Bring Your Own Device (BYOD) allows workers to use their own hardware for business purposes and includes devices like tablets, smartphones and laptops. Studies have shown it has numerous benefits for your company. However, the use of personal devices in the workplace brings a variety of security concerns for organizations in the healthcare industry.
The most common negative effect of BYOD in healthcare is the threat to security surrounding sensitive data. To combat this, many hospitals are instigating BYOD strategies to prevent breaches happening.
Some of the most common BYOD issues in healthcare settings include:
Wiping a Device Clean
In the past, a healthcare facility provided cell phones for their staff, the IT department would be responsible for securing any work related information on that device if it was lost, and supplying a replacement for the staff member. This model is now defunct as most people bring their own devices into work, which can mean a huge security headache for the organization.
Healthcare organizations have to be HIPAA compliant and BYOD can mean risks to this compliance. One way to ensure this is to put a plan in place to wipe an employee’s device if it is lost or stolen without compromising the worker’s personal data. The IT department now has to find a way to balance security with the staff’s right to privacy.
Implementing Policies
Managing bodies have decided that device encryption should be a part of any BYOD policy. That would strengthen security, but in reality these policies are rarely actioned by staff. Studies have shown that most breaches occur as a result of organizational adherence to their own policies.
Security isn’t something that can be implemented over a period of time. Health workers need to understand the importance of encrypted passwords and data when they use their personal devices and to carry them out quickly. The consequences to the organization and to individual staff members needs to be stressed to encourage compliance.
Third Party Apps
Hospitals and healthcare facilities often use a form of unified threat management software coupled with firewalls to protect and monitor apps used, making sure they are safe to run and pose no threats. These steps help the organization to stay compliant with HIPAA regulations when a mobile device is accessing a third party app onsite.
This is a great policy except that personal devices aren’t equipped with these levels of protection. No one staff member will have the same apps as another; there are too many to cover with basic security software. Employees need to be made aware of the risks around using apps like Facebook, Twitter and others at work without having adequate antivirus and protection software. Your organization needs to put policies in place where third party apps can’t be accessed in work unless these layers have been added to their hardware.
BYOD is an appealing option for a lot of reasons. Though security is a concern, once a procedure is up and running it adds another layer of security to the BYOD program which will eventually save your business money on hardware, software and enhance the productivity of your IT team.
