Healthcare BYOD challenges

Keeping data safe while accessing information from the device of your choice is a complex and potentially dangerous endeavor
By Darren Leroux
August 12, 2014
11:57 AM

The consumerization of IT and the bring-your-own-device (BYOD) movement in the workplace has proven to be extremely beneficial for the healthcare industry, allowing providers to access patient data, billing information, clinical trial data and employee information on the go. However, this comes with a price.

Data now resides on desktops, laptops, smartphones, tablets and USB drives. Given the rise of mobile computing and BYOD in healthcare, the once straightforward process of protecting private health information has evolved into a more complex and nuanced undertaking.

The concept of keeping data safe while accessing the information from the device of your choice is a complex and potentially dangerous endeavor that every healthcare IT executive needs to fully comprehend before moving forward. Below, we touch upon the most pressing BYOD security challenges for healthcare institutions heading towards 2015.

PHI and device vulnerability

The three most vulnerable forms of lost or stolen data in healthcare are patient billing information, employee records and non-patient records.  However, the types of patient data most frequently lost or stolen include medical files and records, payment information, prescription details, scheduling details and monthly statements.  One can see that the types of PHI most frequently lost or stolen is the information accessed across the continuum of care.

Breaches are happening as healthcare providers use their personal devices to share PHI with another provider, for example the primary care physician sharing prescription information with the pharmacist or the X-ray tech showing an MRI to a physician. If providers want to be able to use their devices to enhance care delivery, they need to make sure that they are doing so securely. Encryption solutions, which are an excellent way to provide this layer of security, are easy to use, do not impact end user performance and can be easily managed by IT and security teams.

BYOD security and more healthcare breaches…

A recent healthcare professional roundtable found that although a majority of healthcare providers had defined procedures for securing devices, 46 percent admitted the policies are not being followed.  In similar fashion, roundtable participants agreed that device encryption should be a part of any BYOD policy—but that encryption requirements were rarely enforced.  One reason for the prevalence of healthcare breaches is the lack of organizational adherence to their own policies.

Healthcare organizations don’t have the luxury of waiting while their employees gradually come around to grasping the importance of following encryption requirements. Given the sensitive nature of data at hand and all the regulatory and compliance requirements within their industry, health leaders must incorporate better practices when it comes to protecting patient data. And these same leaders must ensure employees are fully aware of encryption procedures and their import towards the prevention of stolen or compromised data.

Putting Compliance in Perspective

Complying with regulations such as HIPAA and HITECH is a challenge in and of itself, but implementing a BYOD policy while complying with these regulations is another challenge entirely. According to a recent report, HIPAA data breaches have increased by 138 percent since 2009. While remaining inline and up to date on compliance and regulations is essential, it’s easy to end up missing the bigger picture of what you’re trying to accomplish. CIOs and CSOs should look at compliance as a one-time snapshot or status of where things stand – or should stand.

Healthcare data is everywhere – mobile devices, laptops, desktops and medical devices - and has evolved into a matrix of interrelated data, flowing from patients/customers to physicians, diagnostic clinicians, pharmacists and medical insurance billing specialists.

As mentioned earlier, given the rise of mobile computing and BYOD in healthcare, the process of protecting private health information has evolved into a more complex and nuanced undertaking.

To help deal with healthcare’s primary BYOD challenges, the healthcare industry should consider holistic security programs allowing for longer-term security strategies to be put in place. Managing information risk involves understanding what kinds of mobile and remote solutions a healthcare institution has, how these devices are putting private health information at risk and what can be done to protect the data. Data also needs to be encrypted on mobile devices and be transparent enough for IT professionals working behind-the-scenes to be able to integrate the capability across platforms seamlessly without disrupting the end-user experience.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Capitol rotunda at sunset
Congress releases AI policy blueprint

Most Read

Aidoc, NVIDIA intro new plan to speed AI adoption in healthcare
Winning cybersecurity warfare is the ultimate millstone for CISOs
A passwordless future for clinicians? Industry paper points to a new paradigm
White House OMB is reviewing proposed cybersecurity updates to HIPAA
Singapore project to build voice AI for detecting early elderly depression
HC3 alerts providers of Scattered Spider threat

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

More Stories

Dr. Eric Liederman, CEO of CybersolutionsMD
Q&A: CybersolutionsMD CEO on preventing cyberattacks
Change healthcare booth
Nebraska sues Change Healthcare over ransomware attack
Vijayashree Natarajan of Omega Healthcare on AI
Three for 2025: data security, cancer informatics and agentic AI
Capitol Hill
Congress looks set to extend telehealth and hospital-at-home flexibilities
Josh Di Frances at LG NOVA_Top down view of startup team Photo by NanoStockk/iStock/Getty Images Plus
What a startup pitch competition shows about IT innovation
Ravi Teja Karri of Froedtert Health on AI
Using AI and ML in predictive analytics for bed demand forecasting
Abstract image of AI brain and technology
ASTP updates HHS AI Use Case Inventory for 2024
Female doctor on laptop smiles at patient in foreground who is taking notes
Report shows overwhelming doctor support for virtual care