A reprinted article on macworld.com shows (concisely) how the University of California – Irvine is approaching the deployment of iPads at its Medical Center: they use a mobile device management solution (MDM), which is not surprising.
All Medical Students Get an iPad
UC Irvine had a problem in its hands: BYOD as an issue couldn’t go away. How could it, when “the entire curriculum is on the iPad?”
With 100 medical students being accepted each year, Irvine’s IT department would need to manage around 400 tablets…at least. Concrete numbers on how many professors, physicians, and other staff also clamored for the ability to use their own personal devices in the workplace is not given, but it’s alluded that the demand was there.
The IT department quickly made some rules: (1) All personal devices that are part of UC Irvine’s BYOD program would have to use a MDM solution, which is used to enforce policies (such as the use of encryption) and (2) the use of cloud-based data storage / file-sharing services would be prohibited.
While the above rules make sense for most companies looking to protect data, it looks like perhaps the driving force may have been compliance with HIPAA/HITECH in this particular case.
HIPAA/HITECH iPad Security
There are no official HIPAA or HITECH policies specifically directed to iPads, of course (or other tablets or smartphones, for that matter). But, federal regulations do require that protected health information (which includes sensitive medical data, but also generic personal information such as names, addresses, and hospital room numbers) be secure.
Existing regulations that were primarily targeted at mobile devices like laptops, external hard disk drives, and USB flash memory cover iPads and other BYOD devices, though, because the language is generic enough and targeted to protecting data.