Sometimes, developing new policies comes down to putting a foundation under a process that’s already well under way, and perhaps in no sector of healthcare is this truer than in mobile health.  

After all, doctors and other caregivers are as curious about mobile communications technology as the next person, but unlike many other people when they get a new gadget they want to start using it both at home and at work.

According to Ed Ricks, vice president of information services at Beaufort Memorial Hospital, in Beaufort, S.C., that’s essentially how his organization’s bring your own device policy got launched.

“A couple years ago,” he explained, “we noticed that many of our doctors and nurses were texting one another.”  Not surprisingly, their still-informal communications were in clear violation of HIPAA regulations, as none of the information being exchanged was encrypted.

In looking at their options, Ricks said, Beaufort’s IT managers knew they didn’t want to impose control over their staff members’ personal devices.  They just wanted to make sure the same use standards were in place as were already in place with Beaufort’s enterprise-owned devices.

[See also: 'Ethical hacker' calls BYOD a nightmare.]

Moreover, while they knew they needed adequate security protocols to stay clear of HIPAA violations, they didn’t want to make the staff’s workflows any more cumbersome than they already were.

As it turned out, they had an existing relationship with a well-known IT security firm, and they were able to use that relationship to develop an app that providers could download for free onto their own devices, thus ensuring minimal inconvenience while also meeting security requirements.