Clinicians can be demanding customers for IT managers in the hospital environment. While they are concerned about security and patient privacy, they want to focus on delivering the best care possible — which means IT has to adapt to support their needs with clinical workflow apps on mobile devices.
Clinicians want tools that deliver electronic health records (EHR) information easily, that promote and speed collaboration and communication, that simplify prescriptions and refills and that alert them when procedure and lab results are available. At the same time, hospital IT managers need to keep security and compliance regimes such as HIPAA top-of-mind — and keep an eye on the bottom line and overhead costs to deliver and maintain these devices.
Managing smartphones, tablets and wearables throughout their life cycles requires a coordinated set of tools to create and apply configurations, ensure device compliance, control inventory and device status, and manage the links between users and their devices. Most hospital IT teams will use mobile device management (MDM) or enterprise mobility management (EMM) tools to handle long-term management of devices and features such as remote wipe, but there’s a big gap: How do you get an unconfigured (or recycled) device from its raw state to the end user as quickly as possible? That’s where Samsung Knox Configure can save time and money, while increasing security, for hospital IT.
How Can Knox Configure Assist Hospital IT?
Knox Configure is a cloud-based tool that can be used to customize any Samsung Android device. When a Samsung mobile device first boots up, it syncs with Samsung’s Knox servers. If the device has been assigned a profile as part of an enterprise Knox Configure account, the profile will be automatically applied.
Knox Configure licenses are purchased from Samsung resellers, who preload device serial numbers into the cloud-based Knox Configure portal before they’re even delivered. Once the device is known to Knox Configure, hospital IT managers can assign a profile — a collection of settings — and the profile will be used to configure the device during its initial setup (or after any factory reset).
Get Your Ultimate Guide to Knox Configure
Learn how to optimize tablets for your unique business needs using Samsung Knox Configure. Download Now
Knox Configure can also work similar to an MDM/EMM tool using dynamic profiles. When Knox Configure is used in this way, changes to the device profile will be automatically applied to the device as it makes periodic check-ins with the Knox Configure service. This gives hospital IT administrators configuration options beyond what a typical MDM/EMM tool can support, such as hardware-specific settings to control device button behaviors, energy saving settings and branding.
Knox Configure profiles cover 10 different areas of device customization, from the device appearance (such as home and lock screens and display behavior), to management of cellular service Access Point Names (APNs). Hospital IT managers will find controls related to applications (such as whitelists and blocklists, preloaded applications and data, and application security settings), security and authentication (such as requiring or disabling certain types of biometrics, or blocking SD-card access), and network profiles the most useful. For example, hospital IT managers can preload network profiles to control roaming or tethering, or to prevent Bluetooth or near-field communications (NFC) from being disabled, or to disable SMS/MMS messaging.
By going deeper than most MDM/EMM tools can and by capturing the device at an early stage during setup, Knox Configure is a natural complement to these other tools and quickly achieves the goal of saving both time and money.
Identity Access Management for Patient Data
Knox Configure offers another important feature hospital IT managers can leverage to streamline their mobile device rollout: boot-time login to shared devices. Phones and tablets with Samsung Knox version 2.6 or later can be locked up tightly by selecting Knox Configure’s Shared Device mode. The security of Shared Device mode requires the user to enter enterprise Active Directory credentials at boot-time — and those credentials are then used to select a Knox Configure profile. This means that a device will be reconfigured, almost from scratch, every time someone logs in.
When the user logs out, all of their data is wiped from the phone, maintaining a secure and controlled environment. Knox Configure’s Shared Device mode is used in place of Android containers. Although containers have a similar function when it comes to data privacy, Knox Configure’s Shared Device goes even further by completely reconfiguring a mobile device every time it changes hands. Hospital IT managers can use Knox Configure’s Shared Device mode when they maintain a pool of shared devices that may move between completely different groups with completely different application and privacy needs. As a side benefit, Knox Configure’s Shared Device mode can be connected to Knox Single Sign-on, reducing the need for users to log back into their Active Directory account as they use other enterprise applications.
With Knox Configure, hospital IT administrators can dramatically speed up and secure the process of initial setup and configuration of Samsung wearables, smartphones and tablets. Devices can be linked to enterprise MDM/EMM solutions, or use Knox Configure’s dynamic profiles to maintain compliance and protect sensitive patient data.