BYOD or ‘bring your own device’ is becoming more commonplace across the world as the use of mobile devices continues to rise. The health care industry is no exception as four out of five doctors regularly use their personal mobile phone at work today. Using your own device at work is particularly convenient, but does present some possible issues for health care professionals.
Many health care facilities, similar to many businesses across the country, allow their employees to bring their own personal mobile devices to use at work and then pay their phone bill. For businesses, it is often much cheaper than paying for a new phone for all of your employees and allows for a convenient blur of professional and personal life where your staff is more reachable at all hours of the day and night.
Bringing your own device to work is also extremely convenient for employees as well because it allows a person to consolidate their professional and personal life into one device, as opposed to having a separate device used for both parts of their life. Medical staff aren’t the only individuals using personal mobile devices more frequently in the health care facilities, patients and their guests are more frequently using their personal wireless devices in hospitals and other healthcare facilities.
The connected revolution is here, allowing for 24-hour connectivity between all the wireless devices located in a healthcare facility, which can be extremely beneficial, but could also have some potential downfalls as well.
Patient privacy is often the first thing people bring to mind when thinking of the potential downsides of using mobile devices in health care, especially with all the reported cases of hacking across the media on an ongoing basis. Yet, there are far more concerns to keep on your radar when deploying BYOD strategies at your hospital or healthcare facility.
Here are five potential issues facing your IT department when making use of BYOD at your health care facility.
1.Deploying Applications Effectively
The FDA estimates that by 2015, there will be 500 million people using mobile devices globally with healthcare applications installed. By 2018, half of the 3.4 billion mobile users around the world will have at least downloaded one medical or health related app.
Many hospitals and healthcare facilities are using unified threat management software, as well as firewalls to monitor these many applications used on mobile devices to ensure they are running safely and securely. These procedures help medical professionals stay compliant with HIPPA when a mobile device is accessing an application from a third party.
The problem with this approach is that BYOD devices aren’t initially equipped with these levels of protection to monitor and analyze third party apps. With the infinite amount of apps available for download, medical or not, there are major security concerns when it comes to what systems are and aren’t accessing the network of your facility.
Like stated later in this article, guidelines must be put into place by your administration to ensure that your employees are aware of these security concerns and can be brought up to speed with educational material to ensure they are able to avoid any of these potential issues at all costs.
By educating staff members of the potential danger of certain third party apps accessing the organization’s network, you’ll get a stronger buy-in from your employees handing in their personal devices to be better equipped with the right software and appropriate safety measures.
An application-layer firewall and unified threat management can help secure a BYOD strategy at your facility, once these devices are appropriately synced with your existing security systems. Make these security measures mandatory for any employees taking part in BYOD to prevent the multitude of possible security breaches that could result on your organization’s network.
2. Providing Substantial Network Support
According to the Journal of Mobile Technology in Medicine, 91% of healthcare professionals owned a mobile phone of which 87% used it during clinical practice. That could potentially be a huge strain on your hospital’s network from staff, as well as the use of mobile devices of patients and their visitors.
The IT department at your facility is tasked with the challenge of ensuring that your hospital’s network can withstand the demand by this addition of hundreds, if not thousands of connected devices. Your hospitals wireless LAN handles the exchange of the majority of this sensitive information and therefore, must be consistent, continuously available for use and reliable in order to perform correctly around the clock.
Federal law requires that a healthcare institution deploy a single network to handle the bandwidth created by all these mobile devices, as well as a way of securing all the information passing through this wireless LAN.
Many IT departments must upgrade their existing systems to ensure they’re able to scale with the ongoing needs required from most staff members practicing BYOD. Prepare your healthcare facility today by confirming that your existing networks can handle the growth of mobile at the organization or begin to research alternative solutions for the required bandwidth.
3.Security Related to Lost Devices
When a healthcare facility gives their employees a mobile phone, the IT department typically bears the responsibility of securing any data on that device once it is lost and then finding a replacement device for the staff member.
