategy. In addition to the prevalence of personal mobile devices in the workplace, the other inescapable fact of the modern hospital operations environment is the need to comply with laws and regulations. More than 15,000 federal, state and industry laws, standards and regulations exist in the United States alone, many of which relate to how confidential information and associated automated processes are managed. There's no question that hospitals and other healthcare companies need to manage an increasingly large amount of compliance documentation.

The primary concern of most hospital IT departments and management about employee use of mobile technology in the workplace is security. The use of mobile devices and sanctioned solutions for storing and sharing information results in improved employee productivity and collaboration, which of course benefits the organization. The key here is the use of "sanctioned" devices and technology, since the use of unsanctioned and unauthorized devices and apps can put confidential data at risk.

Just how widespread is unauthorized employee file sharing? Gartner summed up the problem thusly in their report entitled, "Respond to Employees' Use of Consumer File Sharing With 'Easy Content Management'":

"Employees continue to use consumer online file-sharing tools for sensitive documents, even when their company has banned the use of such tools. Employees' use of consumer online file sharing in defiance of corporate rules reduces the influence of enterprise content management (ECM) program managers over content and could put the enterprise at risk. Employees use these tools because they enable them to be more productive across networks (public, private and secure), devices and OSs. Using such tools also enables them to collaborate with their business partners, such as contractors, temporary staff and contacts in other companies. Employees like the ease-of-use of consumer tools . . . which enable them to be more creative and innovative in their work."1

Clearly, the challenge lies in ensuring employees use authorized mobile devices and applications for file sharing and collaboration that also enable an organization to control access privileges. Confidential information should only be accessible to those authorized to view and work with it.

In addition, hospitals and healthcare organizations must also consider also need to allow for mobile participation in workflows with electronic signatures. eSignatures enable users to grant authorizations and workflow approvals, even when employees are away from the office. An electronic signature can be facilitated from a company- or employee-owned mobile device. Beyond convenience, this capability actually improves workflow efficiency while fulfilling the most rigorous regulatory compliance requirements.

Implementing a mobile-friendly compliance strategy
Given the need to provide employees with mobile access to the information they need to do their jobs while also keeping data secure, forward-thinking hospitals are empowering their mobile workforce in connection with a secure and flexible enterprise information management (EIM) system.

EIM systems, which have become vital components of many enterprise compliance strategies, offer a wide range of capabilities that relieve the burden of compliance work. These include a unified system for managing compliance-related information and easy searching of structured and unstructured content, both of which greatly reduce the risk of non-compliance due to manual errors and lost information while also streamlining the regulatory management process.

Leading solutions have fully integrated and secure mobile capabilities that deliver the simplicity employees expect for accessing, sharing and synchronizing files, as well as the security and protection hospitals and regulators require to safeguard sensitive data. In addition, the more innovative EIM systems allow for mobile participation in automated compliance-related workflows, to save time and boost productivity while also ensuring processes are compliant with regulations.

Key capabilities that enable a comprehensive compliance strategy are electronic signatures to fulfill security and compliance requirements, cameras to allow capture of documents or other evidence of completed tasks and GPS capabilities for location-based information yielding oversight and proof of compliance.

The process of managing standard operating procedures (SOPs) further illustrates the value of a comprehensive system that manages confidential information while providing mobile capabilities. Every aspect of the SOP creation, review and modification process is documented by the EIM system, including employee access and electronic signatures to confirm understanding of the material, regardless of employee location or device. Many organizations are finding the ability to leverage mobile devices and applications critical for the SOP management process.

Today's hospitals no longer have to choose between compliance and the simplicity and ease of use that come with mobile devices and applications. Mobile-friendly EIM solutions allow workers the freedom to access the information they require to do their jobs from anywhere, at any time, and they also deliver workflow capabilities and access controls that support regulatory compliance activities. Mobility in the workforce is here to stay. The only question is how to make mobile access a seamless, integral, secure and compliant part of how the organization's work gets done.

1 Gartner, “Respond to Employees' Use of Consumer File Sharing With 'Easy Content Management,” February 17, 2014

Mika Javanainen is Senior Director of Product Management at M-Files Corporation. Javanainen is in charge of managing and developing M-Files product portfolio, roadmaps and pricing globally. Prior to his executive roles, Javanainen worked as a systems specialist, where he integrated document management systems with ERP and CRM applications. A published author, Javanainen has an executive MBA in International Business and Marketing. Follow Mika on Twitter at @mikajava.

The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months