What about hospital BYOD?

October 7, 2012

WOW!

I was just leafing-through the Ottawa Citizen of Saturday, October 6, 2012, and I came across an article on rising BYOD at the Children’s Hospital of Eastern Ontario (CHEO).[1]

WHAT?

BYOD, literally means “bring your own device”, and refers to the growing practice of employers allowing employees to bring their own mobile devices into the workplace (smart phones, tablets, laptops), in order that they may access proprietary and work-related information on those platforms with which they are already quite comfortable.

WHY?

Some of the advantages of BYOD identified in that article, include: (i) cashflow savings (not having to buy and replace devices for employees on an employer’s own tab, whether with operating funds or debt); (ii) currency (allowing employees to transport and deploy what is likely the most cutting-edge technology); (iii) speed and efficiency (permitting staffers to quickly access “more timely and accurate information” almost anywhere, as hosted on proprietary servers or those of cloud service providers/vendors);[2] and (iv) good environmental stewardship (cutting down on the use of paper, and copying costs, through the increasing use of EHR, or electronic health records).[3]

WHOA!

Doubtless, CHEO is already very-well advised on these and related matters.  However, in the race for similar BYOD gains by others,[4] let us try not to forget the clear potential for pains and strains; on which I have blogged at some length.[5]  There are 4 (“four”) main keys to creating and implementing a BYOD/Cybersecurity Policy to guard against these, and employers hoping to exploit the gains of BYOD are well advised to have legal counsel – preferably counsel who are also familiar with the laws outside Canada, due to the global nature of the internet and Cybercrime – assist them in devising an appropriate framework within which BYOD can thrive, responsibly.  These keys follow, in brief.

Systemic Security:

Stringent efforts must be made to secure access to the information accessible on or through these many mobile devices.  The employer’s I.T. staff also needs (or specialized contractors also need) to remain busy and vigilant in ensuring that no malicious code is present on these devices, or is input into the system by means of these devices.  This, of course, will require copious amounts of training and retraining on counter social engineering techniques, safe browsing outside the workplace, and other device security measures.  Although an added inconvenience for the user, internal rules may mandate that browsers not remember passwords, requiring a re-typing for each access or use.  In addition and at the very least, BYOD mobile devices must, themselves, be protected with passwords and where applicable, programmed to alert the owner as to their location or remotely “self-wipe” and restore themselves to factory defaults, if stolen or misplaced.

Active Management:

Spot checks, and random audits must be used to ensure and maintain compliance with any mobile security policy designed for the “anywhere, any device, anytimeBYOD-enabled workspace; or as more accurately put, the “BYOD-uw” (ubiquitous workplace).

Internal Controls:

Information access controls must also be strictly enforced, so that employees have access to only that information of which they have a business-specific need to know.  BYOD should not be a free license for fishing expeditions, or an invitation to forget medical ethics and use identifiable patient records in social media posts (medical blogs, “would you believe’s”, and juicy tidbits of malice post breakup/rejection); not to mention  the truly inadvertent disclosures or keying slip-ups.  Data may also be protected against cut/paste or dragging, download, and covered by strict write and edit permissions.  This level of openness for use and potential abuse also makes the initial background checks and vulnerable sector screens, that much more important.  Behavioural interviewing techniques and other means of heightened pre-employment due diligence have already become the norm, due to the increasing use (and abuse) of social media, and a generally heightened, global security awareness in both the public and private sectors.

Legal and Regulatory Compliance:

Compliance must always be at the forefront, as there will be a host of regulatory regimes that are business or industry-specific (protecting Intellectual property Rights /IPR in the technology sector), risk-specific (countering leaks and espionage in the government sector), and privacy-centred (PHIPPA[6] in the Ontario healthcare sector).[7]  Privacy insurance is becoming increasingly popular, advisable, and even mandatory in certain cases, and several jurisdictions now have stringent notice and remediation laws in the case of a privacy breach.

WHITHER?

Forward, yes – but with caution, commonsense, and advice from legal and I.T. professionals.

Happy Thanksgiving!

