1. Barb Duffey-Rosenstein, Director, Nursing Informatics Oana Virvoreanu, Director, Operations Services e-Health 2013 Tuesday May 28 th

2. Faculty/Presenter Disclosure Speaker: Barb Duffey-Rosenstein Relationships with commercial interests: -Grants/Research Support: None -Speakers Bureau/Honoraria: None –Consulting Fees: None –Other: None CFPC CoI Templates: Slide 1

3. MSH BYOD Steering Committee Barb Duffey-Rosenstein, Director, Nursing Informatics Oana Virvoreanu, Director, Operations Services George Georgiadis, Chief Information Officer Amanda Brennan, Corporate Privacy Officer & Freedom of Information Coordinator Andrew Nicholson, IT Manager Mirek Otremba, IT Physician Lead Justin Fiege, HP Services – Technical/Focal

4. Mount Sinai Hospital  Located in Toronto, Ontario  Academic, tertiary care centre affiliated with the University of Toronto  472-Bed Facility  Specialty areas:  Women’s and Infants Health  Surgical Subspecialties  Oncology and Internal Medicine  Samuel Lunenfeld Research Institute

5. BYOD Backgrounder  Leveraging personally-owned mobile devices (laptops, tablets, and smart phones) in the workplace to access privileged corporate information and applications  Timely, growing trend  Drivers:  End User Requests and Consumerization of IT  Potential Cost Savings  Virtualization and Cloud Technology

6. MSH BYOD Context  Increase in requests for access to MSH resources from a greater selection of mobile devices  BYOD pilot implementation (90-day with a cohort of 20 self- selected clinicians)  July to October 2012 using iOS devices (iPhone and iPad 3G) Goal: 1.Implement a robust BYOD solution that will enable extended connectivity to user-owned compute and communication devices and evaluate compliance with the BYOD policy framework 2.Evaluation of the BYOD deployment model 3.Determine the feasibility of a broader organization-wide implementation The new “Bring Your Own Device (BYOD) – Smart Phones” service was approved and launched in December 2012.

7. BYOD = Partnership Between IT and Employees “ I can do anything I want with my personal data and applications on my iPhone or iPad”. “ We reserve the right to stop access to corporate applications or information if your device is out of compliance” Please sign this end-user agreement!

8. Decisions, Decisions, Decisions  Which devices meet security standards?  Which applications will we allow?  Which users will be offered the service?  What mobile device managements solution/ do have the infrastructure?  What will the support model look like?  Will the service be offered free of charge?  Who approves the decision to adopt BYOD?

9. MSH BYOD Service Overview  Eligible Users: MSH-affiliated Physicians, Executives  Eligible Devices: iPhones and iPads 3G (iOS 5+)(TRA/PIA)  Available Functionality: Email/ Calendar/ Contacts only  Self-serve device activation and registration  Air Watch™ MDM solution

10. BYOD Enabling Strategy: Combine Technology and Policy Technology  Select devices and minimum operating system requirements  Mobile Device Management (MDM) solution and best-practices  Self serve on-boarding and device registration  Password enforcement  Detection of troublesome activities or applications  Ability to wipe and lock rogue devices  Blocking certain features  Off-boarding and termination Policy  Acknowledgement of the associated MSH BYOD Policy  Acceptance of the End User Agreement  Complete BYOD training

11. MSH End User Agreement (EUA)  Established data security and privacy policies will govern BYOD  Service Plans and device upgrades or replacements are the responsibility of the users  MSH has the right to inspect the contents of any personal device used for work purposes and can audit them for compliance  MSH help desk will support issues related to accessing corporate resources only  Users agrees to MSH wiping the device under special circumstances (hacked, jail broke, lost)  Devices will have restrictions for using select features & apps (i.e. iCloud, Siri)  Users will need to set up an 8-character password for the device.  In the event that a BYOD device is lost or stolen, users will notify their manager/supervisor and the Corporate Privacy Officer immediately.  BYOD users who fail to comply with this policy may be subject to disciplinary actions/immediate loss or restriction of privileges  User may have to surrender device to employer under special circumstances (i.e. for a legal hold)

12. Outcomes, Challenges and Next Steps Overall, pilot participants were very satisfied with BYOD initiative Indicated BYOD improved responsiveness and productivity Support model and self-serve framework Cost savings not a driver and were not realized; considering stipends for management staff (taxable benefit) MSH devices not scaled back; majority of participants non- employees Limitations: restricted functionality and password length Constant change a reality of BYOD; new devices, new updates = risk, update Air Watch, NAC Next Steps: expand employees, device selection, MSH resources (i.e. Citrix, wireless, VoIP)

13. Questions ?