Glosario eSalud | eHealth Glossary
Glosario sobre eSalud | eHealth Glossary
Currently sorted By last update ascending Sort chronologically: By last update | By creation date
Are EHRs Life Savers?
Are EHRs Life Savers? Maybe So, According to Preliminary Research
by Rajiv Leventhal
Can the adoption and implementation of electronic health records (EHRs) be tied to hospital performance and lowered mortality rates? While we might be a bit of time away from being able to make that precise claim, new research does suggest a measurable beneficial relationship.
The findings were revealed by HIMSS Analytics, the research arm of the Healthcare Information and Management Systems Society (HIMSS), and Healthgrades, an online resource for comprehensive information about physicians and hospitals. The value of EHRs has long been discussed, but until now evaluations have lacked comprehensive clinical data, according to HIMSS officials.
Using HIMSS Analytics’ Electronic Medical Record Adoption Model (EMRAM) and mortality rate measures collected by Healthgrades across 19 unique procedure and condition based clinical cohorts, the analysis found that hospitals with advanced EHR capabilities (as reflected in high EMRAM scores) demonstrated significantly improved actual mortality rates, most notably for heart attack, respiratory failure, and small intestine surgery.
Most cohorts experienced improvement in predicted mortality rates when compared to hospitals with lower EMRAM scores. The predicted mortality rate is an indicator of the level of documentation and capture of patient risk factors that are correlated to increased risk of mortality. In total, 4,583 facility records were selected from the HIMSS Analytics database, representing the total number of facilities with complete data from 2010 through 2012.
Collecting the Data
One such facility that participated in the study was the Charlottesville-based University of Virginia Health System, which includes a 604-bed hospital, Level I trauma center, cancer and heart centers, and primary and specialty clinics throughout central Virginia. According to UVA Health System’s CIO, Richard Skinner, who is also a board member for HIMSS Analytics, while the EMRAM model has enabled healthcare systems to see where they rank as far as EHR maturity, any kind of data that describes the impact of implementing an EHR on clinical performance has been missing until now. “The reason for this study was to describe potential benefits from the EHR, and preliminary results say there are benefits,” Skinner says.
For years, HIMSS Analytics has collected a very detailed data set from each hospital in the U.S. with the exception of some very small ones; the model has very specific criteria for which capabilities a facility needs to have for each stage (0-7) on the scale. “Every year, [HIMSS] will call someone from each hospital and ask them to renew that data set. They ask questions such as, ‘Do you have an electronic medical administration record and do you do CPOE (computerized physician order entry)’, for example. With all of that data in hand, HIMSS can then say Hospital A is at Stage 4,” says Skinner. Then, Healthgrades takes Centers for Medicare & Medicaid Services (CMS) data and looks at people who have died in a specific facility, and CMS’ grading of if those people in the aggregate were expected to have died given their diagnoses and so forth, Skinner says.
According to Skinner, to date, the study has shown that those facilities that are higher on the EMRAM (in Stages 6-7) have a better ratio of actual mortality to expected mortality than do hospitals that are lower down on the scale. But Skinner does say that a deeper dive of the data is coming, and that the analysis is very preliminary. “We don’t know why that is yet, but to date that’s what the data has showed us. And you might ask about other factors—‘Are the ones higher on the EMRAM better funded, bigger, and in urban areas?’ There are a host of factors that can come into play. But again, the preliminary data shows a correlation between mortality rate and implementation of EHRs,” says Skinner.
As of today, the study hasn’t gotten down to institutional level to see what happened at a given organization, Skinner says. “And it might not, because the power of the study is the size of the sample’ and it’s the size that enables being able to discover the correlation,” he says.”If you did it at one hospital, there would be so many other variables that statistically, you couldn’t make that association.”
At UVA Health System, Skinner says he has looked at the organization’s clinical performance indicators over time and whether they are improving or not. “For some of those indicators, it’s clear there is at least an association with having better data and having that data in front of clinical decision makers. For others, it’s hard to tell, he says. “Things like urinary tract infection (UTI rates) are getting markedly better, but is that all because of EHRs? No, but you can credit the EHR with at least being able to expose the data and communicate it effectively.”
