Controlling mobile devices in an academic medical center: Unique challenges

by Marti Arvin

Marti Arvin (marti.arvin@cynergistek.com) is Vice President of Audit Strategy at CynergisTek in Austin, TX.

  • linkedin.com/in/marti-arvin-7a6a587

In today’s healthcare environment, mobile devices are rampant. Controlling the nature and method of data stored on these devices is not easy in most industries — and mobile devices in the healthcare environment present a unique challenge. What makes securing mobile devices particularly difficult in healthcare and even more difficult in the academic medical center (AMC)? It helps first to understand the environment.

The academic medical center

The old saying is that, “If you have seen one AMC, you have seen one AMC.” The organizational structures, politics, and cultures vary among AMCs. The nature and structure of the legal entities involved can also vary, but there are consistent factors. Usually, there is a healthcare facility, such as a hospital, and an AMC will have faculty members and trainees (i.e., residents and students). The clinical activity of the faculty members will often be performed through one or more faculty practice groups. Clinical research is often also being conducted simultaneously on the university side. Regardless of the structure, controlling the data on mobile devices is difficult, but sometimes the AMC structure can make an already complex proposition even worse.

So, what are some of the variations of the structures? There can be a single legal entity in which the university owns the hospital and faculty members are employed by the university, both as educators and clinicians. All research activity is performed by that legal entity, and most of the training programs are all conducted by the entity.

Another variation is that the university is one legal entity responsible for most of the training programs and research activity, and the health system is another legal entity or a combination of related legal entities. Yet another variation is a combination of the first two (i.e., one or more of the hospitals are a component of the university and the health system owns others) where all entities share common governance and oversight.

There may also be one or multiple affiliated hospitals that are each an independent legal entity with a separate governance structure. One or more faculty practice groups generally employ the physicians. The faculty practice groups may be affiliated but separate from the university. A practice group may be a component of a large health system or completely independent from it. When the practice group is a separate legal entity from the university, the faculty members are generally dual-employed. They are university faculty performing educational and research activities for the university while, as clinicians, they are performing patient care services through the faculty practice group.

This document is only available to members. Please log in or become a member.
Become a Member Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings