Just before HIMSS12, I learned about BYOD/BYOT (Bring Your Own Device/Technology). Evidently, businesses and some healthcare organizations are encouraging, or allowing their employees, to use their latest and greatest (personal) mobile gadgets (smartphones, tablets, etc) to connect into their information systems.
Now, it may seem that this policy will help reduce equipment costs and allow employees to use the latest technology, but it makes my Mobile Governance and Tablets in Healthcare posts even more important reads for healthcare leaders. Why, because the organizations may find themselves paying out much more for costs associated with data breach assessments, reporting, fines, liability, etc.
- 85% of respondents said their organization has a BYOD policy, but the organizations vary in the amount of data they allowed personal mobile devices to access.
- 53% of respondents said their organization only allows personal mobile devices to access the Internet;
- 24% said their organization provides personal mobile devices with limited access to hospital applications; and
- 8% said their organization provides personal mobile devices with full access to the hospital network (Dolan, MobiHealthNews, 2/23).
Additional findings include:
- EHR applications are the most widely supported application on mobile devices, with 60% of respondents saying their organization supports the use of mobile EHR apps. The next most widely supported mobile apps include picture archiving and communication systems, secure messaging and voice-over IP (Computerworld, 2/24).
- More than 75% of respondents said their organization provides Internet access to patients and hospital visitors, but 58% said they use open networks without password protection to do so (Jackson, FierceMobileHealthcare, 2/23).
My hope is that these organizations (especially the 8% allowing full access to their network and the 15% without a policy) have already implemented the necessary safeguards to protect their systems and personal health information from accidently beaches, malicious attacks and HIPAA violations.