Skinner says that the reason why such evaluations have lacked comprehensive clinical data is two-fold. First of all, the EHR is a relatively new phenomenon, as most organizations have only implemented a comprehensive EHR in the last few years, and getting it to operate effectively takes some time, he says. The second factor is that the contributing factors to an improvement in clinical performance are, even in the simplest cases, “numerous and interrelated.” So analytically, Skinner says, “It’s difficult to figure out what the most causative variable happen s to be in improvement in expected mortality, or whatever it is that you’re trying to measure. I think the message to the industry is that for hospitals with EHRs, there exists great potential to get further benefits from these tools as we mature in figuring out how to use them,” he says.
Skinner adds that he feels confident in saying there is a “statistical” correlation between advanced EHR capabilities and improved mortality rates. “But again, what part of that correlation is causative awaits further analysis of the data and is not in the preliminary report. All we can say at this point is that there is a correlation. Now, intuitively, it stands to reason that further analysis will filter out those other variables to get to the real contribution to having an EHR.”
What’s more, Skinner does say that the results so far are exactly in line with what he expected. “Of course I am a biased CIO who has a stake in this business,” he says. “But organizations that have spent billions in the aggregate to implement EHRs obviously have the same expectations. While meaningful dollars play a role in that, the entire industry has the expectation that having better information better organized in front of clinical decision makers will lead better results. This study indicates that we’re starting to see that.”
Skinner says he feels that it’s important for the industry to demonstrate this not only because of the magnitude of the investment that’s already been made, but also because there is a huge amount of work left to make truly optimal use of these tools to improve performance. “That’s the hill we are climbing as an industry,” he says.
Clearly a proponent of EHRs, Skinner says that those who criticize the technology for not providing clinicians enough value might not be accurately measuring what the “value” really is. “It may be that a specific clinician hasn’t found much value to him or her, but that doesn’t mean his or her use of the EHR hasn’t proved value to the patient, to the institution as a whole, or to other parts of the institution,” he says.
Skinner notes that the case is easier to make at the organizational level than it is than it is at the individual physician level. “Providers do have a point in that they are being asked to do more and put their hands on a tool they never had to worry about. So there’s no question they have acquired added burdens. But the real question is, ‘Has the institution and its patients gotten sufficient benefit to justify that extra burden?’”
Will (Human) Radiologists Be Turned Into Digital Apps?
Will (Human) Radiologists Be Turned Into Digital Apps? Don’t Worry, It Won’t Be Like That
by Mark Hagland
It was fascinating to read a rather existential blog in the past week about radiologists' role in the new healthcare.
It was fascinating to read a rather existential blog written by Douglas G. Burnette, Jr., M.D., a practicing radiologist, in the online edition ofDiagnostic Imaging.
In his August 22 blog, Dr. Burnette says this: “Radiologists along with the rest of society are becoming digitally detached and the more detached we are, the harder it is to assert our value. Our virtual omnipresence and digital efficiency may have sown the seeds of our destruction.”
Further, “Have you noticed how often websites offer live chats lately?” he asks. “I believe that while this is a very efficient way to communicate, it also removes the barriers and stigma of language and ethnicity from the exchange of information. The frustration of dealing with someone in a phone bank in India is gone. It will be just that easy to replace us someday.”
Then, Burnette asks, “What do we offer to counter this? Radiology services are being effectively commoditized. I admire the efforts to educate the public and put our best face forward to patients and referring physicians. Unfortunately, in today’s busy practice, it is rarely practical to speak directly with patients on a routine basis. I have found that my pace has gradually increased to cope with peak work flow times and I am unable to slow the pace even when there is a lull in the action.”
What Burnette worries about—quite legitimately—is this: “Radiology services are rapidly becoming commoditized.”
Thus, arguably the most technology-focused and technology-enabled medical specialty is facing a rather existential conundrum: the same advances in medical, imaging, and information technology that have made radiologists hyper-efficient have also potentially made their specialty the very easiest (and one of the few in actuality) to offshore.
