I work at a middle sized hospital, and we are starting to embrace BYOD, but more because the doctors are demanding that they be able to use their smartphones and iPads to send patient info quickly by text message and email.

The problem is that HIPAA laws in the USA means that sending patient info by text to a phone can really open up the doctor and hospital up to legal action.

So as part of any BYOD solution, we need to look deeply at the security aspect, and research all the options. I looked at some good large enterprise BYOD solutions out there like Centrify and Enterproid, but they are expensive, invasive, hard to deploye and for larger organizations.

For smaller organizations, I really didn’t find much in the way of solutions. It is then that I saw that for many companies, they are going think about breaking down the BYOD implementation into smaller components. This may means using several smaller apps/software systems to add security and management functions to your BYOD network.

We did this, by having an app (Tigertext) installed on all the BYOD devices. Tigertext deletes the text messages sent/revived on the phone after a period of time. If a doctor loses his phone, the texts are deleted and HIPAA compliance is met.

Next we need something like this for emails.

This is how we are approaching BYOD policy, finding small apps that we can afford that add some specific level of security and control to the BYOD implementation.

Look to hear your feedback on this approach to BYOD.

Federal complaince may be on “Enterprise Data as such”. it can vary from text messages to Complex apps having data footprint in device. So when we solve problems in a reactive way my feel is as the apps and complexity grows there will be a need of more unified, device agnostic, predictive models.

Emails are tricky. Control is more imposed beyond the device app.

Emails are controlled in enterprises in a slightly different way, there are products where the device management tier gives email gateway access (Like Blackberry BES), all emails go via that, hence we can control.. Another set of products include “filters” put inside exchange servers but controlled by MDMs. But there are challenges when integrating with CLOUD EMAIL SERVICES against an Inpremise Lotus Domino/Exchange.

Downloaded offline emails , take the regular app wipe paths..

Having solutionized many implementations, my view is get a unified , consolidated user-device-app management strategy, a semi big bang. Incremental approach can hit a road block because the no of BYOD Solution Apps you install at device will be in the order of no of enterprise apps. So device can get overloaded.

Karen, Kumar and Jonathan, thank you for your reply’s, they were all very informative.

I did find this recent article on the BYOD issue and it talks about Tigertext and the feature in which network admin can delete messages from the lost of stolen phones, which I thought was an interesting feature.

http://pusz4frog.wordpress.com/2012/04/30/tigertext-the-future-of-hipaa-compliant-text-messaging-for-hospitals-and-doctors-and-the-solution-to-doctors-byod-requirements/

I also like the discussion in this article about looking at a single BYOD solution, or piecing one together by using several solution, which I think is going to be a big challenge for IT departments in the future.