In 2012, the Massachusetts Ear and Eye Infirmary was hit with a $1.5 million fine when they lost control of a mobile device containing sensitive medical records of its patients. By no means was the other side of the nation immune: Alaska's public health network was ordered to pay up for a similar data breach.

Instances of healthcare organizations being dinged for failing to keep a tight enough of a lid on patient records have been racking up over the past few years. Combine that with the increasing prevalence of mobile devices in healthcare and the large sector of the industry clamoring for BYOD, and many organizations are seemingly faced with a lose-lose situation where either staff are happy and enabled to work more efficiently, but prone to costly and dangerous data leaks. So it would seem, at least.

Ryan Kalember, CPO at WatchDox, says there are steps any organization can take to safeguard communications, records and devices. BYOD need not be a gateway to insecure data. He discusses three points a secure communications strategy needs to have below.

1.  Focus on a document's history.

Remember paper files? A doctor typed something up and maybe made a copy or two. One went here; another went there. They were certainly not immune to tampering or theft. Worse, when changes were made to one version, it could be a massive undertaking to find and revise all other copies of a file.

As documentation turns from marks on paper to bits on a drive, that issue persists. "The proliferation of mobile devices has fundamentally changed how people interact with documents," says Kalember. He notes that due to the fluidity of digital files, it is easy to change, copy, delete and annotate things, but their digital nature provides for a little more control. "Most of those documents are pretty dumb," he says. "They don't have a very good idea of what should be done with them. They don't know what other versions of themselves exist out there. They're just documents." The response to this, according to Kalember, is to implement a management system where documents are able to remain synchronized, have permissions built in to them, and keep track of who has accessed and edited them. 

2.  Encryption is key.

If there is one thing that's certain in the safety of an electronic system, it's that nothing is perfect and that taking steps to protect data is paramount. It can be tough medicine to swallow: data will get lost or stolen. IPads and USB drives are going to be left on busses and passwords will be swiped. Should any of these "unthinkables" happen (and they do, all the time), Kalember says that being prepared is what counts. He notes that "the fines then are starting to develop a theme: doesn't matter where the device goes, if the data is unencrypted and unprotected, this is a massive HIPAA violation."