And Burnette is far from the only radiologist pondering the place of himself and his colleagues in the emerging healthcare. How will radiologists show their value to their referring physician peers? Inevitably, with offsite, sometimes offshore, radiologic studies having become commonplace, how can those radiologists affiliated with hospitals, medical groups, and integrated health systems feel themselves integrated with their physician colleagues anymore?
In fact, Burnette concludes his blog with this thoroughly pessimistic statement: “Over the years it has been difficult to earn the respect of my medical colleagues even to the extent on occasion of having to assert that I am a real doctor not a technologist. I suspect that as medicine evolves or devolves (depending on your point of view) we may, indeed, become essentially technologists. One day we may even become an app on a digital device—the ultimate in digital detachment.”
It was fascinating to read a rather existential blog in the past week about radiologists' role in the new healthcare
That viewpoint seems a bit dystopic to me. But what is true is that radiologists need to begin to concretely demonstrate their value to the care delivery process in their organizations. Back in December of 2013, Rasu Shrestha, M.D., vice president of medical information technology and medical director for interoperability and imaging informatics at the vast University of Pittsburgh Medical Center (UPMC) health system, told me this, about radiologists in the new healthcare: “[L]et’s focus on two challenges. One challenge is that of what I call efficiency pressures; everyone is being challenged to do more with less. And the other type of pressure is quality of care pressures. And that means you’re being challenged to make sure to give the appropriate treatment to a patient at the point in time of care. So even if we focus on these two specific challenges, for that average Joe radiologist or chief of radiology or CMO—the average radiologist knows he’s being judged on his throughput and productivity. But what that’s evolving into is being measured on value.”
As Dr. Shrestha went on to say, “The problem is that in today’s siloed systems, it’s very difficult to measure real value. So you have metrics that say, I read 40 studies and yesterday, I read 50. Does that make me less valuable? If the outcomes were better today, and I was able to close the loop better with the ordering physician, or able to communicate test results more efficiently, that’s value. And without data liquidity, if the transformation of healthcare is in the balance, we need to have the right metrics in place. So what’s my value score at a particular point in time? Where are my peers, and what’s my target? I need a dashboard and I need it to be ingrained into the fabric of my workflow.”
And that’s where CIOs, CMIOs, CTOs, directors of imaging informatics, and other healthcare IT leaders need to step in, both to support radiologists in their work, and to partner collaboratively across all medical specialties, to help shift patient care organizations towards new, value-driven missions and visions. Will such efforts towards shifting the fundamental mentality of healthcare organizations and the healthcare system be difficult? Of course they will.
But radiologists won’t be alone in this. Instead, everyone will be in this together, as the healthcare system begins to move forward in this conceptual shift—one with a very strong practical component—away from a purely volume-based incentive system to one based on a combination of volume, efficiency, and true value. And inevitably, what radiologists do and how they work, will be impacted very strongly by that shift, going forward.
ICD-10: Delay Surprises
Reader/CHIME survey reveals 12 ICD-10 delay surprises
SearchHealthIT survey results show varied responses, and measures the financial impact of delaying ICD-10 until 2015.
As varied as one can imagine the providers in the U.S. healthcare system, so is the impact of Congress's forcing CMS to levy an ICD-10 delay. While some welcome the extra time, others find Congress's gambit onerous in cost and inconvenience, according to survey results conducted over six weeks in July and August.
The SearchHealthIT reader survey, in cooperation with the College of Healthcare Information Management Executives (CHIME) drew 326 responses, 269 of them were IT workers at healthcare providers as well as 57 more from payers and accountable care organizations.
Some of the surprises may catch even seasoned ICD-10 experts and observers off-guard, as they reveal a healthcare system quite divided over the implementation of the diagnostic coding language:
1. More than 59% of respondents indicated they have not begun testing.
2. Of that 59%, more than three quarters have not yet completed software upgrades on their networks to support ICD-10.
3. The good news: 11% of respondents indicate they're ready for ICD-10.
4. The ICD-10 delay will incur additional consultant retainer costs for 41% of respondents, which will take away resources from other health ITimplementation initiatives because there was no budget for such cost runovers.
5. How much will that cost? While 10% of respondents indicated less than $10,000, 45% said more. Gauging the final tally won't happen until much later, as another 45% couldn't yet estimate what the delay will add up to in dollars.
