Hospitals embrace BYOD policies while dealing with privacy challenges

Nov 08, 2013

2014-09-11 Healthcare.jpgA bring-your-own-device policy can open doors to a multitude of opportunities within organizations of all kinds. Benefits of such practices include increased flexibility and mobility, as well as fostering an environment of collaboration and boosted productivity.

By the numbers
Recently, healthcare groups have been jumping on the BYOD bandwagon, allowing hospital employees to utilize personal smartphones, tablets and other mobile devices to access the organization’s in-house network. A 2012 industry report showed that currently 85 percent of hospitals allow physicians and staff to utilize their mobile devices at work. Of that sector, 53 percent limit use to Internet access only, and 24 percent limit access to hospital applications only for BYOD security.

Furthermore, in order to better support their policies, 50 percent of hospitals are planning to expand or enhance their Wi-Fi network within a year. In addition, 93 percent of hospitals currently perform their own network infrastructure and BYOD management in favor of outsourcing such services.

Security obstacles
However, a BYOD policy within a healthcare organization can also pose issues when it comes to the security of sensitive patient information. Because employees share business files and other important data, these groups must ensure that their BYOD management strategy includes strong security measures to lessen the risk of cyberattack or data leakage.

The Wall Street Journal in September reported that hospitals now have to comply with new rules under the Health Insurance Portability and Accountability Act, as well as the HITECH Act. These initiatives seek to protect patients and improve the portability and continuity of health insurance, according to the Department of Labor. As part of compliance with these measures, healthcare providers are responsible for the safety of data transmission and file sharing through the use of secured and encrypted systems.

Each individual incident that classifies as a violation to these rules cost organizations at least $50,000. Despite this, security expert Ryan Kalember told the Journal that many hospitals are still noncompliant.

“All clinical staff and most administrative staff are just doing what they can to get things done,” Kalember said. “Sharing information and not having any sort of an audit trail is really problematic. That is a HITECH violation and a HIPAA violation.”

In this way, healthcare organizations must ensure that they are sharing files securely and sending data safely. These groups should use a system that automatically encrypts data at rest as well as in transit. In addition, their BYOD policy should include individual endpoint security measures as well as visibility and management structures so administrators know that data contained on these devices is safe and have the ability to view and govern traffic on the network.

Such a system should also be easy to navigate and should not hamper the work of healthcare employees. Stephen Li, Jersey City Medical Center CIO, told the Journal that hospitals must select a solution that protects records, but makes them easily available for doctors and staff. These employees must have the opportunity to work quickly while focusing on patient care, and not have to second guess the security of shared files or emails.

Category: Data Security