Facebook tracking bit

Enterprise Mobility Management

Enterprise Mobility Management for Scaling Secure Messaging


Scalability and adoption are significant challenges that project managers face as they plan to implement secure text messaging in healthcare. IT pros and other drivers of technology implementations need ways to deploy the client application to clinical users, manage security settings and report on the environment at scale. Enterprise mobility management (EMM) tools can help achieve scalable deployments and manage large populations of users. Without a way to scale quickly, project teams struggle to build a user base fast enough and ensure adoption of the service.

As teams implement secure text messaging and position it as a way to securely send PHI, they must also consider device-level security settings. Without a way to configure device-level security settings, such as encryption and passcodes, protected health information (PHI) could be exposed and HIPAA safeguards could be violated. There is also a need for device-level reporting. Without an inventory of devices, applications and settings, project managers cannot validate HIPAA compliance or gather the data needed to adequately troubleshoot incidents. Here is how EMM can best be used to deploy a secure texting application:

1. Identify your target audience 

The first step is to decide who needs secure messaging and create a smart group within the EMM tool for your target population of users. You can use the EMM inventory to plan your deployment and focus on the right groups. The EMM inventory, the database that drives the solution, contains device status info (like OS, available storage, etc.), app info (like apps installed, etc.), and settings info (like restrictions, etc.), etc. The EMM inventory contains everything about the devices, and you may want to use it to target devices that fit a certain compliance profile. For example, devices that are encrypted, or devices that have an EHR app installed, are already likely to be transmitting PHI. Active directory (AD) groups can also be pulled into the inventory and EMM smart groups can be scoped to specific departments and/or roles.

2. Prepare the deployment and configure settings

Make sure that all devices in question are supported by your secure messaging solution. They must be in a state that will allow the app to be installed, and they need to comply with security standards. What is the type, model, and OS of each device? Do any fall outside of what is compatible with the app? How much free storage and memory are on the devices? Are there any that don’t have enough space? Are the devices already encrypted and passcode protected? Are any considered non-compliant? If any devices fall outside of recommended standards, users should be notified to make changes and/or the mobile device management (MDM) configuration profile should be applied accordingly.

3. Deploy the App 

Deploy the app using mobile OS vendor deployment programs, like Apple’s Volume Purchasing Program (VPP) through the App Store® or by using one of the MDM builds that the secure messaging vendor provides. Scope the deployment of the app to the smart group(s) that contain(s) the target audience. Where applicable, it is recommended that the app be deployed as a managed app, so that it can be removed later via an enterprise/selective wipe, if needed. You can deploy the app to the target devices/users silently, or make it available in an App Catalog.

4. Report on the Deployment 

Looking at the smart group you created in the EMM database, be sure it contains all devices that have your secure messaging app installed. Remember to include the app version, OS version, device model and type, available resources on the device (memory, storage, etc.), and compliance settings (encryption, passcode, etc.). This report is the source to monitor device status and compliance, and to show how widely the app has been deployed. The devices in this smart group represent the scope of your deployment and version adoption.

5. Report on device status and compliance 

The smart group used to measure adoption should also be used for ongoing reporting of device status and compliance. Including device status attributes—such as OS version, memory, storage, model, free space, and storage capacity—can be excellent sources of data for troubleshooting issues. For example, if some users are experiencing issues with not receiving notifications via the app, filtering your report by device model or OS version could show trends that help IT identify a root cause. The report is also the best source to identify any devices that have the secure texting app installed but fall out of corporate compliance. For example, filtering the data can reveal non-compliant devices that have the app installed but do not have a passcode enforced, or are not encrypted.

6. Manage OS and App Upgrades

Before any app or OS updates, project leaders should beta test the new versions to identify any incompatibility issues. The EMM inventory can be used to report on OS and app version. For example, if an OS update causes devices to revert and make users re-register with the app, the project team should identify OS and app versions impacted before the upgrade. Those devices can be isolated using a smart group, and a notification should be sent to all impacted users to proactively provide them with instructions for how to manage the upgrade.

7. Remove/uninstall the App 

When a user loses a device or leaves the organization, it is vital to remove all content within the application and reduce the risk of a data security violation. The best practice when using EMM is to uninstall/remove the app from the device and immediately unregister and delete the user in the secure messaging database. Unregistering the device will ensure that the organization retains licensing, and that users cannot re-download the app and access content within it.

By following these steps, project team pros can leverage EMM to help scale and sustain deployments of secure text messaging apps, set a faster rate of adoption, streamline workflows, increase security, and reduce incidents.

Looking for more information on secure texting app deployments? Check out these resources:

Blog: There are common challenges healthcare IT teams run into when supporting both BYOD and a secure text messaging solution in the same environment. Here are six reasons why they work well together. 6 Reasons to Choose Secure Text Messaging for BYOD

eBrief: From planning through post-implementation, follow these 10 steps to maximize adoption of your secure text messaging solution for improved care coordination and protected patient information. Ten Steps to Maximize Secure Text Messaging Adoption

Webinar: Follow these best practices to reduce the struggles your project management team faces with rolling out and maintaining a secure texting app. Best Practices For Deploying and Managing Your Secure Text Messaging Solution


Are you using or considering using the Spok Mobile® secure texting app? Spok offers comprehensive consulting services for organizations that need further assistance with deployment and management of this powerful communication solution.

If you are interested in more information on best practices, please contact Spok Consulting Services at consultingrequest@spok.com. We value the opportunity to work with you and scale your secure messaging deployment.