6. Respondents are divided on whether the ICD-10 helps or hurts. Some 37% said it would help, 23% said it will worsen preparedness efforts and a full 40% said it will neither help nor hurt.
Respondents that feel positively about the ICD-10 delay will use their time making these improvements (they could select more than one).
7. Similarly, 55% said the ICD-10 delay won't allow for IT staff to implement more IT systems for better documentation, coding, etc. But 45% will.
8. For the 45% that indicated it will help them implement ICD-10 more thoroughly, half said clinical documentation systems would be improved, and half said they would be able to conduct more sophisticated ICD-10 testing.
9. Happy about the delay? Then you're with the majority of respondents -- but it's not a landslide by any means (56%-44%).
10. Two-thirds indicated the ICD-10 delay will not negatively affectmeaningful use stage 2 attestation.
11. However, 31% said they will consider skipping a year of stage 2 incentivesto make ICD-10 work, because there aren't enough resources to accomplish both.
12. Respondents were split 52%-48% as to whether or not they believe ICD-10 will be further delayed beyond 2015. The "yes it will be delayed again" camp squeaked out a slim majority.
Hackensack CIO tells personal tale of health data interoperability woe
Editor's note: This podcast and a companion interview with Michael Archuleta, director of IT and PACS administrator for Mt. San Rafael Hospital in Trinidad, Colorado, respond to the results of the 2014 Health IT Purchasing Intentions Survey from SearchHealthIT.com and the College of Healthcare Information Management Executives (CHIME). Download your copy here.
Shafiq Rab is an M.D., as well as the VP and CIO of Hackensack University Medical Center in New Jersey. More importantly, he's a husband and father.
In the days leading up to this podcast interview, one of Rab's family members had a healthcare episode that started out looking like an emergency situation but that turned out to be nothing more than a close call.
While all's well that ends well, Rab found out firsthand about the very real health data interoperability woes in the U.S. healthcare system, as he struggled to get an EKG from one provider to another. He finally took matters into his own hands by shooting a picture of the EKG with his smartphone and texting the picture back to a Hackensack cardiologist himself. It led Rab to declare at the HealthImpact East conference that you should keep copies of your medical records on your smartphone for now, "if you want to live."
This story and some of Rab's other opinions -- informed by his recent personal foray into the nuts and bolts of health data interoperability -- feature heavily in this podcast. We discuss the many health IT requirements for meaningful use stage 2, ICD-10 implementation, the ramifications of the ICD-10 delay, and 2014 and 2015 ONC certification standards. More importantly, we also cover how a CIO can budget for all the tech transitions currently piling up for U.S. healthcare providers.
App and Desktop Virtualization
The Rising Value and Falling Cost of App and Desktop Virtualization
When vendors compete, desktop virtualization customers win. Moore’s Law and market forces lead to better solutions at a lower cost.
The rapid increases in computing power described by Moore’s Law offer theoretical advantages for IT organizations—but it’s market competition that translates those benefits into real value. As vendors battle for market share, costs are falling for every part of the desktop virtualization architecture. Meanwhile, desktop virtualization technology itself is advancing quickly, providing new ways to enable business mobility and enabling the flexibility that people and organizations need to thrive. This trend is a double win for customers—better solutions at a lower cost—and it’s making the benefits of a service-based approach to IT available to any organization.
No longer just for early adopters and innovators, desktop virtualization has become a mainstream IT strategy for companies of all sizes. As business mobility and cloud computing transform IT, desktop virtualization enables the transition to IT. Able to meet the needs of users more effectively and securely wherever, however and on whatever device they work from, IT can better support the business while fulfilling its mission of innovation.
Please read the attached whitepaper
Routers & Switches
The Network Administrator's Guide to Routers & Switches
Today's networks are facing trends like mobility, virtualization and cloud computing making today's network administrators rethink their router and switch designs. IT pros must not only choose the right products but understand current design trends, best practices and the top protocols to help make their networks efficient and resilient - for the long haul.
