Implementation, Maintenance, and Best Practices – Introduction

Created: Implementation Guide

Purpose

Imprivata Mobile Access Management (formerly Imprivata GroundControl) Check Out is Imprivata’s tool for shared device accountability, management, and login acceleration. Based on years of experience, this topic is intended to help our customers successfully roll out and maintain Mobile Access Management (MAM) for daily use at hundreds of locations. Imprivata does this by setting expectations, identifying needed resources — both hardware and human — and documenting the best practices we have observed.

As you implement MAM, you may improve upon what is included in this guide. Imprivata encourage you to send us ideas and feedback to make this guide more useful for others in the healthcare community.

Before You Begin — Strategy


The key to a successful MAM implementation is preparation. This section will help you understand the questions and decisions you need to make before rolling out the solution.

Identify Decision Makers and Stakeholders

As with any clinical or IT project, it is important to clarify who is going to be responsible for each aspect of supporting MAM. In particular, you need to clarify who will have the following roles. In your organization a single person or group may serve multiple roles.

  • Imprivata Mobile Access Management Administrators – Configure and support of the overall MAM solution including the MAM console, Launchpad software, and Locker app on the mobile devices. Administrators will also support the device management piece of MAM operationally, utilizing the MAM dashboard to ensure mobile devices have a healthy MAM heartbeat.
  • Mobile Device Management (MDM) Administrators – Manage mobile device systems that allow remote management of the devices and software settings, including monitoring compliance and enforcing policies. They own keeping the operating system, apps, and settings up to date.
  • Launchpad Workstation Support – Maintain the Launchpad workstations including ensuring the operating systems, firmware, and settings stay up to date.
  • Smart Hub Support – Maintain the physical and technical components of the Smart Hubs, including firmware updates, and ancillary hardware (USB cables) and supporting breaks and returns.
  • Mobile Device Owners – Ensure there are enough mobile devices in each location. They will utilize the MAM console to identify overdue devices, devices placed in the wrong station, or missing devices and are responsible for following up on these devices.
  • Imprivata Enterprise Access Management (Imprivata OneSign) Administrators – Ensure end users are in the right policy, providing information for the integration, and supporting the app profiles that enable Autofill.
  • Security Stakeholders – Responsible for decisions related to the security posture of the devices and apps on the devices.
  • End User Stakeholders – Responsible for understanding, validating, and supporting the end user workflows as well as the locations of the charging stations. If this is a clinical environment, they ensure clinical representation such as nursing and clinical informatics is included.
  • Network Administrators – Ensure that Ethernet ports are open, the Wi-Fi connectivity is stable, and all firewalls are opened as necessary.
  • Training – Responsible for training end users on how to utilize the MAM system to share mobile devices during implementation as well as incorporating it into new employee training.
Identify Shared Mobile Device Users

MAM integrates with Imprivata Enterprise Access Management (OneSign) to allow seamless checkout of devices and autofill of apps. It is important to identify your users ahead of beginning your implementation to ensure they have what they need:

  • Identify all named users that will need to share a mobile device.
  • Ensure all named users are licensed for Enterprise Access Management (EAM).
  • Validate departments are utilizing EAM tap solution today.
  • Create an enrollment and training strategy for users or departments that are not currently utilizing EAM.
Communicate with Users

Communicate with users that MAM will be rolled out to support shared mobile devices and provide an overview of what they can expect. Continue to communicate with users during each phase.

Define Your Mobile Strategy

MAM is one component of your overall shared mobile device strategy. Below are mobile device strategy considerations that can impact the success of MAM and should be reviewed before adding MAM.

  • Mobile device apps
    • What apps are required for end users to perform their job?
    • Vet only the required apps to ensure a simple solution for end users and supportability.
      The minimum number of apps required should be deployed to ensure a simple solution for end users, increase supportability, and reduce attack surfaces.
    • Identify whether an app requires automated logout capabilities. For more information, see the Imprivata App support page.
  • Security
    • MAM enables devices to be shared with individual passcodes.
    • Establish passcode requirements that align with your security posture. The Health Insurance Portability and Accountability Act (HIPAA) requires encryption for any device that stores or processes any of the 18 categories of personal health information (PHI).
    • Understand app level timeouts and PINs. Review whether these are necessary, now that a device level passcode is enabled.
  • Wi-Fi or Cellular Network
    • Introducing mobile devices requires constant connectivity. Ensure your Wi-Fi or cellular network strategy will support this 24 x 7 need.
Additional Resources

Imprivata has resources to assist customers with the implementation and support of this critical service. Your Imprivata account manager can provide more information on any of the following.

Change History

DateVersionDescription
September 20244.0Add "Utilizing the Dashboard" section
September 20243.0Update "Maintenance" section
Add "Certificates" section to Maintenance
July 20242.0Add new sections for "Before You Begin — Strategy".
Remove the "Audience" section.
Update the "User Experience" section to "Settings"
Add new section for "Deployment"
June 20241.0Initial release of the guide