Prioritizing Security in the Era of Healthcare BYOD

November 24, 2014
270 Views

BYOD and healthcareThe excitement surrounding the bring your own device (BYOD) trend is undeniable, but it’s usually spoken of in the benefits it brings to businesses. Other industries have experimented with having employees bring their personal devices to work, but most of the discussion has focused on the effects BYOD has on the business world.

BYOD and healthcareThe excitement surrounding the bring your own device (BYOD) trend is undeniable, but it’s usually spoken of in the benefits it brings to businesses. Other industries have experimented with having employees bring their personal devices to work, but most of the discussion has focused on the effects BYOD has on the business world. The conversation, however, is slowly changing, particularly for the healthcare industry. Hospitals and other facilities have been cautious about implementing a BYOD policy, but adoption is steadily happening. While more and more healthcare institutions are making the leap to bring your own device, they’re also contending with the serious implications impacting security and patient privacy.

In many ways, BYOD makes a lot of sense for healthcare workers in hospitals. Not only do they get to use devices they are already familiar with, they can get their work done more quickly. This is especially important in the medical field because doctors and nurses are usually on the move, working with patients in a variety of ways. Having a mobile device handy that gives them access to a patient’s medical records can keep them informed about the patient’s history of health issues. BYOD can also facilitate the use of clinical trial data, which can help doctors diagnose patients with uncommon symptoms. Add these benefits to the ease with which workers can access billing information and prescribe medication, and the use of personal mobile devices seems like a clear cut win for hospitals at first.

The issue that continues to be the biggest challenge to tackle is that of BYOD security. Administrators’ fears over allowing personal devices access to sensitive medical data are certainly justified. A study by the Department of Health and Human Services showed that an average of almost 25,000 patients’ medical data was exposed every day during 2013. BYOD policies should address how to secure devices, but a separate survey found that almost half of healthcare providers didn’t even follow the outlined security procedures. The most at-risk forms of data include employee records and patient billing information, but the data that is most frequently lost or stolen includes medical records, prescription data, and payment statements. These statistics are alarming for many healthcare administrators, and they represent a need to reemphasize security when implementing a BYOD strategy.

While it seems like improving BYOD security should be straightforward, there are concerns about that as well. More security procedures and applications designed to protect devices might slow workers down. While this might be seen as an annoyance at certain times, during emergencies, when access to patient information is vital, healthcare workers don’t want to be fumbling with a device that’s locked down with numerous security protocols. A healthy balance has to be achieved that preserves BYOD convenience while providing for better BYOD security.

Administrators would do well to follow a few tips when it comes to improving mobile device security. The first is to require better authentication. While a password or PIN to use a device is a good first step, two-factor authentication is a much more secure route. This might happen by using a one-time code sent via email, or it might be a biometric key, such as swiping a fingerprint, which many modern mobile devices are capable of reading. Hospital BYOD policies should also address what must be done in case a device is lost or stolen. Employees should know to alert the IT department as quickly as possible, and IT workers should have mobile device management software that enables them to remotely wipe a device of all sensitive data. Data encryption remains a useful strategy, but healthcare practitioners need to ensure that data is encrypted while being stored as well as when it is being transmitted. Many data breaches occur while data is transferred from one organization to another, so encryption is necessary to make that data unreadable to hackers who manage to infiltrate devices and systems.

There are, of course, many other strategies organizations can use to secure BYOD devices, but however they do it, security must remain a top priority. Sadly, too many institutions seem to overlook this, leaving patient data vulnerable and their organizations open to future lawsuits. As BYOD grows in popularity, administrators need to go the extra mile in prioritizing security. Only then can they feel safe knowing healthcare workers have access to everything they need from their personal devices.

BYOD / shutterstock