Please read the attached whitepaper
Future of Virtual Healthcare
The Future of Virtual Healthcare
5 Questions for Dr. Douglas Wood, Mayo Clinic
Publicado por mnblatt en Intel Health & Life Sciences
The Mayo Clinic’s Center for Innovation will be holding its 2014 Transform Symposium Sept. 7-9. The event offers both in-person and online opportunities to participate. I will be part of an online panel discussion on Monday, September 8, from Noon to 1 p.m. CT, addressing virtual care with several experts from the Mayo Clinic, including Dr. Douglas Wood. A practicing cardiologist, Dr. Wood spends half his time seeing patients with complex cardiologic problems and the other half as the Medical Director for the Center for Innovation. I caught up with Dr. Wood recently to talk more about virtual care and where we’re headed in the future.
Intel: What is the future of virtual healthcare?
Wood: To Mayo Clinic, the future of virtual health is really the future of healthcare. Healthcare today is more illness care than anything else. Most often we wait for people to have symptoms or illnesses and then we have them come and see us in a clinic or an emergency room or a hospital. The technologies that are available now to enable virtual health can become tools for us to help people make good decisions about their health. Delivering care virtually, and in a different way from today, is really a fundamental aspect of healthcare of the future.
Intel: How do we make the transition to virtual care?
Wood: The transition from traditional models of care to virtual health is challenging for some physicians, and for some patients. After all, many physicians have been trained in a method of delivering care one person at a time during a 15-minute visit. We can be free of all of the problems related to that system by using new methods of care. Physicians should devote their time to patients who really need their expertise. For others, we could deliver care with a virtual visit or an email interaction. This gives us a chance to let physicians use their skills in the most productive way possible, and at the same time, allows patients to get their needs met in the most efficient way possible so that we don’t always make them come into the facility.
Intel: What needs to be done to make virtual care a reality?
Wood: Studies we’ve conducted showed us that physicians were really necessary for only about 6 percent of clinic interactions. A large number of the other interactions could have been provided by advanced practice nurses, physical therapists, pharmacists, dieticians, or even non-licensed people. A certain number of visits didn’t even need to occur in the context of going to a clinic. We could’ve delivered information to them at home, at school, or in the grocery store where they’re shopping. Our current system of care does not permit this to happen because we are constrained by our existing payment systems. Why should we stick to a system that creates so much generalized unhappiness when we have an opportunity to do something that would be much more satisfying, and more productive, for everybody—physicians, nurses, and patients?
Intel: How is technology advancing the possibility of virtual care?
Wood: Technology is a part of everything we do in the Center for Innovation. We are thinking about how we can improve an interaction that we have with a person coming for our care, and using different technologies to learn much more about them when they arrive. Right now we acquire information by listening and then parroting that data to a dictated format that’s not searchable and not useful. We need to use natural language processing or other kinds of technologies to make the information easier to acquire and analyze. Then we are helping physicians come to better decisions about what additional diagnostic studies or even treatments might be appropriate.
Intel: Who will lead this effort toward virtual health? Will it be collaborative?
Wood: It’s important to recognize that innovation is really collaboration, so partners are absolutely essential to success. We believe that innovation begins with fundamentally understanding the needs of people and then looking at ways that we can meet those needs. We don’t need to invent solutions that are already around. There are many technologies that we could adopt rapidly with little modification. There are other technologies that we would need to adapt. The point is we don’t need to spend our time in the Center for Innovation at Mayo Clinic doing any of that work. We instead should be looking for partners who can help us move faster with our implementation. So partners like Intel are absolutely critical to our success. On the other hand, we are concerned about blindly applying technologic solutions without really understanding what people need.
Unnecessary Medical Imaging
Up to $12B in Unnecessary Medical Imaging Is Wasted Annually
The United States wastes nearly $12 billion dollars on unnecessary medical imaging each year, according to a recent study by peer60 that explores new survey of 196 hospital leaders. Since 2012, the United States has spent at least $2.8 trillion on health care yearly. But according to all the research reports and statistical data out there, the extra funds are not doing us any favors; most other developed countries have significantly lower costs.
Smart Data pioneer peer60 reached 196 healthcare leaders about medical imaging in less than two weeks and found a number of reasons for the squandered resources. Ninety-two percent of provider respondents said that defensive medicine is a key contributor to the problem, while 65 percent said that patient demand is also a factor. Other causes include physicians’ lack of familiarity with appropriate diagnostic tests.
