Just before HIMSS12, I learned about BYOD/BYOT (Bring Your Own Device/Technology). Evidently, businesses and some healthcare organizations are encouraging, or allowing their employees, to use their latest and greatest (personal) mobile gadgets (smartphones, tablets, etc) to connect into their information systems.
Now, it may seem that this policy will help reduce equipment costs and allow employees to use the latest technology, but it makes my Mobile Governance and Tablets in Healthcare posts even more important reads for healthcare leaders. Why, because the organizations may find themselves paying out much more for costs associated with data breach assessments, reporting, fines, liability, etc.
For those of you who like data, consider iHealthBeat's report on a healthcare mobility survey that found:
- 85% of respondents said their organization has a BYOD policy, but the organizations vary in the amount of data they allowed personal mobile devices to access.
- 53% of respondents said their organization only allows personal mobile devices to access the Internet;
- 24% said their organization provides personal mobile devices with limited access to hospital applications; and
- 8% said their organization provides personal mobile devices with full access to the hospital network (Dolan, MobiHealthNews, 2/23).
Additional findings include:
- EHR applications are the most widely supported application on mobile devices, with 60% of respondents saying their organization supports the use of mobile EHR apps. The next most widely supported mobile apps include picture archiving and communication systems, secure messaging and voice-over IP (Computerworld, 2/24).
- More than 75% of respondents said their organization provides Internet access to patients and hospital visitors, but 58% said they use open networks without password protection to do so (Jackson, FierceMobileHealthcare, 2/23).
My hope is that these organizations (especially the 8% allowing full access to their network and the 15% without a policy) have already implemented the necessary safeguards to protect their systems and personal health information from accidently beaches, malicious attacks and HIPAA violations.
I responded to this over on Social Media Today with regard to the provider/practitioner-owned devices. Another wrinkle to the issue is patient-owned devices/technology. While some of these devices and controlling programs upload directly to the Internet, others store their data on the device. The data may be e-mailed to one's healthcare professional, or deposited via a secure portal (often owned by the patient's insurance provider!) -- or it may be uploaded directly to the provider's network. One big issue here -- as it is with employee mobile devices and media -- is that of malware on the device (or infecting the data file) accessing the provider's network. Security policies should probably include some sort of DMZ into which patient data can be uploaded and scanned for malware before passing the information on to the facility's internal network, the practitioner's device, or the patient's EMR. Mobile device policies will need to consider these issues as well.
Posted by: Brenda Bell | March 11, 2012 at 09:17 AM
Thanks, Brenda, for bringing in the patient device. Yes, it has some of the same risks as the employees that will have to be addressed and hospitals and providers work to satisfy meaningful use criteria.
Posted by: Christina | March 11, 2012 at 11:45 AM
BYOD (Bring Your Own Device) isn’t the most eloquent acronym to come out of the IT world. However, some say it stands for a new era where employees’ preferred devices are also used for completing work tasks. But is BYOD really the ultimate social integration and cost saving trend for businesses?
It’s obvious that there are significant cost savings associated with employees using their own smartphones, tablets and laptops for work. However, the downsides are numerous and worth considering. From a logistics point of view, a multitude of devices is hard to support and manage, as you often can’t make the same app work on all platforms.
The question of data integrity and security should also be raised. How can businesses manage their information and ensure that there are no leaks after the employee decides to up sticks and work for the competition, taking his device with him? The answer is simple; they can’t.
Even more importantly, BYOD can’t be implemented realistically across the business because not all of your staff own state of the art portable devices, fit for enterprise use. BYOD could create differences between employees and ostracise those who can’t afford the latest tablet or smartphone. This will undoubtedly affect productivity and data security, which makes the Bring Your Own Device trend as unpalatable as its acronym.
Posted by: Dominic Jones - SME IT consultant at Barton Technology | March 23, 2012 at 02:49 AM