The practice of BYOD (Bring Your Own Device) allows employees to bring and use their own computing devices, including smartphones, tablets, and laptops into the workplace. The belief is that this boosts employee morale, and increases their level of efficiency and productivity.
With BYOD employees can use and access company information and applications on their own device. However, the use of personal devices in the workplace brings a variety of security concerns for organizations in the healthcare industry.
A recent study by healthcare staffing firm, Jackson & Coker revealed that four out of five physicians regularly use their mobile devices in the workplace for medical purposes. Of course, there are some proven benefits to this, including faster access to patient records; but there are also some serious disadvantages and concerns.
As a result, regulatory entities like CMS and HHS are drafting stringent requirements for the use of Electronic Health Records (EHRs) and interoperable medical IT devices to ensure the protection of valuable company data and protected health information (PHI).
In order to decrease the negative side effects of BYOD, many hospitals’ IT companies are deploying BYOD strategies to prevent information breaches from occurring. It’s essential that healthcare organizations carefully outline the policies regarding BYOD prior to implementing them. Some of the most common BYOD issues in healthcare settings include:
1. Wiping a Device Clean
Healthcare organizations must remain HIPAA compliant and BYOD can present risks to compliance. A strategy must be in place to wipe a device clean of confidential information if it’s lost or stolen, without compromising the employee’s personal data.
2. Personal Privacy
Permitting personal devices in the workplace could compromise professionals’ privacy. Clinicians have expressed concern over BYOD trends and the lack of privacy for their personal communications.
3. Secure Network Support
According to Spyglass Consulting Group, 69% of surveyed hospital nurses use their smartphones for both clinical and personal communications at work. This puts a lot of pressure on the healthcare industry, because with the rise of end-user devices accessing hospital networks comes the need for reliable and consistent available connectivity, especially on the hospital wireless LAN.
There’s also the mandatory federal standard for securing all data on the clinical wireless LAN, which must be met by hospital IT professionals. In order to do this, IT professionals must explore network solutions that are highly available, yet secure.
4. Sanitary Standards
The conditions in the healthcare industry are a lot different than a standard office. In all honestly, hospitals aren’t the safest place for mobile devices. Consider the fluids and operating conditions in hospitals, plus it’s not very likely that clinicians have the proper safeguards in place to protect their devices from bacterial and viral cross-contamination.
Whose responsibility is it to sanitize personal devices in the workplace? — The IT department or the clinician? This must be considered before implementing a BYOD strategy in a healthcare environment.
5. When Employees Leave
What happens when an employee leaves? If BYOD was permitted, they could leave with patient information on their device. Be prepared and plan for this by having policies in place regarding employee departures.
6. Application Deployment
Did you know there are over 20,000 mHealth (mobile health) applications in the marketplace? The number of mHealth applications has been increasing over the years. And it’s difficult to deploy and support multiple applications on an extensive variety of devices. To deploy and monitor applications safely, and comply with HIPAA, many hospitals implement an application-layer firewall and unified threat management.
A trend like BYOD will always have potential risks, and healthcare organizations must have policies in place to protect their company data and to ensure that patient information is securely encrypted on wired and wireless devices.
Authentication and password policies should be deployed at every connection point. BYOD isn’t a passing trend, and it’s going to remain an active policy for organizations into the future.
While there are many disadvantages, healthcare organizations that are able to successfully deploy BYOD will have the ability to transform clinical workflows, improve physician access to information, streamline processes, and improve the overall quality of patient care.