Architecting to Support Clinical Applications Anytime, Anywhere

Ong Leong Seng

Chief Architect & Group Director Architecture, Integration & Development

Trends in Mobility

Copyright 2013, Integrated Health Information Systems Pte Ltd.

Convergence of Devices

Smartphone

Ultramobile Notebook

Media Tablet

Copyright 2013, Integrated Health Information Systems Pte Ltd.

Different form factors, different value propositions ...

2-3

10

12

13-15

Copyright 2013, Integrated Health Information Systems Pte Ltd.

Different form factors, different value propositions ...

One-hand Typing

Hold and Touch

Two-hands

Mobile Computing 2-3 4 5

Sit-back Computing 7 10

Sit- Down Computing 12 13-15

Copyright 2013, Integrated Health Information Systems Pte Ltd.

Different form factors, different value propositions ...

2-3

Content Consumption Quick response Always-On Communication 4 5

Reviews Limited Input Instant-On All-day battery 10

Content Creation Full Productivity 12 13-15

Copyright 2013, Integrated Health Information Systems Pte Ltd.

CIOs Top Technology Priorities

Copyright 2013, Integrated Health Information Systems Pte Ltd.

EA Approach to Mobility

Copyright 2013, Integrated Health Information Systems Pte Ltd.

Guidelines on the use of Mobile Devices in an Enterprise

Enterprise Architecture Office

IHiS Confidential

Copyright 2013, Integrated Health Information Systems Pte Ltd.

Table of Content
1. Mobile Device Definition & Usage 2. Security concerns and Control measures 3. Mobile Device Access Matrix

4. Mobile Device Management

5. Security Guidelines and Policies a. Platform b. Device c. Systems d. Network
IHiS Confidential
EASTERN HEALTH ALLIANCE

Copyright 2013, Integrated Health Information Systems Pte Ltd.

10

Mobile Devices - Definition

Full-featured mobile phones with personal computer-like functionality, or Smartphones Laptops, Netbooks and Tablet computers Portable digital assistants (PDAs) Portable Universal Serial Bus (USB) devices for storage ( Thumb Drives) Portable devices for connectivity (Wi-Fi, Bluetooth and modem cards)

Digital cameras (Wi-Fi, Bluetooth)

RFID devices used for data storage, identification and asset management Infrared-enabled (IrDA) devices such as printers and smart cards
Copyright 2013, Integrated Health Information Systems Pte Ltd.

Why is there a need to control?

Mobiles devices have powerful processors, memory and communications capabilities Ubiquitous Internet access, including wireless & 3G Backdoor into corporate network (trusted) Implications due to the loss of sensitive data residing in these devices, when the mobile device is lost, stolen or shared Controls and management varies among devices Blurring business and non-business usage
Copyright 2013, Integrated Health Information Systems Pte Ltd.

What are the risks and control measures?

Risks
Insiders
Storing of sensitive information and carrying them outside enterprises facility Transferring information from internal trusted network to external devices Denial-of-Service (DoS) to mobile devices Remote execution on mobile devices

Control Measures
Data Leakage Prevention (DLP) tools* Traffic Screening Port blocking tools* Firmware patch/update Do-not-Jailbreak Port blocking tools* Anti-virus/malware for mobile devices* Do-not-Jailbreak Mobile device locking Remote-wipe Encryption of sensitive data
Copyright 2013, Integrated Health Information Systems Pte Ltd.

Direct Attack

Malicious Software
Malwares Viruses

Physical Loss or thefts

*requires installation on individual devices

What to control?
Device Type
Smartphones Tablets Laptops

Device Owner
Personal devices (BYOD Bring Your Own Device) Corporate

Data Type
Category A General, Non-confidential (unrestricted & restricted) Category B Commercial-in-Confidence (confidential) Category C Patient-in-Confidence (secret)
Copyright 2013, Integrated Health Information Systems Pte Ltd.

Information Categories
Cat A General, Non-Confidential
Internet-based information Personal emails (Yahoo, Gmail) General hospital/institution information for public consumption

Cat B Commercial-in-Confidence
Business information (invoice, tender or commercially sensitive data)
Corporate data (emails, board papers, inter-departmental communications, company updates) HR and admin data (finance data, personal data, company / staff data)

Cat C Patient-in-Confidence
Patient demographics Patient-related clinical and ancillary Information Emails with Sensitive Information

Copyright 2013, Integrated Health Information Systems Pte Ltd.

