We recommend taking the following steps to ensure secure use of your Ocean tablets. Implementation of each recommendation may be dependent on the tablet or other hardware manufacturer.
Ensure any Google (or other) accounts are removed from each tablet before patient use
These accounts are not necessary for configuration or operation of the Ocean software and may allow installation of apps from the Google Play Store, or access to other services. They may be temporarily necessary for installing other security apps while configuring the tablet (e.g. for remote wipe), but should be removed immediately afterward. To do this, go into tablet settings, locate the "Accounts" section and remove each account found there.
Enable Screen Pinning
If you are running Android 5.0 or higher, pinning the Patient Tablet application will inhibit patients from navigating away from Ocean while using the the tablet. Pinning disables the physical buttons on the device, as well as the notification area that can normally be accessed by swiping down from the very top of the screen.
It is recommended that prior to enabling screen pinning, you set a PIN or password for your tablet's lock screen. This will ensure if the device is powered off or rebooted, patients will not be able to access other applications prior to staff re-opening the Ocean Tablet application.
To do this, open the Android Settings application and navigate to "Lock Screen and Security", select "Screen Lock Type" and choose either the PIN or Password option.
To disable screen pinning, simply return to the Administration Menu and select "Disable Screen Pinning."
Please note: If your tablet is powered off or rebooted, you will be prompted to re-enable screen pinning when the Ocean Tablet app is next relaunched.
Configure your tablets to use a guest Wi-Fi network
The Ocean software only needs access to the internet. It does not need access to any internal clinic computers, so we strongly recommend configuring your clinic Wi-Fi router to have a guest network that separates the tablets from your internal clinic systems. Configuration of this network is dependent on your Wi-Fi router model.
Install "remote wipe" software on each tablet
Remote wipe software packages allow you to track tablets through a web application and remotely reset them to factory state if they connect to the internet, thus removing access to any Ocean services. If a tablet goes missing, it can be deregistered easily using the Ocean Portal to avoid access to any patient data and unnecessary charges.
Enable Ocean's birth date validation
In the Tablets tab of the Ocean Portal, enter into the tablet settings and ensure that, on the introduction screen, "Always Show Introduction Screen" and "Use Birthday Validation" are both enabled. This will require a patient to provide their birthday (month and day) before proceeding.
Avoid keyboards from tablet manufacturers
Some of these keyboards include "predictive text" features that can show text suggestions that may have been learned from previous patient responses. While we don't believe this can expose PHI since the suggestions are not linked to a particular patient, it could cause alarm and is unnecessary.
We recommend using the stock Google keyboard ("Gboard"), which can be downloaded from the Google Play Store, or disabling any predictive text features. Samsung tablets are known to ship with the Samsung keyboard that has this feature enabled by default (learn how to disable predictive text on Samsung keyboards).
If you are concerned about patients installing additional apps to your tablets, you can optionally use a restricted account for the Ocean software. Restricted accounts are available as a feature on some tablet models and can be configured to prevent installation of apps, changes to tablet settings, etc. without a password. There are some downsides to this, however:
- The Patient Tablet software will no longer be able to auto-update itself. Each tablet will have to be manually updated periodically using the tablet administrator account.
- There will be additional configuration steps for each tablet and the administrator password will need to be remembered. If the administrator password is forgotten, it will be necessary to do a factory reset and reconfiguration of the tablet.