VA to Allow Use of iPhones, iPads

Primary Uses: E-mail, Patient Data Viewing
VA to Allow Use of iPhones, iPads
Bowing to demand from staff, the Department of Veterans Affairs plans to allow the use of Apple's iPads and iPhones for certain purposes beginning Oct. 1.

In the long run, the VA anticipates accommodating a longer list of mobile devices, says Roger Baker, the VA's assistant secretary for information and technology. Right now, VA staff members are limited to using only BlackBerry smart phones (see The VA's Evolving Mobile Device Strategy). More than 20,000 VA staff members are using the BlackBerry devices.

VA staff will use the Apple devices to access encrypted e-mail as well as securely view certain patient data, using the devices like thin clients to link to a VA clinical information system, Baker explains.

In addition, the VA is considering, on an application-by-application basis, allowing the storage of certain patient information on the iPads and iPhones once it verifies adequate encryption and security controls are in place on the devices "so they can't be cracked and the information stolen," he adds.

The VA likely will acquire most of the iPads and iPhones for its staff, Baker says, but the department has not yet determined whether those acquisitions will be handled with a bulk national order or by each individual facility. The VA also anticipates allowing staff members to use personally owned iPads and iPhones, as well as, eventually, other mobile devices, but those devices would have to meet the same security requirements as the government-owned phones and tablets, he adds.

Reduced Costs?

Allowing the use of more mobile devices "should be a cost-reducing move," Baker says, because the smart phones and tablets are less expensive than the laptops they'll generally replace. Most VA staff members rely on a desktop computer while at a VA facility, while some also have been issued laptops for use at home or while traveling, he says. Baker acknowledges that the VA faces the "interesting long-term question" of whether it will eventually phase out desktop computers in favor of the newer technologies.

The Oct. 1 launch for accommodating the Apple devices is based on the assumption that an ongoing pilot project doesn't reveal any problem areas, Baker says.

Baker acknowledges that the Apple devices are not yet certified for using encryption that complies with the Federal Information Processing Standard 140-2, which is widely required among federal agencies. "We expect the pilot will determine encryption used on the devices is sufficient to be adequate for our purposes," he says. "And I will accept the risk for the organization that the [Apple] encryption is sufficiently strong and that it does not create an undue risk of information breach."

Baker calls information technology "a pragmatic science," and portrays it as impractical to wait for Apple to achieve FIPS 140-2 certification in light of strong VA staff demand to use iPhones and iPads. "I'd like them to use [the Apple devices] the way I've defined so I feel there's a high degree of security," rather than risk having staff members attempt to make use of the devices on their own without taking adequate security steps, he says.

In another pilot, the VA is testing the use of a commercial cloud computing service for information sharing and document storage, Baker revealed in a media teleconference July 25. He declined to identify the vendor involved.

In the pilot, users are accessing the VA network, going through an authentication process, and then gaining access a VA-dedicated area within the commercial cloud service.


About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.