Hello,
I wouldn't be ashamed, it seems like a perfectly reasonable idea to
me. I've been trying to convince the powers that be to let me have a test
iPad just for testing cleaners, but they won't do it.
Regards,
James
On Fri, Jan 21, 2011 at 9:21 PM, Shawn Merdinger <[email protected]> wrote:
> Hi James,
>
> Thanks for sharing your insights.
>
> sigh...maybe I'm just getting old, being pragmatic, or selling out --
> but my takeaway from this iPad/OR stuff is to patent a single-use iPad
> sterile wrapping solution and sell the rights to a medical sterile
> packaging company.
>
> Considering the pervasive threat of nasties like MRSA [1] in medical
> environments, a single-use sterile iPad bag would help mitigate the
> most likely immediate threat to patient safety: dirty iPads crawling
> with Staphylococcus Aureus.
>
> ugh....i'm almost ashamed of myself ;)
>
> Cheers,
> --scm
>
> [1] http://www.cdc.gov/mrsa/
>
> Cheers,
> --scm
>
> On Fri, Jan 21, 2011 at 12:50, James Philput <[email protected]>
> wrote:
> > I'm in a similar situation. We're currently rolling out security
> policies
> > for tablet devices, and have been getting a lot of push back from the
> > medical staff. The thing that seems to be working here is a combination
> of
> > policy and education. We're allowing personal iPads to be used if the
> user
> > agrees to let us install a basic security profile on the device. The
> > standard profile includes the usual wireless, email and VPN settings that
> we
> > give to other remote users, but it also forces stronger passwords and a
> > shorter idle screen lock. Those settings, coupled with treating all of
> the
> > iDevice/tablets as untrusted resources, have gone a long way toward
> making
> > the things less of a security risk.
> >
> > We've been trying to plan for more consumer devices on the network. It
> > takes some effort and a bit more flexibility from a policy and procedure
> > standpoint, but our willingness to work with the non-tech staff on this
> > seems to have gained us a lot of good will. The users are much more
> willing
> > to listen to why we don't want them to do something rather than just
> trying
> > to find ways to evade us.
> >
> > Regards,
> > James
> >
> >
> > On Fri, Jan 21, 2011 at 11:25 AM, Shawn Merdinger <[email protected]>
> > wrote:
> >>
> >> Hi Phester,
> >>
> >> On Thu, Jan 20, 2011 at 20:50, phester <[email protected]>
> wrote:
> >> > Yeah, but it illustrates an universal issue. If users can't do what
> they
> >> > want over the network, they'll find a way around it.
> >>
> >> Exactly. This is great technology and enables medical pros to do more
> >> for patients.
> >>
> >> But it's also worth mentioning that security people can expect a great
> >> deal of pushback from medical pros when trying to assign the risk and
> >> place limitations on these kind of consumer devices in a medical
> >> environment -- and believe me, they can be a tough group of
> >> articulate, forceful and powerful people to deal with. As a lowly
> >> network security monkey, I can vouch that it's no fun to go
> >> head-to-head with with a MD with a Ph.D who brings in millions in
> >> grants to the organization and wants to use his fancy iPad or iPhone
> >> for medical work.
> >>
> >> And I would go even further in that the article mentions medical
> >> schools like Stanford issuing iPads to incoming med students beginning
> >> 2014. So we can expect a entire new group of medical pros who expect
> >> support and security with these devices.
> >>
> >> What's also interesting and a huge, undefined challenge is the
> >> blending of these consumer devices into medical devices. With the
> >> addition of medical image viewing software on the iPad, that device
> >> has now transitioned from a personal learning/entertainment platform
> >> to a bona fide medical device, which opens up many more questions in
> >> terms of organizational policy, data management/retention, and
> >> regulatory requirements (HIPAA/HITECH, etc.). After all, one can
> >> jailbreak an iPad by visiting a website, clearly there are risks to
> >> PHI on a iPad, no?
> >>
> >> Further compounding the issue are cloud applications, specifically the
> >> growing use of personal cloud services like DropBox. There's a great
> >> deal of uncertainty as to the DropBox use with medical information and
> >> regulatory requirements. For more than a year on the DropBox forums,
> >> folks have been going back and forth as to if this application meets
> >> regulatory requirements. But, as you note, people are going to do
> >> what they want, and this is reinforced by DropBox making it way into
> >> "Top 20 Lists" of apps for medical pros [1]
> >>
> >> And with medical pros not fully understanding how personal storage
> >> cloud apps like DropBox actually work insofar as data retention and
> >> flow, we are facing tremendous challenges.
> >>
> >> "When asked about security concerns with the iPad, especially if one
> >> is left behind inadvertently, Dr. Feldman pointed out that as with
> >> everything web-based, nothing is stored on the device." [2]
> >>
> >> From a vendor perspective, there are huge opportunities in this space
> >> to provide workable security solutions for these kinds of devices and,
> >> as Bruce Schneier writes, the "Consumerization and Corporate IT
> >> Security" [3] Bottom line is that we need these solutions to keep the
> >> management folks happy with their regulatory compliance goals, and to
> >> provide more assurance to network security guys like me who are
> >> sweating bullets and worrying in the trenches as we face irate medical
> >> pros with serious pull who expect us to not only secure these devices,
> >> but also take on the liability risks of data loss.
> >>
> >> > Said hospitals need to find a way to provide function securely.
> >> > Solutions
> >> > are out there.
> >>
> >> You mention there are solutions out there. I welcome further
> >> discussion, either off-list or on-list.
> >>
> >> Cheers,
> >> --scm
> >>
> >>
> >> [1]
> >>
> http://www.imedicalapps.com/2010/12/bes-free-iphone-medical-apps-doctors-health-care-professionals/19/
> >> [2]
> >>
> http://www.imedicalapps.com/2010/12/dropbox-osirix-ipad-radiology-images-operating-room/
> >> [3] http://www.schneier.com/blog/archives/2010/09/consumerization.html
> >> _______________________________________________
> >> Fun and Misc security discussion for OT posts.
> >> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> >> Note: funsec is a public and open mailing list.
> >
> >
>
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
