As with many industries mobile has become a dominant, disruptive
force. The Radicati Group performed a
study in 2014 and found that mobile devices in use, including both phones and
tablets, will grow from over 7.7 billion in 2014 to over 12.1 billion by 2018. The statistics are staggering:
•
2015: 205
million estimated mobile apps downloaded (Gartner)
•
2015: 51% of the population have a mobile device
(GMSA Intelligence)
•
2015: 72% of all page views via mobile device (GMSA
Intelligence)
•
2018: 84% of the world population will be using
mobile technology (Radicati Group)
•
2018: average of almost two mobile devices per
mobile user (Radicati Group).
•
2018: If
you take into account purchasing power in developed vs. undeveloped countries, many
mobile users in the US could have 3-4 devices!
Members have become so reliant on mobile applications in their
everyday life they now expect payer access anywhere, at any time. Employees also expect to be able to perform
their jobs using mobile devices. This is
especially true for those that travel and perform business from remote sites. Bring-Your-Own-Device (BYOD) programs address
these market trends for payers. BYOD
brings great potential benefit but comes with significant constraints and risks.
Benefits include:
•
Consumerism programs can benefit from providing
access to member services via mobile
•
Mobile access can be a great differentiator
leading to higher member satisfaction and revenue growth, especially in
Medicare STAR rated programs
•
Letting employees utilize their own mobile
devices significantly reduces capital outlay, depreciation cost and risk of technical
obsolescence for payers
•
Employee mobile access can increase employee
engagement and job satisfaction
Constraints and risks include:
•
A poor mobile experience can damage member
and/or employee satisfaction
•
There is cost and complexity involved in
managing duplicate infrastructure and applications
•
Security
·
HIPAA provides penalties but little guidance on PHI
security methods and the mobile security market is immature
·
Controlling security on mobile devices can be
difficult on payer owned devices, more difficult on BYOD devices
·
It’s not just managing the download or access of
data through controlled applications, it’s access to data in any form including
in transit (i.e. cell towers, Wi-Fi), at rest on company servers, at rest on
mobile devices and through the life cycle of the mobile device (i.e. active /
authorized, post termination, theft, etc.)
So what is required to build a successful BYOD program in
the payer world? Many organizations see
the BYOD program as an extension of IT infrastructure. Isn’t it just extending access to
applications through mobile devices? The answer is a resounding no.
Although many business applications are web based, mobile web
browsers do not have the same maturity and often can’t be used effectively on mobile
devices. Moving to native mobile OS applications
(i.e. iOS, Droid) provides more functionality, but requires development and
maintenance of duplicate applications.
Building cross-platform applications is an option, but requires unique
skills and development tools.
There is also the issue of user experience across
platforms. Members and employees expect
to have a similar experience and usability across channels. If the mobile user experience is poor or
inconsistent with other channels it can seriously damage customer
satisfaction. In fact, it could drive
additional calls into customer / technical support raising the cost of
operations. This is the exact opposite
of its intended effect.
In regards to the infrastructure, managing the platform
requires unique skills and technological controls to meet HIPAA
requirements. Data at rest inside the
payer network already has HIPAA related controls. Logical access is controlled at the application
layer. The infrastructure security gap
comes in regards to data in transit to the mobile device, mobile OS layer and
device storage level data access.
First, Profile based rules should be downloaded to the
device enforcing basic, required controls in the mobile device UI. This creates consistency in security
enforcement and multiple layers of logical security to protect PHI.
Applications should be placed on the mobile device to manage
the entire PHI life-cycle of the device.
Data should be encrypted in transit and at rest on the device. Applications, data and access rights should
be controlled remotely by the payer organization. In this way the data can’t be read without
having the proper rights as granted by the payer, even if the device is stolen. Rights, applications and data can be removed from
the device at any time by the payer (i.e. job change, termination, theft, etc.)
BYOD programs don’t just extend existing applications to
mobile devices. Mobile is a new channel
with unique needs and capabilities. It
ties into the payer brand and has a significant impact on customer and employee
satisfaction. Managing it properly can
be a differentiator. Managing it poorly
can significantly hurt employee and customer satisfaction.
If you need assistance in planning, implementing or
outsourcing your BYOD program contact:
healthcare@igate.com
We manage mobile application development and BYOD programs
for the best known insurance organizations in the world. Our customers range from middle market to the
Fortune 500.
David Lung is a Director in IGATE’s Healthcare Services
practice.
No comments:
Post a Comment