Securing Your Tablets

CognisantMD recommends the following to ensure secure use of your Ocean-enabled tablets. Implementation of each recommendation may be dependent on the tablet or other hardware manufacturer.

Highly Recommended/Required

Configure your tablets to use your guest Wi-Fi network.

The Ocean software only needs access to the internet. It does not need access to any internal clinic computers, so we strongly recommend configuring your clinic Wi-Fi router to have a guest network that separates the tablets from your internal clinic systems. Configuration of this network is dependent on your Wi-Fi router model.

Ensure any Google (or other) accounts are removed from each tablet before patient use.

These accounts are not necessary for configuration or operation of the Ocean software and may allow installation of apps from the Google Play Store, or access to other services. They may be temporarily necessary for installing other security apps while configuring the tablet (e.g. for remote wipe), but should be removed immediately afterward. To do this, go into tablet settings, locate the "Accounts" section and remove each account found there.

Highly Recommended

Avoid keyboards from tablet manufacturers.

Some of these keyboards include "predictive text" features that can show text suggestions that may have been learned from previous patient responses. While we don't believe this can expose PHI since the suggestions are not linked to a particular patient, it could cause alarm and is unnecessary. CognisantMD recommends using the stock Google keyboard ("Gboard"), which can be downloaded from the Google Play Store, or disabling any predictive text features. Samsung tablets are known to ship with the Samsung keyboard that has this feature enabled by default (learn how to disable predictive text on Samsung keyboards).

Install "remote wipe" software on each tablet.

Remote wipe software packages allow you to track tablets through a web application and remotely reset them to factory state if they connect to the internet, thus removing access to any Ocean services. If a tablet goes missing, it can be deregistered easily using the Ocean portal to avoid access to any patient data and unnecessary charges.

Enable Ocean's birth date validation.

In the Tablets tab of the Ocean portal, enter into the tablet settings and ensure that, on the introduction screen, "Always Show Introduction Screen" and "Use Birthday Validation" are both enabled. This will require a patient to provide their birthday (month and day) before proceeding.

Optional

Restricting Downloads.

If you are concerned about patients installing additional apps to your tablets, you can optionally use a restricted account for the Ocean software. Restricted accounts are available as a feature on some tablet models and can be configured to prevent installation of apps, changes to tablet settings, etc. without a password. There are some downsides to this, however:

  • The Ocean tablet software will no longer be able to auto-update itself. Each tablet will have to be manually updated periodically using the tablet administrator account.
  • There will be additional configuration steps for each tablet and the administrator password will need to be remembered. If the administrator password is forgotten, it will be necessary to do a factory reset and reconfiguration of the tablet.

Patient / User Reports for Audit Purposes

Ocean maintains an audit trail automatically for all clients. This audit trail tracks user and patient access for activities, such as:

  • Log in / log out
  • Viewing
  • Uploads / Downloads to tablets / browsers
  • Forms completed
  • Updates
  • Deletes
  • Referring patients from one site to another
  • User management activities
  • Clinical content changes
  • Suspicious activities (e.g. failed log in / access attempts)

Upon request, CognisantMD can produce audit records in JSON format (which supports the "ragged" data captured in our audit log), which can be converted to CSV format if required.


URLs That Need to be Whitelisted for Ocean

If you are have a very secure firewall set-up that only allows access to certain "whitelisted" URLs, you will need to add the following URLs to your whitelist in order to be able to take advantage of all Ocean functionalities.