Healthcare Information Security

Mobile News

4 Key Ways to Overcome Healthcare BYOD Security Challenges

Healthcare organizations must find the right balance between connection and control to lock down their BYOD security approach or entities will pay for it later.

healthcare BYOD security mobile security strategy

Source: Thinkstock

By Bill Kleyman

- Let’s talk about BYOD security and the mobile workforce in the healthcare environment.

We’re seeing it happen every single day. Doctors, nurses, and healthcare workers are either bringing in their own devices, or using corporate-issued devices to go about their day.

Here’s the important note: these aren’t just tools to check one’s email or make a note. Mobile devices are being leveraged to deliver healthcare services and allow users to be a lot more productive.

Unfortunately, the mobile workforce continued to grow – very quickly. This created challenges around managing all of these devices and the data that they process.

Were doctors storing information on their personal devices? Were they sending documents to personal emails? Do you even know if there is PHI data on a personal end-point?

READ MORE: BYOD Security in the Healthcare Setting

The truth is that you’ll find out one way, or another. Either through a breach or if a device gets lost and the associate breaks the bad news to you.

To combat this, we started to employ really strict mobility policies to a point where the entire experience was made worse. This really didn’t work quite well either.

Here’s something to keep in mind as we keep going: If we want to keep an effective and productive healthcare workforce, we need to find a balance between connection and control.

Mobile adoption is still growing

Believe it or not, we’re still growing the amount of mobility adoption happening in our world. A recent survey from Gartner found that mobile device adoption in the workplace is not yet mature.

Although 80 percent of workers surveyed received one or more corporate-issued devices, desktops are still the most popular corporate device among businesses, with more than half of workers receiving corporate-issued desktop PCs.

READ MORE: Top Tips for Mobile Device Security, Keeping ePHI Secure

It’s interesting that we’re seeing devices that are a bridge between mobile computing and traditional laptops/PCs. In fact, Gartner analysts expect that more employees will receive convertible laptops in the next three years, driven by the Windows 10 refresh that can enhance the user experience with touch-based input.

To that extent, mobility and BYOD solutions will only continue to evolve as healthcare organizations find more use-cases and benefits in supporting a mobile workforce.

"BYOD strategies are the most radical change to the economics and the culture of client computing in business in decades," said David Willis, vice president and distinguished analyst at Gartner. "The benefits of BYOD include creating new mobile workforce opportunities, increasing employee satisfaction, and reducing or avoiding costs."

As Gartner points out, BYOD drives innovation for CIOs and the business by increasing the number of mobile application users in the workforce. Rolling out applications throughout the workforce presents myriad new opportunities beyond traditional mobile email and communications. Applications such as time sheets, punch lists, site check-in/check-out, and employee self-service HR applications are just a few examples.

As cool as BYOD and mobile strategies might be, let’s not ignore the elephant in the room: Security.

BYOD and mobility: Lock it down now or pay for it later

READ MORE: How Mobile Healthcare Users Affect the Industry, Data Security

Associates working within a healthcare organization love to be more productive and leverage tools that make their job easier.

From personal experience in working with numerous healthcare organizations, a major tracking point is how much time is spent between the patient and the doctor. Anything that interrupts that workflow is seen as detrimental and very costly.

Surprisingly, this is a reason we sometimes see lax security solutions around mobile devices. But something does need to change.

There was a report from SecureEdge Networks that indicated that 35 percent of workers say they store their work passwords on their smartphone and that 80 percent of all BYOD is completely unmanaged.

Now, that might not be the case for your healthcare organization. But, ask yourself – do you really know what your healthcare workers are storing on their personal devices while on the healthcare network?

It would be very challenging for me to write this and tell you that a robust BYOD or mobility security strategy isn’t going to change anything. It most likely will. But, that change does not have to be drastic. In fact, a good security strategy can actually improve both security and workflow for the healthcare worker.

So, what do these strategies look like? How are healthcare organizations locking down mobility strategies? Consider the following tips:

Detail and document your users, their mobile interactions, and their use-case

What does a mobile workflow look like for one of your employees? What access do they have and to what systems? We’ve done numerous BYOD and mobility projects and it all starts with mapping the user and how they interact with their device. Remember, the goal is to enable users to do more while still wrapping security around the entire session. This step is critical as it helps build two very important profiles: The user profile and the business use-case profile. From there, you can design a mobility workflow that works for everyone.

Design a mobility and BYOD workflow that works and is secure

Now that you clearly understand the users, which apps they’re accessing, and what they do on the network – you can create a workflow that fits. A workflow and BYOD design will have to lock a few things down. This might mean that you limit the kinds of devices that can log on, which OS you’ll support, and even where users are coming in from. The most important piece of advice I can give you here is to build a workflow and BYOD strategy based on context. Within network devices, load-balancers, and even within BYOD management platforms themselves, you’re able to define context based on the use-case of the user and the device. Who are they? Where are they coming in from? What device are they using? What are they accessing? These questions are asked in parallel to ensure the user gets access to what they need, but are still secure.

Leverage EMM/MDM and mobility control technologies to improve user experience while still locking things down

There are powerful tools out there that have been helping all sorts of organizations gain mobility control and efficiency. An example of this kind of service would be Citrix ShareFile Cloud for Healthcare. This kind of solution lets healthcare organizations collaborate with their data both on the premises and in the cloud. Coupled with XenMobile, you’re capable of ensuring compliance while still providing a powerful experience. Now, they’re not the only tool on the block. Others can help integrate with your workflow to allow users access to their most critical resources. That being said, these tools will introduce a new environment, a few new icons, and a new way of doing things. But the beauty of tools like XenMobile is that their entire goal is to make the BYOD process as intuitive as possible. That means integrating with native tools, working with a user’s personal devices, and ensuring secure experiencing, consistently.

Enable network-level visibility, DLP, and data scanning

This is a big one. As healthcare stores and processes more data, we need to know what’s sitting on our networks and what is being copied between folders. For example, we need to be able to see when a doctor copies a file containing PHI from a network folder to a personal device. Network-level security and DLP engines help contain leaks and prevent breaches. Here’s another really cool component: machine learning and user profiling. That is, we’re able to build a profile of our users based on their behavior. That means we can identify risky users before they create a security incident. These tools are able to check where users go, what they click on, how often the access personal resources, and where they move data. High-risk users can then be worked with to ensure they still have a good experience while improving their own security posture.

There are a lot of great strategies out there to create a healthcare BYOD and mobility strategy that works for you.

A big piece of advice is to not do this alone. Leverage vendors and partners to help guide you in the right direction.

This will help you design an ecosystem that works for you, maximizes the amount of interaction that happens between healthcare worker and the patient, and it helps create a platform were mobility is an enabler and not a hinderance.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...