***********************************************************************

Author:

Ekundayo George is a sociologist and a lawyer, with over a decade of legal experience including business law and counseling (business formation, outsourcing, commercial leasing, healthcare and privacy, Cybersecurity); diverse litigation, as well as ADR; and regulatory practice (planning and zoning, environmental controls, landlord and tenant).  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S.A.).  See, for example: http://www.ogalaws.com

An avid writer, blogger, and reader, Mr. George is a published author in Environmental Law and Policy (National Security aspects).

Mr. George is also an experienced strategic and management consultant; sourcing, managing, and delivering on large, high stakes, strategic projects with multiple stakeholders, large budgets, and multidisciplinary teams.  See, for example: http://www.simprime-ca.com

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”), in whole or in part for their content, or their accuracy, or their availability.

This article does not constitute legal advice or create any lawyer-client relationship.


[1] Vito Pilieci.  CHEO prescribes BYOD: Just What the Doctor Ordered.  Ottawa Citizen.  Section F, Business & Technology, at F1, F2 (print version of Saturday, October 6, 2012).  Also available online: > http://www.ottawacitizen.com/business/CHEO+prescribes+BYOD/7353691/story.html<

[2] The use of cloud services should also be strongly considered and managed, as the storage of the personal information of Canadians on servers based within the United States, or its inadvertent passage through those servers, may lead to warrantless disclosures of said information to the arms and entities of a foreign nation without the consent or knowledge of the information subject, and in certain cases, the knowledge of a legally responsible information custodian.  See e.g. Ekundayo George.  To Cloud or Not to Cloud: What are Some of the Current, Most Pertinent Pros and Cons?  Published on http://www.Ogalaws.wordpress.com, on December 28, 2011.

Online: >https://ogalaws.wordpress.com/2011/12/28/to-cloud-or-not-to-cloud-what-are-some-of-the-current-most-pertinent-pros-and-cons/<

[3]Supra note 1.

[4]Id. The article also cites Citrix Systems, a CHEO vendor, as saying “more than 34 per cent of Canadian companies already have policies in place to allow employees to bring in personal devices.  Another 27 per cent of Canadian firms plan to roll out some form of BYOD initiative over the next 12 months”.

[5]See e.g. Ekundayo George.  Cybersecurity (the Nitty-Gritty; and what is Cyberspace?): A Different, Flexible Approach.  Published on http://www.Ogalaws.wordpress.com, December 9, 2011.

Online: >https://ogalaws.wordpress.com/2011/12/09/cybersecurity-the-nitty-gritty-a-different-flexible-approach/<

[6] PHIPPA (Personal Health Information Protection Act, S.O. 2004, CHAPTER 3.  Online: >http://www.e-laws.gov.on.ca/html/statutes/english/elaws_statutes_04p03_e.htm

[7]  Also consider the potential applicability, whether in Ontario alone, of MFIPPA and PIPEDA, or elsewhere in Canada and at the federal level, as well as outside Canada with regard to the latter, PIPEDA.  See MFIPPA (Municipal Freedom of Information and Protection of Privacy Act, R.S.O. 1990, CHAPTER M.56).  Online: > http://www.e-laws.gov.on.ca/html/statutes/english/elaws_statutes_90m56_e.htmSee also PIPEDA (Personal Information and Protection of Electronic Documents Act, S.C. 2000, c.5).  Online: >http://laws-lois.justice.gc.ca/eng/acts/P-8.6/index.html<

Running through all of the complex formulae, one-minute pitches, expensive marketing courses, and intensive sales training rewards or retreats …. the common intent is always the same: just make that sale!

Some schools and entities have focused on the hard pitch, some on the soft sale, others on some form of psych. play in a “trend-trap” or a “pity-pitch”; and now …. there is Social Marketing (for some, Social Engineering), where your smartphone can do most if not all of the seller’s prior research as you blissfully (and with voluntary consent through your own location and privacy settings) walk and surf, search and like, tweet and text, post, and otherwise share your entire shopping and social history to the four (north, south, east and west) by four (friends and vendors, foreign and domestic government entities, third-party data and transaction processors including contracted aggregators and data miners, and cyber-criminals) winds.

