Health IT and Electronic Health Activate your FREE membership today |  Log-in

Community Blog

Jul 16 2013   1:00PM GMT

Patient privacy: The BYOD risk in healthcare organizations

Posted by: Jenny Laurello
BYOD, byod security, Data breach, data breach security, Mobile devices

Anders LofgrenGuest post by Anders Lofgren, director, mobility solutions, Acronis

Few industries have it harder than healthcare when it comes to managing the influx of mobile devices in the workplace. Employees who bring in smartphones or tablet computers can cause a big problem for IT teams that are trying to ensure the confidentiality of patient data. Laptops can get hacked, iPads stolen and phones misplaced. With bring your own device (BYOD) so pervasive now, there’s a much higher risk of sensitive information being leaked.

One survey from nonprofit (ISC)² showed that many healthcare IT professionals feel they’re too understaffed to address new IT threats, with 59% saying that privacy violations are their biggest worry. In part, this is due to the growing number of healthcare workers embracing BYOD — especially now that 60% of physicians use their mobile phone in the workplace on a daily basis.

It’s not just IT that’s anxious about BYOD, though. Patients are also worried about employees using their own devices in healthcare facilities. According to a study from PricewaterhouseCoopers LLP, 39% of consumers are concerned that their caregivers are storing confidential data on mobile devices. This concern over BYOD means institutions that suffer data leakage could also suffer consumer backlash. Not only that, but keeping patient data as secure as possible — across all platforms — is becoming more important than ever, thanks to recent regulations.

The cost of a breach

There’s no question healthcare organizations have embraced BYOD as 85% of hospitals allow employees to use personal devices at work. But, this could prove to be a problem, as new regulations such as meaningful use stage 2 compliance guidelines are putting more emphasis on secure electronic communications.

Thanks to these rules, facilities can expect more frequent and thorough audits. In September 2012, Massachusetts Eye and Ear Infirmary was fined $1.5 million by the Office for Civil Rights, because a laptop with patient data was stolen. If such stolen devices fall into the wrong hands, the consequences can be far greater than a simple fine.

Healthcare IT teams have to start thinking strategically about security if they want to safely accommodate BYOD habits. Banning mobile devices from a hospital network could hurt productivity and encourage employees to find less secure workarounds. Yet, it’s clear that something has to be done, especially considering so many mobile devices are leaving the office at night.

Healthcare organizations must find a way to empower employees’ use of mobile devices without risking patient privacy, security or data issues.

A new mobile world

This is where Mobile Device Management (MDM) comes into play. By mandating that all employees enroll their mobile devices in the hospital network, IT teams can see how employees are accessing and using their devices, making it easier to ensure that each one is in compliance with regulations.

Organizations should secure data with mobile file management (MFM), in addition to securing mobile devices. Doing so will enable IT teams to determine who can access sensitive files and how files can be used, putting a stop to the free-for-all exchange of data. Most importantly, MFM allows IT to perform remote wipes of sensitive information from mobile devices.  This is helpful in cases where an employee is fired or resigns from an organization while still in possession of a device containing confidential data.

With BYOD firmly rooted in healthcare organizations across the country, implementing MDM and MFM policies can help maintain patient privacy, while ensuring that employees can keep using their mobile devices seamlessly and effectively.

Comment on this Post

Leave a comment:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: