CognisantMD recommends the following to ensure secure use of your Ocean-enabled tablets. Implementation of each recommendation may be dependent on the tablet or other hardware manufacturer.
- Configure your tablets to use your guest Wi-Fi network. The Ocean software only needs access to the internet. It does not need access to any internal clinic computers, so we strongly recommend configuring your clinic Wi-Fi router to have a guest network that separates the tablets from your internal clinic systems. Configuration of this network is dependent on your Wi-Fi router model.
- Ensure any Google (or other) accounts are removed from each tablet before patient use. These accounts are not necessary for configuration or operation of the Ocean software and may allow installation of apps from the Google Play Store, or access to other services. They may be temporarily necessary for installing other security apps while configuring the tablet (e.g. for remote wipe), but should be removed immediately afterward. To do this, go into tablet settings, locate the "Accounts" section and remove each account found there.
- Avoid keyboards from tablet manufacturers. Some of these keyboards include "predictive text" features that can show text suggestions that may have been learned from previous patient responses. While we don't believe this can expose PHI since the suggestions are not linked to a particular patient, it could cause alarm and is unnecessary. CognisantMD recommends using the stock Google keyboard ("Gboard"), which can be downloaded from the Google Play Store, or disabling any predictive text features. Samsung tablets are known to ship with the Samsung keyboard that has this feature enabled by default - see this article to learn how to disable predictive text on Samsung keyboards.
- Install "remote wipe" software on each tablet. Remote wipe software packages allow you to track tablets through a web application and remotely reset them to factory state if they connect to the internet, thus removing access to any Ocean services. If a tablet goes missing, it can be deregistered easily using the Ocean portal to avoid access to any patient data and unnecessary charges.
- Enable Ocean's birth date validation. In the Tablets tab of the Ocean portal, enter into the tablet settings and ensure that, on the introduction screen, "Always Show Introduction Screen" and "Use Birthday Validation" are both enabled. This will require a patient to provide their birthday (month and day) before proceeding.
OPTIONAL: RESTRICTING DOWNLOADS
If you are concerned about patients installing additional apps to your tablets, you can optionally use a restricted account for the Ocean software. Restricted accounts are available as a feature on some tablet models and can be configured to prevent installation of apps, changes to tablet settings, etc. without a password. There are some downsides to this, however:
- The Ocean tablet software will no longer be able to auto-update itself. Each tablet will have to be manually updated periodically using the tablet administrator account.
- There will be additional configuration steps for each tablet and the administrator password will need to be remembered. If the administrator password is forgotten, it will be necessary to do a factory reset and reconfiguration of the tablet.