Based upon this research:
The full report can be downloaded at http://research.peer60.com/unnecessary-imaging/.
There is much more great information in the study, so please don’t hesitate to fill out the form below to download the full report. Alternatively, if you’re not a fan of online forms, just send a message to email@example.com and we’ll email the full report right back to you.
5 Best Practices to Make Healthcare Innovation Partnerships Work
5 Best Practices to Make Healthcare Innovation Partnerships Work
Healthcare innovation partnerships can make a huge difference in the way common ailments are regarded by the medical care community. By promoting efficient distribution of data and enhancing the ability to combine resources to gain a deeper perspective into these issues, such partnerships can play a major role to in furthering medical advancements. The collaboration of Merck Medical Information and Innovation M2i2 and online research community PatientsLikeMe is a case in point.
Sachin Jain, M.D., M.B.A
The initial agenda of the partnership was to test how information on real world health outcomes assimilated by an online evidence network could impact drug development, with the original test community being psoriasis patients. However, it was found that the partnership did not really live up to expectations as data on outcomes was very limited. This is a risk that is inherent in such partnerships. Under the leadership of Chief Medical Information and Innovation Officer Sachin Jain, M.D., M.B.A., M2i2 turned the partnership around by shifting focus to another key area of interest, sleep deprivation. The initial disappointment and subsequent success gave Dr. Jain a unique insight into the following 5 best practices on leveraging collaborations/partnerships in healthcare.
1) Sharing risk and responsibility with the partner judiciously
Risk and responsibility are both extensively involved in such partnerships and it is necessary to choose a partner organization that is trustworthy enough to be given due flexibility to work independently within its own space. The most important requirement is that your partner shares your commitment to arrive at valuable conclusion/inferences. At the same time, you have to demonstrate your reliability and adaptability to encourage your partner to reciprocate the same.
2) Transparency is priority
Stealth innovation may be the preferred path for many, but at Merck, the partnership exercise clearly indicated that complete transparency was necessary for seamless continuation of research. Despite having to contend with red tape, transparency brings all of the key players on board in both the organizations involved in the partnership. This makes data accessing easy, allows for improved collaborative efforts, and enables the pooling of a wider set of skills to make data collection and analysis easier and more accurate. Transparency necessitates the establishment of strong guidelines that help immensely when significant changes need to be made in the partnership agenda.
3) Measure progress against the objectives
Measuring the progress of the partnership against the original objectives allows you to view the success of the partnership objectively. In the case of the M2i2-PatientsLikeMe partnership, the initial lack of success prompted Dr. Jain to quickly switch over to another viable agenda instead of simply letting the partnership run its course and end up with data that was worth little to the company. Reviewing the success of the partnership and being ready to switch tracks or pull out is essential in the partnership game.
4) A skilled team at the center makes a difference
To ensure that the partnership flourishes, joint effort from both organizations is necessary. This can happen only when skilled individuals are involved in the task at both ends. Collaboration needs to be carried out effectively, such as with said partnership where a Merck team member was working with the PatientsLikeMe weekly. This helped Merck derive quality results in minimum time despite the much smaller size and completely different business structure of PatientsLikeMe.
5) Remain committed when your focus changes
With the M2i2- PatientsLikeMe partnership, both organizations quickly refocused and committed resources and support to the new agenda. A decline in enthusiasm may be inevitable when the focal point of such research and study suddenly changes, but it is up to the team leaders at both the partner organizations to keep the team motivated for the new scope and objective of the partnership.
The final word is that with such partnerships, it is necessary for each and every member involved in the task to take personal responsibility for the success of the project. Publicizing the partnerships and its perceived benefits at company-wide gatherings gives the team members involved the enthusiasm and passion necessary to derive maximum benefits.
Another very important factor behind the success of healthcare innovation partnerships is that the collaboration needs to remain agile and effective. Only then can the best resources of both partners be utilized optimally to make the partnership truly beneficial for themselves, the health care community, and the patients who are the ultimate beneficiaries of any innovation in this field.
