The toolkit looks at legal and regulatory aspects of mobile security in healthcare, and also includes links to a Veterans Administration case study and guidance from Forrester Research, BankInfoSecurity, and others.
Now the workgroup is creating additional resources to reflect how users access content such as videos and podcasts from their mobile devices, Brady says. The goal is provide more examples of policies currently in use, in some cases taking the policies from some health systems and anonymizing them, if that makes the health system in question more comfortable about sharing their best practices.
The biggest challenge the HIMSS committee has to wrestle with is how to deal with devices not owned by the healthcare systems, but brought to work by employees.
"Usually most organizations won't allow the iPad on the network unless it's owned by the organization, then they can have some control over the App Store and iTunes," Brady says. "I know that's an issue at my organization."
My story pointed out the increasing use of virtualized desktops to permit the use of BYOD iPads, but for Brady and others, this alternative isn't a slam-dunk, at least not yet. "Something needs to be in place to verify the end points will not incur risk to the network," he says.