The model has changed because now a majority of individuals are bringing in their own mobile devices, which presents a major security concern for a healthcare facility when any of these devices are lost.
Any device containing information protected by HIPPA must be secured, which is why it is so important for the IT department to find a way to balance a strong approach to security on these devices, but without being too invasive.
Staff members must be properly educated about the importance of securing their mobile device when it is used to access sensitive patient and company information on an ongoing basis. Bringing all staff members up to date on how to properly secure their device will go a long way towards keeping sensitive information intact and lost devices safe from being hacked.
This education will also help assist your IT department in implementing any necessary security measures on your staff’s personal mobile device with less resistance since they understand of the importance of securing these devices on behalf of the organization and their patients.
Your organization should create strict guidelines that outline the use of personal mobile devices used during clinical practice to guarantee there aren’t any details overlooked when a mobile phone is lost and possibly compromised.
Setting these guidelines ahead of time for health care facilities using BYOD strategies will help save money, reduce time spent on technical troubleshooting for your IT department and further protect sensitive information on these devices.
Require employees to synch with IT to set up safeguards that will wipe devices that are lost or damaged to guarantee the safety of sensitive information. Also, require that employees turn over their devices if a security investigation is taking place and require that they legally promise not to sue the hospital or healthcare facility if personal information is seen on one of these devices during the course of a security assessment.
4. The Blurred Line Between Professional and Personal
There are many benefits to medical staff having their personal and professional activity centralized on their mobile phones like how convenient it is, but with this convenience comes some potential downfalls.
Similarly to the idea of creating guidelines for installing security firewalls or what to do when a device is lost, your healthcare facility should develop boundaries for the use of mobile phones during working hours.
Since the line is blurred between professional and personal use of mobile devices, draw some boundaries about when it is appropriate for staff to use their mobile phone to communicate personally. Create a cultural shift at your hospital or facility to encourage transparency around the use of theses devices to better understand the potential conflicts that could arise related to their use.
Clearly define what applications that cannot be used, what LAN network staff should be connecting to when in the office, what activities are prohibited, what information is too sensitive to transmit etc. All patient information transmitted on mobile devices owned by the hospital or the staff themselves should be treated with care to ensure complete compliance with HIPAA.
“The challenge is that mobile technology and all of its related benefits have become the norm in real-time communication in our society. When applied to the healthcare space, however, a person’s privacy and security must be considered equally as important as convenience and cost,” said Guillermo Moreno, vice president and managing director at Experis Healthcare Practice.
Without strict guidelines surrounding what is and isn’t appropriate, the use of a BYOD strategy at your healthcare facility can quickly become more trouble than it’s worth.
5. Penalties for Data Breaches
Failure to properly implement a BYOD program for your hospital or healthcare facility can be extremely costly because the HITECH Act has allowed enforcement of HIPAA in the form of strict penalties, as well as the expanded authority of officials enforcing these infractions at federal and state levels.
The main challenge for health care organizations is balancing HIPAA restrictions with the enforcement risks of a BYOD program. These seemingly conflicting goals are not mutually exclusive, since organizations that approach BYOD implementation and administration in a strategic, thoughtful, and well-planned manner are often quite successful once they’ve taken the time to do things right and avoid the risk of a data breach as well as the associated compliance penalties.
There’s no perfect formula for every type of health care facility when it comes to BYOD and avoiding a data breach. Each health care organization has to specifically cater their BYOD policies to their specific needs and business goals to meet the ongoing data security and potential breach risks.
Before rolling out a BYOD program, healthcare organizations should complete an extensive risk assessment, which serves several purposes. First and foremost, the risk assessment may reveal that employees are already using their own devices for the transmission of health and other work-related information and therefore, quickly setting up an extensive policy for the proper use of a BYOD programs is essential.
The risk assessment will also reveal whether BYOD is technically and financially feasible for your organization, taking into consideration the potential costs of data breaches and compliance penalties.
What’s your biggest concern about using a BYOD strategy at your hospital or healthcare facility? How will you work around these issues to allow staff to use their personal devices at work? Sound off in the comments below!