Prevención de pérdida de datos móviles
Principales técnicas para prevención de pérdida de datos móviles
por Michael Finneran
Proteger los datos en los dispositivos móviles es el primer paso para la seguridad en un entorno de empresa consumerizado. Pero incluso con el cifrado adecuado y la protección de contraseñas en su lugar, TI tiene que enfrentar el hecho de que a veces los dispositivos se pierden o los empleados sin saberlo descargan algo malicioso.
Entonces, ¿qué hace usted en ese caso? Como parte de sus actividades de gestión de información móvil, debe aprender a proteger los dispositivos de las amenazas externas.
Protección contra dispositivos perdidos o robados
Si un teléfono que almacena información corporativa se pierde o es robado, eso crea una exposición seria. Los datos deben estar cifrados y la contraseña activada, pero los administradores por lo general quieren detener la amenaza borrando los datos corporativos del teléfono. Esto se puede lograr de maneras diferentes.
En primer lugar, herramientas como Exchange ActiveSync de Microsoft y Notes Traveler de IBM proporciona una capacidad de limpieza remota. Es, sin embargo, un enfoque de "instrumento contundente". Cuando se envía el comando de limpieza, todo el contenido del teléfono es borrado, incluyendo fotos personales, música, aplicaciones, tonos de llamada y otros artículos.
Teniendo en cuenta que este dispositivo se encuentra ahora en manos desconocidas, el usuario podría querer los contenidos del teléfono borrados. Con suerte, el usuario habrá seguido la guía de TI y realizado una copia de seguridad del contenido de manera regular.
Otro escenario que los planes de seguridad móvil deben abordar es cuando un empleado deja la organización. En ese caso, un sistema de gestión de dispositivos móviles (MDM) tiene la ventaja de ser capaz de borrar solo el contenido corporativo, dejando la información personal del usuario intacta. También puede ofrecer una capacidad de limpieza total si el usuario lo solicita.
Es importante señalar que la limpieza a distancia no es 100% eficaz. Si el teléfono está apagado, en modo de avión o simplemente en una zona donde no se puede conectar a una red, no será capaz de recibir el comando de limpieza.
Además, si el cliente MDM se desinstala, o si la cuenta de Exchange o Notes Traveler se desactiva, el dispositivo no responderá a un comando de limpieza. En la mayoría de casos, sin embargo, desinstalar el cliente MDM o cancelar la cuenta de correo electrónico hará que cualquier dato asociado con el dispositivo sea borrado.
Prevención de pérdida de datos
Perder un dispositivo móvil es una forma de perder el control de la información corporativa, pero no es la única preocupación en la gestión de información móvil (MIM). Se sabe que los usuarios transmiten correo electrónico de negocios a sus cuentas personales o suben archivos corporativos a servicios de almacenamiento en la nube para consumidores como Dropbox. Si todo lo demás falla, un empleado puede simplemente utilizar las funciones de copiar y pegar para mover la información desde el correo electrónico corporativo o archivos adjuntos hacia cualquier lugar que deseen.
Afortunadamente, los proveedores de MDM son conscientes de esta amenaza y han desarrollado métodos para proteger a la empresa en contra de ella. La herramienta básica es un "contenedor seguro" o "sandbox", que es esencialmente una región definida por software, protegida por contraseña, en el dispositivo, que almacena la información corporativa de manera independiente a los archivos personales del usuario. Si el dispositivo se pierde o es robado, o si el usuario sale de la empresa, el contenedor seguro puede ser borrado de forma remota.
La otra característica clave del contenedor seguro es que cualquier dato de la empresa que se envía a él es etiquetada y no puede ser enviada fuera del recipiente. Correo electrónico o archivos adjuntos no se pueden reenviar, ni sus contenidos se pueden copiar y pegar.
La región segura también puede almacenar otras aplicaciones, y su contenido tampoco puede ser reenviado. Un producto MDM puede incorporar una capacidad de almacenamiento seguro en la nube para eliminar la necesidad de servicios abiertos como Dropbox.
“Doble personalidad” es el término pegadizo que han acuñado los proveedores de MDMpara describir este enfoque. BlackBerry Ltd. tenía una de las primeras capacidades de este tipo con su BlackBerry Balance, y otros fabricantes ahora la ofrecen para prácticamente todos los sistemas operativos móviles.
