Apr 26, 2016
6 Guidelines to Creating a Secure Mobile App for Providers
Unlike apps targeted at consumers, provider-facing apps developed by health systems require a different skillset - and security considerations. Healthcare providers are creating – or thinking about creating – internal business apps to help clinicians improve patient care or streamline core processes, but they face challenges with privacy and security. After all, it’s not easy to design an app that will work well for a doctor or nurse who works at different hospitals, sometimes several in the same day. This doesn’t mean providers should shy away from developing these transformative apps. They can take several measures to ensure that these apps have the highest levels of security. Here are six guidelines that health system executives should follow when creating a secure and effective enterprise app.
- Know your device and user landscape: Different types of healthcare facilities will have different devices that need to be served, and end-users will have varying levels of mobile competency. Those who target physicians as the end-user tend to skew heavier toward iOS devices, while those with traveling nurses or other services tend to have more Android devices. It’s also important to understand how mobile-savvy your end-user population is, as it may impact how you design and deploy the app and the type of training required to ensure app adoption.
- Develop apps with usability as the top priority: Once you understand your end-users, it’s important to focus on the usability of the app. Within healthcare environments, the app is sure to be critical and in many cases will impact patient care. Whether it’s delivering educational materials for doctors, tracking seizures, sleep patterns or stress levels of patients or used to aggregate and disseminate classified patient information, the app must be easily understood, even by an end-user who doesn’t have much training. To ensure adoption by a target audience, it’s often good to create a mock-up or proof-of-concept to show how the app would look and work before you actually build it. Ask potential users how they would use it, and iterate based on their suggestions.
- Apply app-level security: Global healthcare privacy concerns can be addressed by securing mobile workflows that span the entire healthcare value chain. Mobile app policies allow administrators to control access to individual apps and provide data protection at the app-level. This can be done with app wrapping, a method of applying security policies after the app is compiled. To ensure a healthcare app has the highest level of mobile security, institutions should incorporate government-level data encryption, corporate authentication requirements for sign-on, self-updating apps and app expiration policies that enable an app for a predetermined amount of time – helpful for workers who are accessing apps for multiple healthcare institutions.
- Create an app system of record and governance policy: When healthcare providers increase mobile app development capabilities, they often build an app portfolio to support all end-users. These apps may be built by one internal team or multiple teams, including third-party partners. To ensure each app is up to quality and security standards, it’s important to have all apps managed in a centralized system of record. This approach helps administrators inspect the app for malicious code or malware, sign and apply fine-grained security policies and get insight into how and when the app is being used, significantly saving time across the entire lifecycle of the app.
- Make it easy for users to get apps securely: Healthcare providers need to make it easy for end-users to download their app, or it will go unused. There are a few different ways to distribute apps. If there is only one critical app with a defined user group, a download link to an app managed with policies might do the trick. On the other hand, a well-instrumented private app store can drive the highest levels of adoption and user experience, while also serving as a source of analytics to help manage ongoing app health. A private enterprise app store is an effective way to reach a wide range of users including direct employees, contractors and visiting physicians without compromising security by deploying apps in a public store.
- Gain app insight with analytics: Whether distributing test or production apps, collecting user comments and app ratings can provide invaluable closed-loop feedback to app administrators and developers. This helps developers in planning the next iteration of the app. Beyond initial user feedback, app analytics can help administrators understand more about actual app use patterns. These adoption metrics will help the administrator and app owner determine an app’s true penetration and use.