- As you walk through today’s modern hospitals and healthcare environments you’ll notice a very obvious trend, and one that will affect healthcare data security.
Healthcare organizations are revolutionizing patient and health delivery systems by incorporating digitization to accomplish amazing things. The big driver behind this has been the very competitive healthcare industry; and the very IT consumerized consumer.
"Mobility continues to challenge enterprises across a number of fronts led by security, data integration, and device management," said John Jackson, IDC's research vice president for Mobility. "But the prognosis is good if not extremely good when we consider the massive new sources of efficiency and innovation that mobility delivers," he continued.
"Technology suppliers across hardware, software, service, and connectivity markets continue to innovate furiously, to a point where most of the mobility-related challenges identified by enterprise mobility stakeholders are addressable. The near-term future will see attention swing more squarely toward proactive innovation, both around mobility and what comes after it."
When it comes to healthcare, IT consumerization, BYOD, and mobility have certainly had their impacts.
With the digitization of medical records—and even everyday habits—new and individualized healthcare experiences are being born.
A recent Accenture study pointed out that while mobility enables minute-by-minute tracking of health and activities, it’s the platform that captures the data from disparate sources such as wearables, phones and glucometers, and pulls it all together to give a patient and caregiver a holistic and real-time view of the patient’s health.
In fact, the study shows that 54 percent of patients say that the top reason they use mobile phone apps is for health monitoring. Furthermore, 51 percent of physicians are using electronic access to clinical data about a patient who has been seen by a different organization. So, IT consumerization is impacting users at all levels within the healthcare environment.
With all of this in mind, how has IT consumerization affected the modern corporate environment? Are you seeing that many more users bringing in their own devices? Can this be controlled?
Approaching IT consumerization
Doctors, nurses, associates, healthcare contractors, and other professionals are bringing in their devices by the dozens. In fact, from customer experiences, one user may have multiple devices that they want to use in a corporate setting.
For example, users may want to have access through their iPad, smart phone, a PC, and their Mac. Although this example may be a bit extreme, it has happened before.
Fortunately, we’re able to control this type of environment and still deliver a powerful user experience.
The first step with any IT consumerization or BYOD plan is to set a policy. By no means should BYOD translate to a device free-for-all. Rather, the healthcare organization should have set policies as to which devices they wish to support or control.
From a healthcare IT perspective, administrators don’t really want to control the device. They really want to control the data and information that’s being delivered to the device.
This is where user, application and desktop virtualization can really help. By controlling user settings and environment details, we’re able to deliver a powerful computing experience across any device or OS. The administrator is only controlling the client that gets deployed to the end-point.
From there, everything is centrally managed. As mentioned earlier, end-point scans can tell administrators whether the given device is patched and has an AV engine running. A combination of the right technologies and policies can make BYOD and IT consumerization a very manageable experience.
A great customer example would be the use of BYOD devices within the medical environment. The administrator will only deploy an agent (or in some cases work with agentless interrogation technologies) to the end-point and allow them to connect into the environment.
Depending on the device and delivery mechanism, the data and information isn’t actually going to be stored at the end-point, rather, it’s centralized at the data center. In conducting such a deployment, we’re able to not only centralize the workload, but we centralize the user layer as well. This allows administrators to continue to provide desktops, applications and information to the end-user while still maintaining granular control.
These scenarios incorporate application virtualization, VDI, and the delivery of mobile apps.
Obviously, managing the data that’s outgoing and incoming is very important. Data loss is a huge concern for healthcare organizations deploying a BYOD initiative.
New data monitoring technologies allow organizations to scan the type of data being brought in and sent out at any given time. For example, by conducting an end-point scan, we can see if the end-point is secure enough to access a certain type of application.
Another example can be while onsite at the business, a network rule can be to disable the use of USB devices in personal devices.
Finally, using application and data control platforms, and depending on the type of device accessing the network, administrators can actually gray out entire sections and menu items from an application, thereby preventing unauthorized copying, saving or distributing of sensitive data.
During some deployments, security requests have been extended to the end-point as well. This means we can disable the use of USB devices or other hardware peripherals from accessing certain applications or data points.
How IT consumerization has impacted security overall
From a security perspective, these are good best practices to go along with an IT consumerization project:
- Utilize end-point scanning and interrogation technologies
- Limit the number and types of devices
- Set BYOD policies – just like computer usage policies
- Control the user and their experience – not so much the hardware
- Have ACLs in place
- Have visibility into the data layer
- New file sharing solutions incorporate DLP and even watermarks on data
There are, of course, numerous other healthcare data security best practices to consider. However, the most important point is to not over-complicate the environment.
Separate the user and the hardware layer and focus on the data that’s being transmitted. Also, the user has to be informed of the BYOD policy. Although they’re using personal devices, they are still potentially accessing healthcare data and can be held responsible for their actions.