The more that things change, however, the more they stay the same, as there is still a timeless essence in sales and branding, that, if paid sufficient attention, can constitute a best practice.  I intentionally exclude “marketing” and “promotion” as separate elements in the selling process, because these can be included or embedded, at various levels, deep within the elements that I do list here.  Some interesting and thoughtful examples of marketing (and de-marketing) embedded within the terms, price, relationship and reputation, amongst others, can be seen in this footnote;[1] although the article itself is some 2 years old, these examples are still quite applicable and relevant.  We have also heard of that phrase “it sells itself”, which is the ideal and every marketer’s dream.

 

What is this Timeless Essence?

If you have been reading some of my posts, you will know that I like using acronyms and mnemonics, i.e. first letters in a string of words that actually spell something meaningful or make … some sort of sense when put end-to-end.  The reason for this is because it forces and inspires a deeper level of thinking, and an active justification for putting things where they are in the chain, in the first place.  So as not to disappoint, I will continue that trend in this post.

With the first element not necessarily being the most important element, this “Timeless Essence” has 9 (“nine”) individual parts as follows: Price; Quality; Relationship and Reputation (the “R” complex); Selection, Seniority, Selectivity, and Security (the “S” complex); and Terms.

 

PRICE:

A listed price can be all-inclusive with taxes factored-in, or with a listed price subject to the fine print, or with a listed price exclusive of taxes, or in some other configuration or combination.

Specific pricing options can range from new arrivals at full price; through loss-leaders (insufficiently priced to make an appreciable profit on their own but rather designed to drive volume sales and encourage browsing sales or move co-branded products and services); to liquidation sales at give-away prices.  With regard to food staples, for example, yes, price alone can draw the customers.  However, if the quality or relationship is poor, or the selection is not sufficiently broad, then reputation will suffer and all but those who are tied to that location or vendor, will soon start to do their shopping elsewhere.

 

QUALITY:

Quality can refer to the item for sale or hire (product or service), the place and décor of the selling or hiring (trade dress, and the experience), or the knowledge or skill of the staff (relationship, and the rapport).  Very knowledgeable sales staff, for example in the realm of either mass-market or high-end electronics, can generate a good reputation, develop a loyal following that turns to them for mundane questions on products that the business does not even sell, and lead to incidental sales, or the offering of new products due to customer demand; and even the creation of new and profitable lines of business – i.e. becoming the one-stop source for repairing the products of different (and competing) vendors, for a fee.

 

THE “R” COMPLEX (2 distinct elements):

Relationship, refers to the “experience” on one level, and the “rapport” between the vendor and buyer, or the vendor and the referral source, on another level.  Where word of mouth marketing brings the lead in the door (or to the website when we de-emphasize the bricks and mortar), it is left to the salesperson or the online marketing department to make or break that sale.  The act of referral does play upon the reputation of the vendor in the eyes of the referring source, and this may or may not hold true for the one being introduced as a follow-on rapport is or is not developed.  Word of mouth advertising can be both positive and negative.

Of course, showing the interplay between these essence elements – a reputation for quality or offering good terms (long warranties, no money-down, extended hours), can also bring large volumes of people through the door (or otherwise, to the e-commerce store).

Reputation sometimes also suffers if and when unscrupulous competitors (or members of a different political party), engage in highly questionable competitive practices.  These will need to be countered, curtailed, and corrected.  At other times, however, the prospect will already have been sold through marketing or a description of the experience or the rapport from others.  A good example of this is the opening of a new movie in theatres.  Those first in line will have been pre-sold, or in the company of others who have been so enticed.  And others, visiting the theatre in the second and subsequent evenings, will go because of the ratings, the descriptions of those who went before them, or continued media hype and coverage.

Relationship and Reputation can come together with successful product or service placement in that opening movie.  The audience can both develop a rapport with the performers through the product or service (by rushing out to do likewise and share or repeat the experience for themselves), and thereby capitalize on the reputation of that product or service by their patronage, which also furthers its reputation …. all for what?  A minimal outlay if the actor or actress is already an avid user or fan of said item, and whether or not compensated for same.

