- As more covered entities consider implementing BYOD policies, mobile device security policies need to be comprehensive and applicable to daily operations. All staff members should be able to integrate and use devices in a way without hindering patient care, while also keeping patient data secure.
Results from a recent survey though indicates that hospitals are not confident in their mobile device security measures, and that PHI security could be at risk with as cybersecurity attacks continue to evolve.
The Spyglass Point of Care Communications for Nursing 2016 survey found that 82 percent of respondents had grave concerns about their ability to support and protect mobile devices, patient data, and the hospital’s technology infrastructure as a result of the growing threat of cybersecurity attacks.
Spyglass interviewed more than 100 IT and healthcare professionals “who are technically competent and representative of a broad range of medical specialties, organization types, and organization sizes.”
Surveyed hospitals said they were worried about personally owned mobile devices, as well as hospital-owned and managed devices.
“Despite increased investments in mobile device management solutions and secure text messaging solutions, cybercriminals have become more sophisticated and knowledgeable about the capabilities and vulnerabilities of existing security products, and the strategies and tools used by hospital IT to detect a potential intrusion,” Spyglass Consulting Group Founder and Managing Director Gregg Malkary said in a statement.
More hospitals seem willing to invest in mobile device security measures, according to the survey. Specifically, 71 percent of respondent said that mobile communications is an emerging investment priority, largely fed by patient centered care models and value‐based purchasing adoption.
Thirty-eight percent of those surveyed also reported that their organization had invested in a smartphone‐based communications platform, with an average deployment of 642 devices. Furthermore, 52 percent added that they had expanded beyond clinical messaging so other mobile hospital workers could be involved.
BYOD security and privacy concerns are not new issues in the healthcare industry, as a 2015 Spok survey found that 88 percent of respondents in 2014 reported using a BYOD policy, while only 73 percent of respondents did so the following year.
The survey also showed that 81 percent of those who do not have BYOD policy in place report that it’s primarily due to the importance of health data security. Even so, the majority of those surveyed - 62 percent - said that having a BYOD policy is the biggest challenge when it comes to personal device use.
Similarly, a Bitglass report from last year also showed that BYOD privacy concerns could make end users and IT administrators hesitant to implement such policies.
In fact, 40 percent of security administrators said they chose not to participate in the same mobile policies that they enforce for their company. Sixty percent of IT professionals and regular employees said they would participate in a BYOD program if their employer was able to protect corporate data but could not view, alter or delete personal data and applications.
“Users want the ability to work from anywhere, at any time and from any device,” the report’s authors wrote. “But they also fear ‘big brother’ snooping into their personal applications, which is why they are revolting against BYOD programs en masse.”
Additionally, 64 percent said they would not participate in a work BYOD program if their employer can wipe their personal mobile device to protect their proprietary information if they leave the organization.