Samsung recientemente presentó su propia tecnología de contenedor seguro como parte de Knox para la plataforma Android. Knox trabaja con una serie de soluciones de MDM y también proporciona una función de arranque seguro.
Seguridad de las aplicaciones
La ironía es que todas estas medidas de seguridad pueden venirse abajo si un dispositivo se infecta con malware. Las aplicaciones móviles están disponibles desde diverso número de fuentes, y los proveedores toman muy diferentes enfoques de cómo –o si– ponen a prueba las aplicaciones en busca de malware antes de distribuirlos.
La exposición se agrava si el dispositivo tiene "jailbreak" (un término iOS) o “rooting” (el término Android), un proceso en el cual los mecanismos básicos de seguridad integrados en el dispositivo son desactivados, lo que permite instalar aplicaciones desde cualquier fuente. El software para jailbreaking o rooting está disponible gratuitamente en internet.
Prácticamente todos los productos MDM proporcionan detección de jailbreaking/rooting, y un dispositivo se puede bloquear para evitar el acceso al correo electrónico corporativo y a otros sistemas hasta que vuelva a cumplir con los requisitos de seguridad. Dada la naturaleza de su diseño, no ha habido casos reportados de jailbreaking o rooting en dispositivos BlackBerry o Windows Phone, por lo que este es un problema limitado a iOS de Apple y Android de Google.
En cuanto a las propias aplicaciones, siempre y cuando un usuario esté descargando aplicaciones desde la tienda iTunes de Apple, están bastante bien protegidos. Apple hace numerosas pruebas sobre aplicaciones para detectar el malware antes de su distribución. Por supuesto, si un dispositivo es jailbroken, el usuario puede descargar las aplicaciones de iOS desde cualquier lugar, y todas las apuestas se apagan.
Hasta este punto, Android ha sido el objetivo de la mayoría del malware móvil. En suReporte de Tendencias de Consumidor Móvil de febrero de 2014, la firma de seguridad McAfee informó que el malware para Android se ha casi triplicado de 2012 y 2013, registrando casi cuatro millones de muestras.
La mayoría de los casos parecen estar dirigidos hacia el robo simple, causando principalmente que el dispositivo envíe textos premium a través del servicio de mensajes cortos (SMS). Tenga en cuenta que hay versiones que pueden permitir a un hacker vigilar las comunicaciones o arrebatar prácticamente cualquier archivo de datos fuera de un teléfono.
Para protegerse contra este tipo de ataque, la detección de jailbreaking/rooting es el primer paso. Si no hay un sistema MDM instalado, la política de movilidad de la organización debería prohibir explícitamente el jailbreaking/rooting.
Los sistemas MDM también pueden permiten a los administradores poner aplicaciones en la lista negra, y hay productos antivirus para Android disponibles de compañías como Avast, Bitdefender y Kaspersky Labs. Según la firma independiente de seguridad de TI AV-Test, muchos de los mejores productos tienen hasta un 95% de efectividad.
Para un control aún más estricto de las aplicaciones móviles, algunas empresas están dando el paso de poner en práctica sus propias tiendas de aplicaciones internas. La mayoría de proveedores de MDM, así como especialistas como Apperian o App47, proporcionan estas capacidades. Además de controlar la distribución y actualización de aplicaciones, estas tiendas de aplicaciones internas también pueden gestionar cualquier software corporativo con licencia.
Sobre el autor: Michael Finneran es director de dBrn Associates, una firma de asesoría especializada en la seguridad móvil inalámbrica y comunicaciones unificadas. Además de proporcionar la asistencia de consultoría a operadores, fabricantes de equipos y organizaciones de usuarios finales, Finneran es un orador frecuente en conferencias de la industria, incluyendo InterOp, Enterprise Connect y la Cumbre de la UC. Ha publicado más de 300 artículos, así como numerosos whitepapers e informes de mercado. Finneran es miembro de la Sociedad de Consultores Internacionales de Tecnología de las Comunicaciones, y tiene una maestría de la Escuela de Administración de Graduados Kellogg en la Universidad de Northwestern.