 

THE “S” COMPLEX (4 distinct elements):

These 4 elements (selection, seniority, selectivity, and security) are all related.  Selection refers to the variety of items available.  A wider selection is a significant part of what allows the Big Box Stores to draw people from both near and far, despite the isolated or even desolate locations in which you sometimes find them.  Seniority, of course, distinguishes some older vendors or long-established businesses from the new ones that may eventually be short-lived fads, or soon out of business due to some other reason for their non-sustainability.  It also used to give some assurances – financial shenanigans aside – that a vendor would be around long enough to make good on its warranty promises if any problems arose.  However, in a market where prices have fallen and comparable replacements abound, this becomes less important.

Selectivity is what distinguishes the “hard-to-get” item or service from the more commonly available.  However, “at-first-glance” good knockoffs through piracy, and their obvious advantage in price, are causing significant and rising consternation for several famous brands – especially in a challenging economy where many customers want to feel and look fashionable but do not have the disposable income (or even employment) to go about it properly as the law-abiding citizens that they ought, and were long ago taught, to be.

Security, as in “a sense of personal security”, has always comforted knowing buyers of counterfeit outerwear, because to date, it has generally only been the sellers of knock-offs who faced the penalties and prosecutions.  This changes, of course, and very quickly, when fake jewelry or wrist-wear causes one’s skin to go green, or brings-out a severe allergic reaction.  The ultimate buyers of counterfeit drugs, foods, and beverages however, are generally quite unaware that they are buying fakes, and they sometimes pay with their health or their lives.

Security can also be a strong selling point with businesses prone to problems.  This can be passive security in cameras (as long as they work, are watched, and the tapes are kept for long enough to be relevant), in patrolling armed guards, or in perimeter controls and screening of entrants.  However, if the grocery store or convenience store in the middle of a hot zone or a war zone is the only place to get food and other necessities, then despite the insecurity, people WILL still find a way there.  So, there must always be quite some give and take amongst all 9 factors, and between “S” Complex factors.  Whether you speak of a Big Box Store or a War Zone corner store, “location, location, location”, long ago lost its leading-edge, pride of place.

 

TERMS:

Jurisdictions will differ on what constitutes the “essential terms” of an agreement, and when an agreement has been fully formed.  However, and though varying from case to case or category of agreement to category of agreement, recurring “essential” elements include price, the item of agreement or sale, and the fact (often by signed writing) that there is some sort of an agreement.  One term can always be a deal-breaker or a deal-maker, and both knowing (discovering) the other party’s squeal point, and how to sufficiently sweeten the deal by give on that point or take on another, will be key.  This is why good sales and marketing people always ask questions that, although not always seeming pertinent, are intended to reveal something directly, or to lower a barrier that prevents the person asking, from seeing it for themselves.

Summary:

This then, is the Timeless Essence, a best practice, in effective sales and marketing, including branding.  Real world examples may come to your mind as you think through these points and look around you, or, you may be spurred-on to become your own mogul.  Good luck (in the effort), give thanks (to those who inspired you), and really, go for it …. just make that sale!

***************************************************************************

Author:

Ekundayo George is a sociologist and a lawyer, with experience in business law and counseling, diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S.A.).  See, for example: http://www.ogalaws.com.  An avid writer, blogger, and reader, Mr. George is a published author in Environmental Law and Policy (National Security aspects).

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, high stakes, strategic projects with multiple stakeholders, large budgets, and multidisciplinary teams.  See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”), in whole or in part for their content, or their accuracy, or their availability.

This article does not constitute legal advice or create any lawyer-client relationship.


[1] Nicholas P. Hopek, TSYS.  De-Marketing in Practice: Survival of the Fittest – and Most Profitable – Customers. Published in Thought Leadership n>genuity Magazine, Spring 2009.  Online: >>http://www.tsys.com/thoughtLeadership/ngenuityInAction/current_issue/Spring09DeMarketingInPractice.cfm<<

 

%d bloggers like this: