Posted by: adelvecchio
BYOD, byod security, HIPAA
Though the question whether or not healthcare organizations should adopt bring your own device (BYOD) policies for physicians and staff members still crops up, there’s probably not much choice at this point.
Two years ago, 85% of hospitals were already allowing BYOD. In organizations that prohibit the practice, chances are it’s happening anyway, given the popularity of smartphones and tablets among doctors.
It’s a subject that makes healthcare executives nervous. BYOD can feel like too much of an IT security risk in an industry where data breaches hurt both the bottom line and your reputation. With the right tools, BYOD can boost healthcare efficiency without sacrificing patient privacy. Technology such as secure texting apps — including the one developed by Doc Halo — control BYOD by combining security with ease of use.
The advantages of BYOD start with physicians and other staff members, who are likely already carrying their preferred devices, with no desire to add a hospital-assigned smartphone to the mix. Healthcare organizations also stand to gain in terms of improved workflows and cost savings on devices. For health IT departments, the instinct is often to lock things down in hopes of avoiding HIPAA violations and other issues.
A key way to protect patients’ health information has been to limit which devices can access it. That approach made sense when computers stayed on desks. But now that we carry one or more of them with us everywhere we go in the form of mobile devices, it’s not as practical.
Much of the advice on BYOD in healthcare deals with rules and boundaries. The idea is to reduce the chance of problems by building layers of security, limiting what users can do from their devices and monitoring usage and access. Of course, it pays to have reasonable security. Federal rules that took effect last year mean it’s more important than ever to keep protected health information safe — or face fines of $50,000 or more per violation.
But if protocols get in the way of clinicians doing their jobs, then BYOD doesn’t accomplish anything. Users either won’t take advantage of what mobility can bring to healthcare, or they’ll find workarounds, putting your organization at even greater risk.
Healthcare needs tools, such as secure texting, that let physicians and other providers work without thinking much about security. The tools, not complicated processes or lists of dos and don’ts, should prevent protected health information (PHI) exposure. From the user’s point of view, secure texting doesn’t feel much different from regular texting, which most people do every day. However, a variety of features work together to make sure conversations stay private.
For example, a good secure texting solution encrypts PHI at all levels — database, transmission and on the app — according to federally validated standards. It also deletes messages from your app and the receiver’s app based on the time period of your choosing and has a remote wipe option in case the phone is lost. None of these security measures require time or effort from healthcare providers. The only difference that physicians are likely to notice when they start using the app is that communication is more efficient. HIPAA is here to stay, but so is BYOD. The most successful healthcare organizations are adopting tools that meet the requirements of both.
Jon Jansen is CTO and partner in Doc Halo which specializes in secure text messaging. He brings an extensive knowledge of programming secure interfaces between hospitals, EMRs and physicians’ data. He has been through the entire life-cycle of HIPAA and secure texting from its beginnings and brings the needed experience to navigate this complex topic. He formerly owned a software company which specializes in business and medical communication as well as Web-based portals for remote data access.
Jon’s role on the Doc Halo team is to coordinate all of the behind-the-scenes programming and database creation and optimization using his more than two decades of experience in this area.