A toolkit for effective and secure use of mobile technology

Phase 1: Planning an mHealth strategy

Step 2. Review strategic planning

Last revised: 30 Aug 2023

Step 2. Review strategic planning 


Strategic planning provides an overarching framework that determines how your practice performs all of its operations. Placing mHealth at the strategic level ensures that it filters down and across the practice, effectively creating a forward-thinking culture.


Review your strategic planning documents to check their compatibility with an mHealth strategy. The table below will assist in determining which current policies and procedures need to be modified in order to ensure compatibility with an mHealth plan. 

Reviewing strategic plans before implementing an mHealth strategy
Must consider
Platform and device choice As technology rapidly evolves, your practice will need to adopt a flexible and adaptable solution to ensure your mHealth strategy remains current and viable. It is also vital that all required functional elements of your running systems are available to those using mobile devices. The mHealth strategy should be seen as a natural extension of the practice’s information technology (IT) culture.
Application types Your mHealth strategy should reflect the different demands and types of users in your practice. For example, if your practice has a high number of patients with mobility issues, you may wish to consider an app to provide self-monitoring capabilities for patients in their own home.
User engagement If the devices and platforms are not user-friendly, there will be natural reluctance for staff members to adopt and regularly use them.
Connectivity Although mobile data coverage is improving throughout Australia, inconsistencies remain and there will be occasions on which practice staff will be unable to access and/or submit data. There are apps available that allow mobile users to carry out their job when internet connectivity is not available, and seamlessly update when internet connectivity is re- established.
Interoperability Mobile devices are of most value when they integrate directly into the practice’s operational systems and data infrastructures. Integration with core systems is critical to the relevance and impact of mobile devices.
Data management When implementing an mHealth strategy, it may be important to have the ability to work with more than one system. For example, an increasing number of GPs use their own tablets for note taking when visiting aged care facilities. As a result, GPs need to enter data from their tablet into sytems at their practice and the aged care facility, and retrieve information from both systems when later assessing the case.
Security An effective mHealth solution should provide a secure, encrypted connection between the device and server in order to eliminate the risk of data breach.

Do we need to supply staff members with mobile devices?

This is up to you. If your practice decides to allow the use of personal devices for work purposes, you will need to define the risks of a ‘bring your own device’ strategy. The major concerns revolve around lost and stolen devices, physical access, ownership, data access and lack of eHealth literacy.

Lost and stolen devices, and devices shared between friends and family members, can have their content accessed by someone other than their owner. This highlights the importance of having key basic features such as password protection, encryption and robust procedures to wipe the device of all data once it is lost. Lost and stolen devices can also enable physical access to the hardware. Older iPhone models, for example, lack hardware encryption and security functionality, which can compromise data security.

Staff members tend to have an increased sense of ownership when they use their own devices for work purposes. This might lead to breaches of security and greater vulnerability if a staff member tries to remove restrictions from the operating system.

Access to clinic and patient data outside of the practice can also pose risks, as a lost or stolen mobile device can allow access to data located on that device and accessible via remote channels. Practices also need to consider how the access for mobile devices is disabled when staff members leave the business or no longer require remote access. 

How can I ensure our mobile devices meet security requirements?

It is critical that your practice team is aware of security risks and has adequate support to maintain data security.

Mobile device security considerations

  • Use anti-virus programs specifically designed for mobile devices
  • Ensure security processes cover mobile apps
  • Ensure your desktop environments and mobile devices have encrypted data transmission
  • Consider the use of remote data wipes and auto-locks that allows lost, misplaced or stolen mobile devices to be remotely wiped clean
  • Use mobile ID authentication mechanisms
This event attracts CPD points and can be self recorded

Did you know you can now log your CPD with a click of a button?

Create Quick log