Recommended Controls Source of Access

A: General, NonConfidential Access from external network, i.e. 3G, Internet B: Commercialin-Confidence 2-factor authentication Transmission Encryption C: Patient-inConfidence 2-factor authentication Transmission encryption

Corporate Wireless

AD authentication WPA2
AD authentication

AD authentication WPA2
AD authentication

AD authentication WPA2 Individual App Login

AD authentication Individual App Login

Corporate LAN

Copyright 2013, Integrated Health Information Systems Pte Ltd.

Recommended Controls Mobile Device Access

Usage Device Type
SmartPhone

A: General, NonConfidential
Direct access via 3G No access to corp. Wifi Full Access after AD Authentication

B: Commercial-inConfidence
Device Registration + 2FA# Transmission encryption MDM in-place

C: Patient-inConfidence
Device Registration + 2FA Transmission encryption MDM in-place Application/Desktop Virtualisation

BYOD

Tablet PC Laptop SmartPhone

Corporate

Tablet PC
Laptop

Full Access after AD Authentication

#2FA not required for email access

Copyright 2013, Integrated Health Information Systems Pte Ltd.

Mobile Device Management

MDM is a set of guidelines to address the security concerns and defined policies that govern the usage of the devices in the corporate environment.
Security Guidelines Platform Security Policies 1. 2. 3. 4. Platform and types of device management Inventory Management Access management Authentication and Encryption

Device Security

1. Central management console 2. Remote lock and wipe 3. PIN lock policy 1. 2. 3. 4. 1. 2. 3. 4. Application security policy Data encryption Data fading Enterprise data boundary Lockdown security Certificate distribution Password enforcement End-user awareness and training

Systems Security (applications and data)

Network Security

Minimum set of features required of MDM Software

Authentication
Provide or configure power-on user authentication suitable for enterprise use. This includes the use of a strong password, a maximum number of failed login attempts and an inactivity time-out on the device

Encryption
Provide or configure encryption on the device

Application Control
Manage the applications available to the user on the device. This include blacklisting or whitelisting of applications, placing limitations on applications that can be installed or provisioning applications to the device

Device Wipe
Perform or result in a complete erase of data on the device

Device Firewall*
Provide device firewall that examines and applies a policy to all traffic inbound to the device over network connections

Antimalware
Examines files on the device for malicious software
*may not be possible on iOS devices
Copyright 2013, Integrated Health Information Systems Pte Ltd.

Mobile Device OS Roadmap

Technology Mobile Device OS
iOS 4.2.x
iOS 4.3.x iOS 5.x iOS 6.1.x

2013
D
D M I

2014
D M

2015
D

Remarks
iPhone, iPod Touch (2nd Gen.)
iPhone 3GS-5, iPad & mini iPhone 3GS-5, iPad & mini iPhone 4-5, iPad & Mini (2nd Gen)

Android 2.3.x
Android 3.3 Android 4.x Windows Mobile 6.x Windows Phone 7, 7.5 Windows Phone 8

D
M I D M I

D M D M Legend:

D D
P I M D

Gingerbread
Honeycomb Ice-cream Sandwich, Jellybean

Pilot Invest, technology ready for mainstream deployment Maintain, new implementation not encouraged Technology reaches End-of-Support, to be discontinued

WebOS Blackberry OS (except for email) Symbian

Mobile Impact on IT Strategy

New architectures Development Tools & Processes Multiplatform support B2C, B2E, E2E Management and Security New sourcing partners

Copyright 2013, Integrated Health Information Systems Pte Ltd.

Adopting an Hybrid Approach

Copyright 2013, Integrated Health Information Systems Pte Ltd.

Identifying the Key Use Cases

Process Standardization

Rehab Order & Notes Discharge Medication Management Integrated Appointment Patient Tracking Bed Management Admission & Financial Counselling
Copyright 2013, Integrated Health Information Systems Pte Ltd.

Map-out the To-Be Processes

Copyright 2013, Integrated Health Information Systems Pte Ltd.

Content Creation

Copyright 2013, Integrated Health Information Systems Pte Ltd.

Content Review

Copyright 2013, Integrated Health Information Systems Pte Ltd.

Supporting Care

Copyright 2013, Integrated Health Information Systems Pte Ltd.

Reaching out to Patients

Copyright 2013, Integrated Health Information Systems Pte Ltd.

New Innovations
Vital Signs Monitoring Telehealth
Researchers print biometric sensors directly on skin, make wearable health monitors more durable

Fujitsu software uses a smartphone's camera to measure your pulse

LifeBeam heart-monitoring smart cycling helmet

Copyright 2013, Integrated Health Information Systems Pte Ltd.

THANK YOU