Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Patient privacy: The BYOD risk in healthcare organizations

Jan-Jaap Jagger, Vice President, APAC and Emerging Markets, Acronis | June 4, 2015
With bring your own device (BYOD) so pervasive now, there's a much higher risk of sensitive information being leaked.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

Few industries have it harder than healthcare when it comes to managing the influx of mobile devices in the workplace. Employees who bring in smartphones or tablet computers can cause a big problem for IT teams that are trying to ensure the confidentiality of patient data. Laptops can get hacked, iPads stolen and phones misplaced. With bring your own device (BYOD) so pervasive now, there's a much higher risk of sensitive information being leaked.

One survey from a nonprofit organisation showed that many healthcare IT professionals feel they're too understaffed to address new IT threats, with 59% saying that privacy violations are their biggest worry. In part, this is due to the growing number of healthcare workers embracing BYOD - especially now that 60% of physicians use their mobile phone in the workplace on a daily basis.

It's not just IT that's anxious about BYOD, though. Patients are also worried about employees using their own devices in healthcare facilities. According to a study from PricewaterhouseCoopers LLP, 39% of consumers are concerned that their caregivers are storing confidential data on mobile devices. This concern over BYOD means institutions that suffer data leakage could also suffer consumer backlash. Not only that, but keeping patient data as secure as possible - across all platforms - is becoming more important than ever, thanks to recent regulations.

The cost of a breach

There's no question healthcare organizations have embraced BYOD as 85% of hospitals allow employees to use personal devices at work. But, this could prove to be a problem, as new regulations such as meaningful usestage 2 compliance guidelines are putting more emphasis on secure electronic communications.

Thanks to these rules, facilities can expect more frequent and thorough audits. In September 2012, Massachusetts Eye and Ear Infirmary was fined $1.5 million by the Office for Civil Rights, because a laptop with patient data was stolen. If such stolen devices fall into the wrong hands, the consequences can be far greater than a simple fine.

Healthcare IT teams have to start thinking strategically about security if they want to safely accommodate BYOD habits. Banning mobile devices from a hospital network could hurt productivity and encourage employees to find less secure workarounds. Yet, it's clear that something has to be done, especially considering so many mobile devices are leaving the office at night.

Healthcare organizations must find a way to empower employees' use of mobile devices without risking patient privacy, security or data issues.

A new mobile world

This is where Mobile Device Management (MDM) comes into play. By mandating that all employees enrol their mobile devices in the hospital network, IT teams can see how employees are accessing and using their devices, making it easier to ensure that each one is in compliance with regulations.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.