Healthcare cybersecurity threats continue to increase, and with cases of ransomware infiltrating provider networks, patient data security and patient safety could be at risk. Therefore it is important for healthcare organizations to protect their data. Healthcare units store and process multiple kinds of data ranging from images and emails to medical records and payment information. With the help of data conversion services, this healthcare data is made digital, subject to HIPAA compliance and other privacy mandates, and stored on multiple devices, to be used by multiple users in multiple places. Due to the urgent nature of the healthcare environment, users require immediate access to data across a range of devices and applications.
As more and more healthcare providers are now using mobile devices for their daily operations, it now becomes critical for covered healthcare as well as their business associates to ensure that they fully understand BYOD security and overall healthcare mobile security. Healthcare BYOD policy refers to the permission to use one’s own device in their work. But due to data security some healthcare organizations have also prohibited such policies from being implemented. A recent Spok survey of more than 350 healthcare leaders on their BYOD views found the following results:
- In 2017, 71 percent of hospitals allow for BYOD policies and this is an increase from the 58 percent that allowed BYOD in 2016.
- BYOD policy varies by role, correlating to staff needs and preferences.
- Majority of doctors prefer BYOD policy to work whereas nurses prefer to use hospital-issued devices.
- 52 percent of respondents said that data security was a top BYOD challenge. 54 percent stated that infrastructure Wi-Fi coverage as a top pain point. 44 percent of those surveyed stated infrastructure cellular coverage was their main challenge.
- 81 percent of respondents reported that their BYOD policies cover device security with 59 percent stating that their organizational policies cover enforcement for policy non-compliance.
- Hospital staff members could use personal devices for work even when BYOD is not allowed. 63% physicians and 41% nurses said they still use personal devices without a BYOD policy in place.
In early 2017, a HIMSS Analytics survey had revealed that mobile devices have become very popular at healthcare settings, with more entities opting for BYOD policy. Almost three quarter of the HIMSS respondents said that they use smartphones or tablets for applications to access clinical information and 70 percent reported that they use the devices for EHR access. Mobile security was also one of the challenges for the continued increase in mobile technology. Be it Bring Your Own Device or hospital provided devices, mobile technology plays a significant role in a clinical setting to help coordinate, support, and provide quality patient care.
However, mobile devices were not the only tools used by physicians to access information. 94 percent of those surveyed said that they use desktop computers for accessing information to provide and coordinate patient care and 79 percent said that they use smartphones to access the same data. The usage of tablets has increased compared to smartphones, most likely due to the larger screen. This allows more comfortable face-to-face interactions with patients, as well as easier maintenance and tracking within the department.
When more and more technology advancements are introduced, it improves flexibility but security becomes uncertain. Therefore security should be the primary focus for any healthcare organization looking to implement BYOD policy in responsible ways. Despite all the advances that healthcare has seen in security, data breaches still leave patients vulnerable to identity theft, and personal harm. So to protect health data, BYOD best practices should begin with the employees in the healthcare unit. They should understand the risks of BYOD implementation and the part they play in the system. They should also be trained properly on device use and security practices.
Organizations should ensure that they are enabling tech solutions that people will actually use and the IT leaders should take mobile encryption seriously. Encryption is particularly important in keeping devices secure after they are stolen or lost.
Given the importance of information security, healthcare organizations should also make sure that data breaches don’t happen via other sources. So care should be taken when utilizing third party solutions such as medical data entry or back office outsourcing. In any data security program, the entire organization should be involved for optimal benefits.
