Securing Your Tablets

CognisantMD recommends the following to ensure secure use of your Ocean-enabled tablets. Implementation of each recommendation may be dependent on the tablet or other hardware manufacturer.

Highly Recommended/Required

Configure your tablets to use your guest Wi-Fi network.

The Ocean software only needs access to the internet. It does not need access to any internal clinic computers, so we strongly recommend configuring your clinic Wi-Fi router to have a guest network that separates the tablets from your internal clinic systems. Configuration of this network is dependent on your Wi-Fi router model.

Ensure any Google (or other) accounts are removed from each tablet before patient use.

These accounts are not necessary for configuration or operation of the Ocean software and may allow installation of apps from the Google Play Store, or access to other services. They may be temporarily necessary for installing other security apps while configuring the tablet (e.g. for remote wipe), but should be removed immediately afterward. To do this, go into tablet settings, locate the "Accounts" section and remove each account found there.

Highly Recommended

Enable Screen Pinning

If you are running Android 5.0 or higher, pinning the Patient Tablet application will inhibit patients from navigating away from Ocean while using the the tablet. Pinning disables the physical buttons on the device, as well as the notification area that can normally be accessed by swiping down from the very top of the screen.

It is recommended that prior to enabling screen pinning you set a PIN or password for your tablet's lock screen. This will ensure if the device is powered off or rebooted, patients will not be able to access other applications prior to staff re-opening the Ocean Tablet application.

To do this, open the Android Settings application and navigate to "Lock Screen and Security" > "Screen Lock Type" and choose either the PIN or Password option.

  • Click the icon located in the bottom left corner of the Ocean Tablet app (this will appear as either the Ocean logo or a single cog icon.)
  • Enter your Ocean username and password to open the Administrative Menu
  • From the menu, select "Enable Screen Pinning"

To disable screen pinning, simply return to the Administrative menu and select "Disable Screen Pinning."

Please note: If your tablet is powered off or rebooted, you will be prompted to re-enable screen pinning when the Ocean Tablet app is next relaunched.

Avoid keyboards from tablet manufacturers.

Some of these keyboards include "predictive text" features that can show text suggestions that may have been learned from previous patient responses. While we don't believe this can expose PHI since the suggestions are not linked to a particular patient, it could cause alarm and is unnecessary. CognisantMD recommends using the stock Google keyboard ("Gboard"), which can be downloaded from the Google Play Store, or disabling any predictive text features. Samsung tablets are known to ship with the Samsung keyboard that has this feature enabled by default (learn how to disable predictive text on Samsung keyboards).

Install "remote wipe" software on each tablet.

Remote wipe software packages allow you to track tablets through a web application and remotely reset them to factory state if they connect to the internet, thus removing access to any Ocean services. If a tablet goes missing, it can be deregistered easily using the Ocean Portal to avoid access to any patient data and unnecessary charges.

Enable Ocean's birth date validation.

In the Tablets tab of the Ocean Portal, enter into the tablet settings and ensure that, on the introduction screen, "Always Show Introduction Screen" and "Use Birthday Validation" are both enabled. This will require a patient to provide their birthday (month and day) before proceeding.

Optional

Restricting Downloads.

If you are concerned about patients installing additional apps to your tablets, you can optionally use a restricted account for the Ocean software. Restricted accounts are available as a feature on some tablet models and can be configured to prevent installation of apps, changes to tablet settings, etc. without a password. There are some downsides to this, however:

  • The Patient Tablet software will no longer be able to auto-update itself. Each tablet will have to be manually updated periodically using the tablet administrator account.
  • There will be additional configuration steps for each tablet and the administrator password will need to be remembered. If the administrator password is forgotten, it will be necessary to do a factory reset and reconfiguration of the tablet.

Patient / User Reports for Audit Purposes

Ocean maintains an audit trail automatically for all clients. This audit trail tracks user and patient access for activities, such as:

  • Log in / log out
  • Viewing
  • Uploads / Downloads to tablets / browsers
  • Forms completed
  • Updates
  • Deletes
  • Referring patients from one site to another
  • User management activities
  • Clinical content changes
  • Suspicious activities (e.g. failed log in / access attempts)

Upon request, CognisantMD can produce audit records in JSON format (which supports the "ragged" data captured in our audit log), which can be converted to CSV format if required.


URLs That Need to be Whitelisted for Ocean

If you are have a very secure firewall set-up that only allows access to certain "whitelisted" URLs, you will need to add the following URLs to your whitelist in order to be able to take advantage of all Ocean functionalities.